Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC running a bit sluggish FRST logs included


  • Please log in to reply
20 replies to this topic

#1 TheSentinel

TheSentinel

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 16 February 2016 - 03:52 PM

Is there anything I can clean up?
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by CMPDOWNEY (administrator) on ADMINPC (16-02-2016 12:42:16)
Running from C:\FRST
Loaded Profiles: CMPDOWNEY (Available Profiles: CMPDOWNEY)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(MySoftware, Inc.) C:\Program Files (x86)\Common Files\MySoftware\Newsflsh.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\n360.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\ProgramData\CMS\CMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-05] (Realtek Semiconductor)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [636520 2012-02-06] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [DLSService] => "C:\Program Files\DYMO\DYMO Label Software\DLSService.exe"
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3774776 2014-01-16] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1249297947-423921045-933663465-1000\...\RunOnce: [Uninstall C:\Users\CMPDOWNEY\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\CMPDOWNEY\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64"
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2013-07-24]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MySoftware NewsFlash.lnk [2015-04-07]
ShortcutTarget: MySoftware NewsFlash.lnk -> C:\Program Files (x86)\Common Files\MySoftware\Newsflsh.exe (MySoftware, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2013-07-24]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2013-07-24]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\CMPDOWNEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2015-12-14]
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\CMPDOWNEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - Admin-Printer (HP Officejet Pro 8600).lnk [2016-02-16]
ShortcutTarget: Monitor Ink Alerts - Admin-Printer (HP Officejet Pro 8600).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\CMPDOWNEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-04-23]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\CMPDOWNEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-03-13]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{97ED4836-916E-42A4-A390-024B76AD4981}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{97ED4836-916E-42A4-A390-024B76AD4981}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{A6EC7A4D-DB5F-4BE8-9C42-E3BA74877A92}: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1249297947-423921045-933663465-1000 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-01-21] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-21] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-01-21] (Microsoft Corporation)
BHO-x32: Cartwheel Shopping -> {B50DF051-E1D4-439C-B94E-F4DE82B56542} -> C:\Users\CMPDOWNEY\AppData\Roaming\Cartwheel\Cartwheel.dll [2014-04-10] (Cartwheel, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1249297947-423921045-933663465-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2014-01-16] (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: osf-roaming - {C57E9882-B128-4E07-BA2D-FF83B8989C76} - C:\Users\CMPDOWNEY\Microsoft Office 15\root\Office15\MSOSB.DLL [2013-12-12] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2011-01-28] ( Sanford L.P.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-14] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1249297947-423921045-933663465-1000: @microsoft.com/Office on Demand;version=1 -> C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll [2012-11-10] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon [2016-01-13]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon
 
Chrome: 
=======
CHR Profile: C:\Users\CMPDOWNEY\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\CMPDOWNEY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-17]
CHR Extension: (Norton Security Toolbar) - C:\Users\CMPDOWNEY\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-01-30]
CHR Extension: (Norton Identity Safe) - C:\Users\CMPDOWNEY\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-01-17]
CHR Extension: (Taplika New Tab) - C:\Users\CMPDOWNEY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn [2015-01-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\CMPDOWNEY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-16]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-30]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1249297947-423921045-933663465-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-30]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
S4 DymoPnpService; C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.)
R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\N360.exe [282016 2015-11-20] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S4 Northern Themes Service; C:\Users\CMPDOWNEY\AppData\NTSFile\NTS.exe [228352 2014-11-17] (NTS Co., Ltd.") [File not signed]
S4 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-01-16] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2013-03-11] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-03-11] (Intuit Inc.) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe [377088 2012-04-30] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [455424 2012-04-30] (Ralink Technology, Corp.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\BASHDefs\20160125.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605050.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\IPSDefs\20160207.001\IDSvia64.sys [767224 2015-12-04] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\VirusDefs\20160209.002\ENG64.SYS [138488 2015-10-27] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\VirusDefs\20160209.002\EX64.SYS [2148080 2015-10-27] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605050.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605050.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-13 17:07 - 2016-02-13 17:33 - 00000000 ____D C:\Users\CMPDOWNEY\Documents\clinica medica lares
2016-02-10 11:17 - 2016-02-06 02:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-10 11:17 - 2016-02-06 02:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-10 11:17 - 2016-02-06 02:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-10 11:17 - 2016-02-06 02:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-10 11:17 - 2016-02-06 02:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-10 11:17 - 2016-02-06 02:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-10 11:17 - 2016-02-06 01:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-10 11:17 - 2016-02-06 01:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-10 11:17 - 2016-02-06 01:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-10 11:17 - 2016-02-06 01:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-10 11:17 - 2016-02-06 01:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-10 11:17 - 2016-02-06 01:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-10 11:17 - 2016-02-06 01:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-10 11:17 - 2016-02-06 00:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-10 11:17 - 2016-01-16 11:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-10 11:17 - 2016-01-16 10:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-10 11:17 - 2016-01-11 06:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-10 11:17 - 2016-01-11 06:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-10 11:17 - 2016-01-11 06:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-10 11:17 - 2016-01-11 06:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-10 11:17 - 2016-01-11 06:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-10 11:17 - 2016-01-06 11:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-10 11:17 - 2016-01-06 11:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-10 11:17 - 2016-01-06 10:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-10 11:16 - 2016-01-22 12:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-10 11:16 - 2016-01-22 12:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-10 11:16 - 2016-01-21 22:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-10 11:16 - 2016-01-21 22:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-10 11:16 - 2016-01-21 22:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-10 11:16 - 2016-01-21 22:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-10 11:16 - 2016-01-21 22:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-10 11:16 - 2016-01-21 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-10 11:16 - 2016-01-21 22:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-10 11:16 - 2016-01-21 22:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-10 11:16 - 2016-01-21 22:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-10 11:16 - 2016-01-21 22:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-10 11:16 - 2016-01-21 22:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-10 11:16 - 2016-01-21 22:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-10 11:16 - 2016-01-21 22:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-10 11:16 - 2016-01-21 22:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-10 11:16 - 2016-01-21 22:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-10 11:16 - 2016-01-21 22:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-10 11:16 - 2016-01-21 22:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-10 11:16 - 2016-01-21 22:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-10 11:16 - 2016-01-21 22:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-10 11:16 - 2016-01-21 22:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-10 11:16 - 2016-01-21 22:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-10 11:16 - 2016-01-21 22:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-10 11:16 - 2016-01-21 22:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-10 11:16 - 2016-01-21 22:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-10 11:16 - 2016-01-21 22:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-10 11:16 - 2016-01-21 21:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-10 11:16 - 2016-01-21 21:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-10 11:16 - 2016-01-21 21:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-10 11:16 - 2016-01-21 21:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-10 11:16 - 2016-01-21 21:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-10 11:16 - 2016-01-21 21:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-10 11:16 - 2016-01-21 21:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-10 11:16 - 2016-01-21 21:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-10 11:16 - 2016-01-21 21:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-10 11:16 - 2016-01-21 21:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-10 11:16 - 2016-01-21 21:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-10 11:16 - 2016-01-21 21:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-10 11:16 - 2016-01-21 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-10 11:16 - 2016-01-21 21:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-10 11:16 - 2016-01-21 21:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-10 11:16 - 2016-01-21 21:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-10 11:16 - 2016-01-21 21:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-10 11:16 - 2016-01-21 21:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-10 11:16 - 2016-01-21 21:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-10 11:16 - 2016-01-21 21:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-10 11:16 - 2016-01-21 21:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-10 11:16 - 2016-01-21 21:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-10 11:16 - 2016-01-21 21:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-10 11:16 - 2016-01-21 21:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-10 11:16 - 2016-01-21 21:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-10 11:15 - 2016-01-11 11:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-10 11:15 - 2016-01-11 11:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-10 11:15 - 2016-01-11 11:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-10 11:15 - 2016-01-11 10:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-10 11:15 - 2016-01-11 10:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-10 11:15 - 2016-01-11 10:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-10 11:15 - 2016-01-11 10:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-10 11:15 - 2016-01-11 10:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-10 11:15 - 2016-01-11 10:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-10 11:15 - 2016-01-11 10:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-10 11:15 - 2016-01-11 10:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-10 11:15 - 2016-01-11 10:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-10 11:15 - 2016-01-11 10:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-10 11:15 - 2016-01-11 10:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-10 11:15 - 2016-01-11 10:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-10 11:15 - 2016-01-11 10:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-10 11:15 - 2016-01-07 09:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-10 11:14 - 2016-01-16 11:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-10 11:14 - 2016-01-16 10:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-10 11:14 - 2016-01-07 09:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-10 11:14 - 2015-12-20 10:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-10 11:14 - 2015-12-20 10:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-02-10 11:14 - 2015-12-20 06:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-10 11:12 - 2016-01-21 22:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-10 11:12 - 2016-01-21 22:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-10 11:12 - 2016-01-21 22:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-10 11:12 - 2016-01-21 22:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-10 11:12 - 2016-01-21 22:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-10 11:12 - 2016-01-21 22:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-10 11:12 - 2016-01-21 22:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-10 11:12 - 2016-01-21 22:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-10 11:12 - 2016-01-21 22:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-10 11:12 - 2016-01-21 22:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-10 11:12 - 2016-01-21 22:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-10 11:12 - 2016-01-21 22:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-10 11:12 - 2016-01-21 22:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-10 11:12 - 2016-01-21 22:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-10 11:12 - 2016-01-21 22:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-10 11:12 - 2016-01-21 22:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-10 11:12 - 2016-01-21 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-10 11:12 - 2016-01-21 22:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-10 11:12 - 2016-01-21 22:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-10 11:12 - 2016-01-21 22:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-10 11:12 - 2016-01-21 22:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-10 11:12 - 2016-01-21 22:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-10 11:12 - 2016-01-21 22:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-10 11:12 - 2016-01-21 22:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-10 11:12 - 2016-01-21 22:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-10 11:12 - 2016-01-21 22:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-10 11:12 - 2016-01-21 22:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-10 11:12 - 2016-01-21 22:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-10 11:12 - 2016-01-21 22:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-10 11:12 - 2016-01-21 22:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-10 11:12 - 2016-01-21 22:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-10 11:12 - 2016-01-21 22:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-10 11:12 - 2016-01-21 22:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-10 11:12 - 2016-01-21 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 11:12 - 2016-01-21 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 11:12 - 2016-01-21 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 11:12 - 2016-01-21 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 11:12 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 11:12 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 11:12 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 11:12 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 11:12 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-10 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-10 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 11:12 - 2016-01-21 22:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-10 11:12 - 2016-01-21 22:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-10 11:12 - 2016-01-21 22:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-10 11:12 - 2016-01-21 22:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-10 11:12 - 2016-01-21 22:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-10 11:12 - 2016-01-21 22:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-10 11:12 - 2016-01-21 22:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-10 11:12 - 2016-01-21 22:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-10 11:12 - 2016-01-21 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-10 11:12 - 2016-01-21 22:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-10 11:12 - 2016-01-21 22:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-10 11:12 - 2016-01-21 22:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-10 11:12 - 2016-01-21 22:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-10 11:12 - 2016-01-21 22:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-10 11:12 - 2016-01-21 22:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-10 11:12 - 2016-01-21 22:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-10 11:12 - 2016-01-21 22:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-10 11:12 - 2016-01-21 22:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-10 11:12 - 2016-01-21 21:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-10 11:12 - 2016-01-21 21:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-10 11:12 - 2016-01-21 21:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 11:12 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 11:12 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 11:12 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 11:12 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 11:12 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 11:12 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 11:12 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 11:12 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 11:12 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-10 11:12 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 11:12 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 11:12 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 11:12 - 2016-01-21 21:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-10 11:12 - 2016-01-21 21:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-10 11:12 - 2016-01-21 21:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-10 11:12 - 2016-01-21 21:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-10 11:12 - 2016-01-21 20:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-10 11:12 - 2016-01-21 20:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-10 11:12 - 2016-01-21 20:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-10 11:12 - 2016-01-21 20:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-10 11:12 - 2016-01-21 20:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-10 11:12 - 2016-01-21 20:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-10 11:12 - 2016-01-21 20:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-10 11:11 - 2016-01-21 22:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-10 11:11 - 2016-01-21 22:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-10 11:11 - 2016-01-21 22:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-10 11:11 - 2016-01-21 22:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-10 11:11 - 2016-01-21 22:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-10 11:11 - 2016-01-21 22:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-10 11:11 - 2016-01-21 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 11:11 - 2016-01-21 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 11:11 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 11:11 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 11:11 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-10 11:11 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 11:11 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 11:11 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 11:11 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 11:11 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 11:11 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 11:11 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-10 11:11 - 2016-01-21 22:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-10 11:11 - 2016-01-21 22:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-10 11:11 - 2016-01-21 21:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-10 11:11 - 2016-01-21 21:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-10 11:11 - 2016-01-21 21:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-10 11:11 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 11:11 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 11:11 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 11:11 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-10 11:11 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 11:11 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 11:11 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 11:11 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 11:11 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 11:11 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-10 11:11 - 2016-01-21 20:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-10 11:11 - 2016-01-21 20:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-10 11:11 - 2016-01-21 20:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-10 11:11 - 2016-01-21 20:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-10 11:11 - 2016-01-21 20:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 11:11 - 2016-01-21 20:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 11:11 - 2016-01-21 20:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-10 11:09 - 2016-01-21 22:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-10 11:09 - 2016-01-21 22:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-10 11:09 - 2016-01-21 22:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-10 11:09 - 2016-01-21 22:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-10 11:09 - 2016-01-21 22:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-10 11:09 - 2016-01-21 21:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-10 11:09 - 2016-01-21 21:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-10 11:09 - 2016-01-21 21:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-01-29 13:32 - 2016-01-29 13:32 - 00003550 _____ C:\Windows\System32\Tasks\HP AR Program Upload - 76991d3153aa4807b7129c443d6d7322c16aa735fb2e4b1e88527fa78d476060
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-16 12:44 - 2013-12-19 12:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-16 12:43 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-16 12:43 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-16 12:42 - 2015-01-09 12:37 - 00000000 ____D C:\FRST
2016-02-16 12:05 - 2013-12-19 12:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-16 10:04 - 2015-12-03 11:53 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-02-16 10:04 - 2015-10-16 14:38 - 00000000 ____D C:\ProgramData\CMS
2016-02-16 10:01 - 2013-12-19 12:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-16 10:00 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-13 17:35 - 2009-07-13 21:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-13 17:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-02-12 12:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-02-12 10:43 - 2009-07-13 20:45 - 00526904 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-12 10:40 - 2014-12-13 09:25 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-12 10:40 - 2014-05-07 02:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-12 10:40 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 16:42 - 2013-08-15 02:01 - 00000000 ____D C:\Windows\system32\MRT
2016-02-10 16:31 - 2013-04-24 02:36 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-09 12:44 - 2013-12-19 12:16 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-09 12:44 - 2012-04-12 23:11 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-09 12:44 - 2012-04-12 23:11 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-05 10:37 - 2014-06-03 08:38 - 00003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1387477410
2016-02-05 10:37 - 2013-12-19 10:23 - 00000000 ____D C:\Program Files (x86)\Opera
2016-01-30 10:38 - 2014-02-10 17:44 - 00014848 ___SH C:\Users\CMPDOWNEY\Documents\Thumbs.db
2016-01-21 10:41 - 2013-12-31 10:12 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-21 10:35 - 2013-12-31 09:54 - 00000000 ____D C:\Program Files\Microsoft Office 15
 
==================== Files in the root of some directories =======
 
2013-05-01 10:30 - 2013-05-01 10:30 - 0031815 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
2014-09-01 00:18 - 2015-06-19 12:19 - 0000365 _____ () C:\Users\CMPDOWNEY\AppData\Roaming\HIIRVLCX
2015-01-05 13:20 - 2015-01-05 13:20 - 0000064 _____ () C:\Users\CMPDOWNEY\AppData\Local\f3d14eee4203fec63d37663bd9783c74
2013-05-01 11:39 - 2013-05-01 11:39 - 0000600 _____ () C:\Users\CMPDOWNEY\AppData\Local\PUTTY.RND
2014-01-04 12:10 - 2014-01-04 12:10 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-10 15:11
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by CMPDOWNEY (2016-02-16 12:44:26)
Running from C:\FRST
Windows 7 Home Premium Service Pack 1 (X64) (2013-04-18 22:18:57)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1249297947-423921045-933663465-500 - Administrator - Disabled)
CMPDOWNEY (S-1-5-21-1249297947-423921045-933663465-1000 - Administrator - Enabled) => C:\Users\CMPDOWNEY
Guest (S-1-5-21-1249297947-423921045-933663465-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1249297947-423921045-933663465-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 Premier (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Premier (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Brother MFL-Pro Suite MFC-7360N (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Brother MFL-Pro Suite MFC-J615W (HKLM-x32\...\{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}) (Version: 1.0.4.0 - Brother Industries, Ltd.)
Cartwheel Shopping (HKLM-x32\...\{63E29D1A-D6B5-4295-BFAC-967606232411}_is1) (Version: 1.10.0.2222 - Cartwheel, Inc.)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CMS (HKLM\...\{A46B6359-3736-4AA8-966B-FD29366DE896}) (Version: 10.49.08 -  )
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1720_38230 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3313.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.3.0.1242 - Sanford, L.P.)
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.1.2 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.1.2 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.04.3506 - Gateway Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3510 - Gateway Incorporated)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Gateway Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2598 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java Runtime and Options (HKLM\...\Java_Runtime_and_Options) (Version: 1.0 - Java Runtime)
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4787.1002 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office on Demand Browser Add-ons (HKU\S-1-5-21-1249297947-423921045-933663465-1000\...\Microsoft Office on Demand Browser Add-ons) (Version: 15.0.4551.1011 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1249297947-423921045-933663465-1000\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyDataBase (HKLM-x32\...\{AB856C83-7CA0-4EB5-8D86-792B29EB4A10}) (Version:  - )
MySoftware Fonts (HKLM-x32\...\{6C6F0968-2B86-42B4-AF34-46A5F06E8FA4}) (Version:  - )
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.11100.9.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.6.10300 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{68AFA3A7-9265-4ABD-994A-ACA413E3715C}) (Version: 10.6.10400 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10600.4.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
NETGEAR WNDA4100 Genie (HKLM-x32\...\InstallShield_{422FB885-2E3D-4F0C-8C47-BF4336B5318B}) (Version: 1.2.0.2 - NETGEAR)
NETGEAR WNDA4100 Genie (x32 Version: 1.2.0.2 - NETGEAR) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
Norton 360 Premier (HKLM-x32\...\N360) (Version: 22.5.5.15 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
OneSoftPerDay 025.502 (HKLM-x32\...\ospd_us_502_is1) (Version:  - ONESOFTPERDAY) <==== ATTENTION
Opera Stable 35.0.2066.37 (HKLM-x32\...\Opera 35.0.2066.37) (Version: 35.0.2066.37 - Opera Software)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
QuickBooks (x32 Version: 23.0.4012.2305 - Intuit Inc.) Hidden
QuickBooks Pro 2013 (HKLM-x32\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4006.2305 - Intuit Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6521 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Stamps.com Internet Postage (HKLM-x32\...\Stamps.com Internet Postage) (Version:  - )
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3507 - Gateway Incorporated)
WildTangent Games App (Gateway Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WSE_Taplika (HKLM-x32\...\WSE_Taplika) (Version:  - WSE_Taplika) <==== ATTENTION
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1100DCF3-AFC5-4547-9468-7BA62816055D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {2490B492-201C-4627-9B22-E6AB567BB437} - System32\Tasks\HP AR Program Upload - 777eb9c7dc1a4a1fa5e6fd739d4d354b1b7614c5dca04d9fab898556a842c651 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {2F53F779-4828-48E8-9CD8-5022E8DEBF1C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\WSCStub.exe [2016-01-06] (Symantec Corporation)
Task: {48F96598-1963-4A41-8298-F6C2FCA88043} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {495B5AC0-ADF4-4610-A697-C6B2EDF8032E} - System32\Tasks\HP AR Program Upload - 071ad1079abd4673a02885e6c7b8fd3866869abf7e1f427da068fb797656726f => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {4D13C5DD-8812-4837-B8B3-3C3E9F6D4E0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-19] (Google Inc.)
Task: {5AEBEB25-33A3-499C-98C7-618767E407F3} - System32\Tasks\UALU notificatin => C:\Program Files\Gateway\Gateway Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {64309E79-BD68-46B2-B6C1-D97BECE99365} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {6662A43C-3F3E-4C74-9F81-090F07C26EE7} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {6E66B604-B2D1-4EB8-84DB-2F2AF967FD25} - System32\Tasks\{B1A986D5-F261-46E7-91B0-3719203DEEDE} => C:\Program Files\DYMO\DYMO Label Software\DLS.exe [2011-01-28] (Sanford, L.P.)
Task: {7F6837AD-A1AD-4EF4-8F68-759378D7240F} - System32\Tasks\HP AR Program Upload - 54378ee13fe649539dfb0f67ad20c105f300e1f6b7cf4cc4b9436ef78d3653ac => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {9464A09C-8942-4B66-A8C4-963817741B6F} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {972EE5ED-8FBF-46D2-876D-2828946DDA5C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-19] (Google Inc.)
Task: {9D170456-6786-4C87-889A-D7FEC13F077C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {A82E0949-8F3A-471F-8214-5E1098E7A241} - System32\Tasks\NBAgent => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2012-01-16] (Nero AG)
Task: {A94B5778-059B-4CDF-B6E2-A572396EF7FA} - System32\Tasks\HP AR Program Upload - 4deb26be257c495ea227401aff5c2e483cc87721b3a84f33ac96b445bdb93348 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {B55EDE58-FEE4-4C10-80A8-4772F330CCB7} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 Premier\Upgrade.exe [2016-01-06] (Symantec Corporation)
Task: {BF4E9299-40C9-4DF9-8B5D-A8D86332E844} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink)
Task: {CCE0EEBF-1C2F-4E14-8956-AE910EBD842C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09] (Adobe Systems Incorporated)
Task: {CFF2E70D-849E-486B-A398-BF9A972DC211} - System32\Tasks\HP AR Program Upload - 76991d3153aa4807b7129c443d6d7322c16aa735fb2e4b1e88527fa78d476060 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {DB14F7F2-81DD-4FD5-AAC1-C48B3F6F55B7} - System32\Tasks\Opera scheduled Autoupdate 1387477410 => C:\Program Files (x86)\Opera\launcher.exe [2016-02-01] (Opera Software)
Task: {DD9BA72A-DFD6-46FF-A753-8CBA5F078405} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-01-21] (Microsoft Corporation)
Task: {ED56C3F4-2384-4FA2-92EA-317B99DFB2B8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {FF055410-8CBD-45A0-A05D-8D25603F5F12} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Public\Desktop\Netflix.lnk -> C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe () -> hxxp://homepage.gateway.com/redirect.aspx?rid=09000002
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-28 08:27 - 2015-09-01 08:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-29 08:54 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-04-12 23:30 - 2011-12-14 22:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-02-06 18:17 - 2012-02-06 18:17 - 00636520 _____ () C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
2015-05-21 10:36 - 2015-05-21 10:36 - 02914304 _____ () C:\ProgramData\CMS\CMS.exe
2012-02-06 18:18 - 2012-02-06 18:18 - 00151656 _____ () C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll
2013-04-23 16:04 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-11-22 09:20 - 2014-11-22 09:20 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2016-02-12 11:35 - 2016-02-12 11:35 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\517f6ac3a3d9fbdb4380859f99108c77\IsdiInterop.ni.dll
2013-01-09 16:34 - 2010-09-13 18:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-01-09 16:48 - 2012-02-07 01:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-05-21 10:36 - 2015-05-21 10:36 - 00395264 _____ () C:\ProgramData\CMS\capricorn.dll
2015-05-21 10:36 - 2015-05-21 10:36 - 05636608 _____ () C:\ProgramData\CMS\DRA.dll
2015-05-21 10:36 - 2015-05-21 10:36 - 00322048 _____ () C:\ProgramData\CMS\glew32.dll
2014-12-12 15:07 - 2014-12-05 17:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 15:07 - 2014-12-05 17:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 15:07 - 2014-12-05 17:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 15:07 - 2014-12-05 17:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2015-09-16 09:34 - 2015-07-13 09:14 - 16307888 _____ () C:\Users\CMPDOWNEY\AppData\Local\Google\Chrome\User Data\PepperFlash\18.0.0.209\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1249297947-423921045-933663465-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\CMPDOWNEY\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: DymoPnpService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: InboxAce_1gService => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: Northern Themes Service => 2
MSCONFIG\Services: PDFProFiltSrvPP => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SWUpdater => 2
MSCONFIG\Services: YRuXhArpo => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNDA4100 Genie.lnk => C:\Windows\pss\NETGEAR WNDA4100 Genie.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^CMPDOWNEY^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^StormWatch.lnk => C:\Windows\pss\StormWatch.lnk.Startup
MSCONFIG\startupfolder: C:^Users^CMPDOWNEY^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^StormWatchApp.lnk => C:\Windows\pss\StormWatchApp.lnk.Startup
MSCONFIG\startupreg: Boost => C:\Program Files (x86)\Boost\Boost.exe
MSCONFIG\startupreg: InboxAce Home Page Guard 64 bit => "C:\PROGRA~2\INBOXA~2\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: InboxAce_1g Browser Plugin Loader => C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbrmon.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
MSCONFIG\startupreg: PDFHook => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
MSCONFIG\startupreg: PPort12reminder => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
MSCONFIG\startupreg: Super Optimizer => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{30BABAF8-4415-4497-BF25-8324A1DA3DC5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7633668C-F93A-48B7-902F-0CD605FB26C1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C7E024B7-45C4-4039-9903-A2979BEEFF68}] => (Allow) LPort=2869
FirewallRules: [{3ADF060C-D9A1-40D3-961A-E8080CE0C7CE}] => (Allow) LPort=1900
FirewallRules: [{EE95D009-AF0D-49F6-B00C-9C4421C89F17}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9189C207-3756-473D-8EFF-390AFC51C517}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{E89D4B39-CEFA-46AD-BEC7-D957744980DC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{429925B4-A526-4DA1-A368-F757243BDB89}] => (Allow) C:\Users\CMPDOWNEY\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{49C65331-EBD4-48D2-9357-5937E8645672}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{70815E05-E873-4C9D-8B28-C3086456CFD8}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{FFAB6F85-C85B-4A06-BB64-D8B7AB540F58}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{126EEC16-BAC1-4D9A-BC34-F6F37BCFA311}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{E810F5E3-6F5E-4613-8BDC-74376847F699}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{FD497B2E-4BAC-41CA-A4B5-84C5FC7C9E65}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{622EF371-A74A-4AF4-885F-2C6DEE122994}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{CC26489A-EDFC-4A7F-911C-86EC5BD5169B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
12-01-2016 12:05:40 Scheduled Checkpoint
12-01-2016 17:50:40 Windows Update
25-01-2016 13:19:57 Scheduled Checkpoint
06-02-2016 12:12:14 Scheduled Checkpoint
10-02-2016 10:59:05 Windows Update
10-02-2016 16:06:50 Windows Update
16-02-2016 10:07:21 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/16/2016 12:40:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (02/16/2016 10:01:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/15/2016 02:08:51 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2013":
PrintCheck returned failure result
 
Error: (02/15/2016 10:45:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/13/2016 05:33:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/13/2016 11:04:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/12/2016 10:47:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/12/2016 10:44:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/10/2016 03:44:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program opera.exe version 35.0.2066.37 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 6d8
 
Start Time: 01d16433135af0d6
 
Termination Time: 210
 
Application Path: C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
 
Report Id: 2a40ce57-d050-11e5-b35c-c89cdcec3d46
 
Error: (02/10/2016 10:19:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (02/16/2016 10:02:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (02/16/2016 10:02:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/15/2016 03:50:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (02/15/2016 03:50:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (02/15/2016 03:49:27 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (02/15/2016 03:49:27 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (02/15/2016 03:44:52 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (02/15/2016 03:44:52 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (02/15/2016 02:40:13 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (02/15/2016 02:40:13 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU G460 @ 1.80GHz
Percentage of memory in use: 90%
Total physical RAM: 1992 MB
Available physical RAM: 182.28 MB
Total Virtual: 3984.01 MB
Available Virtual: 574.06 MB
 
==================== Drives ================================
 
Drive c: (Gateway) (Fixed) (Total:445.66 GB) (Free:369.69 GB) NTFS
Drive h: (My Book) (Fixed) (Total:2794.49 GB) (Free:2794.01 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2E473BE7)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=445.7 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 4.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 16 February 2016 - 06:50 PM

Hello TheSentinel and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
     
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
Sincerely
:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 TheSentinel

TheSentinel
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 16 February 2016 - 06:51 PM

I'll hang tight, thank you.



#4 TheSentinel

TheSentinel
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 16 February 2016 - 08:12 PM

Heading off for today, I'll be back at the trouble PC tomorrow.



#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 16 February 2016 - 08:18 PM

Hi again,

 

Please do the following,

 

Uninstall some programs:
We need to uninstall some unwanted/unneeded programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

 

Super Optimizer
Norton Online Backup
OneSoftPerDay 025.502 (HKLM-x32\...\ospd_us_502_is1) (Version:  - ONESOFTPERDAY) <==== ATTENTION
WSE_Taplika (HKLM-x32\...\WSE_Taplika) (Version:  - WSE_Taplika) <==== ATTENTION

 

After completing uninstalls, please manually reboot your machine!

:step1:    If you get the message like: An error occurred while trying to uninstall, just press Yes.
:step2:    If you are unable to uninstall all programs, please inform me, but continue with other steps.

 

 

Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 TheSentinel

TheSentinel
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 17 February 2016 - 04:16 PM

Super Optimizer - Couldn't find in the program list
OneSoftPerDay 025.502 - Error message ""...\Program Files (x86)\ospd_us_502\unins000.msg" missing" when trying to uninstall

 

Report from Zemana:

 

Zemana AntiMalware 2.19.179.852 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/2/17
Operating System       : Windows 7 64-bit
Processor              : 2X Intel® Celeron® CPU G460 @ 1.80GHz
BIOS Mode              : Legacy
CUID                   : 000968134EA3914FBA3DB1
Scan Type              : Smart Scan
Duration               : 2m 55s
Scanned Objects        : 10817
Detected Objects       : 3
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : No
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
Taplika New Tab
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\lfkjojacgdjkninepeghaamnapdjmlfn
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA.ChromeExt!Gr
Cleaning Action    : Repair
Traces             :
                Browser Extension - Taplika New Tab
 
OffercastInstaller_AVR_U-0113-01-P_.exe
Status             : Scanned
Object             : %userprofile%\downloads\offercastinstaller_avr_u-0113-01-p_.exe
MD5                : 302DD0119A39F3E726721BC6D82E29A4
Publisher          : Ask.com
Size               : 1035696
Version            : 2.8.1.0
Detection          : Adware:Win32/AskBrowserHijack!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\offercastinstaller_avr_u-0113-01-p_.exe
 
NTS.exe
Status             : Scanned
Object             : %userprofile%\appdata\ntsfile\nts.exe
MD5                : C816645E9C6A64BFA407C36D26C31DDF
Publisher          : -
Size               : 228352
Version            : 5.0.2.1302
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\appdata\ntsfile\nts.exe
                Registry Entry - HKLM\System\CurrentControlSet\Services\Northern Themes Service\ImagePath = C:\Users\CMPDOWNEY\AppData\NTSFile\NTS.exe  -svcname=Northern Themes Service
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 3
Reported as safe      : 0
Failed                : 0


#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 17 February 2016 - 05:55 PM

Hi TheSentinel 1
 
Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

start
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1249297947-423921045-933663465-1000 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Taplika New Tab) - C:\Users\CMPDOWNEY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn [2015-01-17]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-30]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1249297947-423921045-933663465-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-30]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - chrome.exe
 C:\Users\CMPDOWNEY\Documents\Thumbs.db
2014-09-01 00:18 - 2015-06-19 12:19 - 0000365 _____ () C:\Users\CMPDOWNEY\AppData\Roaming\HIIRVLCX
2015-01-05 13:20 - 2015-01-05 13:20 - 0000064 _____ () C:\Users\CMPDOWNEY\AppData\Local\f3d14eee4203fec63d37663bd9783c74
2013-05-01 11:39 - 2013-05-01 11:39 - 0000600 _____ () C:\Users\CMPDOWNEY\AppData\Local\PUTTY.RND
2014-01-04 12:10 - 2014-01-04 12:10 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-05-01 10:30 - 2013-05-01 10:30 - 0031815 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\YRuXhArpo => 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Boost
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InboxAce Home Page Guard 64 bit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InboxAce_1g Browser Plugin Loader
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Super Optimizer
C:\Program Files (x86)\Boost\Boost.exe
C:\PROGRA~2\INBOXA~2\bar\1.bin\AppIntegrator64.exe
C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbrmon.exe
C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
EmptyTemp:
Shortcut:
end

Close Notepad.
NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating syste
Run FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.
Note: If the tool warns you about an outdated version please download and run the updated version.
=======================================================================================
For Chrome:
Delete your cache, history, and other browser data
https://support.google.com/chrome/answer/95582?hl=en
Next >>
Reset Chrome browser settings

https://support.google.com/chrome/answer/3296214?hl=en

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 TheSentinel

TheSentinel
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 17 February 2016 - 06:06 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by CMPDOWNEY (2016-02-17 15:01:28) Run:2
Running from C:\Users\CMPDOWNEY\Desktop
Loaded Profiles: CMPDOWNEY (Available Profiles: CMPDOWNEY)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
HKLM-x32...Run [] = [X]
CHR HKLMSOFTWAREPoliciesGoogle Restriction ======= ATTENTION
SearchScopes HKLM - {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes HKU.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes HKUS-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes HKUS-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes HKUS-1-5-21-1249297947-423921045-933663465-1000 - {589B893E-773C-4941-88C2-0DCC718E621C} URL =
StartMenuInternet IEXPLORE.EXE - iexplore.exe
FF Plugin @microsoft.comGENUINE - disabled [No File]
FF Plugin-x32 @microsoft.comGENUINE - disabled [No File]
CHR Extension (Taplika New Tab) - CUsersCMPDOWNEYAppDataLocalGoogleChromeUser DataDefaultExtensionslfkjojacgdjkninepeghaamnapdjmlfn [2015-01-17]
CHR HKLM...ChromeExtension [cjabmdjcfcfdmffimndhafhblfmpjdpe] - CProgram Files (x86)Norton 360 Premier EditionEngine22.5.5.15ExtsChrome.crx [2015-11-30]
CHR HKLM...ChromeExtension [iikflkcanblccfahdhdonehdalibjnif] - hxxpsclients2.google.comserviceupdate2crx
CHR HKLM...ChromeExtension [lfkjojacgdjkninepeghaamnapdjmlfn] - hxxpsclients2.google.comserviceupdate2crx
CHR HKUS-1-5-21-1249297947-423921045-933663465-1000SOFTWAREGoogleChromeExtensions...ChromeExtension [lfkjojacgdjkninepeghaamnapdjmlfn] - hxxpsclients2.google.comserviceupdate2crx
CHR HKLM-x32...ChromeExtension [cjabmdjcfcfdmffimndhafhblfmpjdpe] - CProgram Files (x86)Norton 360 Premier EditionEngine22.5.5.15ExtsChrome.crx [2015-11-30]
CHR HKLM-x32...ChromeExtension [iikflkcanblccfahdhdonehdalibjnif] - hxxpsclients2.google.comserviceupdate2crx
CHR HKLM-x32...ChromeExtension [lfkjojacgdjkninepeghaamnapdjmlfn] - hxxpsclients2.google.comserviceupdate2crx
StartMenuInternet Google Chrome - chrome.exe
 CUsersCMPDOWNEYDocumentsThumbs.db
2014-09-01 0018 - 2015-06-19 1219 - 0000365 _____ () CUsersCMPDOWNEYAppDataRoamingHIIRVLCX
2015-01-05 1320 - 2015-01-05 1320 - 0000064 _____ () CUsersCMPDOWNEYAppDataLocalf3d14eee4203fec63d37663bd9783c74
2013-05-01 1139 - 2013-05-01 1139 - 0000600 _____ () CUsersCMPDOWNEYAppDataLocalPUTTY.RND
2014-01-04 1210 - 2014-01-04 1210 - 0000057 _____ () CProgramDataAment.ini
2013-05-01 1030 - 2013-05-01 1030 - 0031815 __RSH () CProgram Files (x86)DLS8Uninstall.log
Reg Reg Delete HKLMSOFTWAREMicrosoftShared ToolsMSConfigstartupreg F
Reg Reg Add HKLMSOFTWAREMicrosoftShared ToolsMSConfigstartupreg F
HKEY_LOCAL_MACHINESOFTWAREMicrosoftShared ToolsMSConfigservicesYRuXhArpo = 2
HKEY_LOCAL_MACHINESOFTWAREMicrosoftShared ToolsMSConfigstartupregBoost
HKEY_LOCAL_MACHINESOFTWAREMicrosoftShared ToolsMSConfigstartupregInboxAce Home Page Guard 64 bit
HKEY_LOCAL_MACHINESOFTWAREMicrosoftShared ToolsMSConfigstartupregInboxAce_1g Browser Plugin Loader
HKEY_LOCAL_MACHINESOFTWAREMicrosoftShared ToolsMSConfigstartupregSuper Optimizer
CProgram Files (x86)BoostBoost.exe
CPROGRA~2INBOXA~2bar1.binAppIntegrator64.exe
CPROGRA~2INBOXA~2bar1.bin1gbrmon.exe
CProgram Files (x86)Super OptimizerSupOptLauncher.exe
EmptyTemp
Shortcut
end
*****************
 
HKLM-x32...Run [] = [X] => Error: No automatic fix found for this entry.
CHR HKLMSOFTWAREPoliciesGoogle Restriction ======= ATTENTION => Error: No automatic fix found for this entry.
SearchScopes HKLM - {589B893E-773C-4941-88C2-0DCC718E621C} URL = => Error: No automatic fix found for this entry.
SearchScopes HKU.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = => Error: No automatic fix found for this entry.
SearchScopes HKUS-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = => Error: No automatic fix found for this entry.
SearchScopes HKUS-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = => Error: No automatic fix found for this entry.
SearchScopes HKUS-1-5-21-1249297947-423921045-933663465-1000 - {589B893E-773C-4941-88C2-0DCC718E621C} URL = => Error: No automatic fix found for this entry.
StartMenuInternet IEXPLORE.EXE - iexplore.exe => Error: No automatic fix found for this entry.
FF Plugin @microsoft.comGENUINE - disabled [No File] => Error: No automatic fix found for this entry.
FF Plugin-x32 @microsoft.comGENUINE - disabled [No File] => Error: No automatic fix found for this entry.
CHR Extension (Taplika New Tab) - CUsersCMPDOWNEYAppDataLocalGoogleChromeUser DataDefaultExtensionslfkjojacgdjkninepeghaamnapdjmlfn [2015-01-17] => Error: No automatic fix found for this entry.
CHR HKLM...ChromeExtension [cjabmdjcfcfdmffimndhafhblfmpjdpe] - CProgram Files (x86)Norton 360 Premier EditionEngine22.5.5.15ExtsChrome.crx [2015-11-30] => Error: No automatic fix found for this entry.
CHR HKLM...ChromeExtension [iikflkcanblccfahdhdonehdalibjnif] - hxxpsclients2.google.comserviceupdate2crx => Error: No automatic fix found for this entry.
CHR HKLM...ChromeExtension [lfkjojacgdjkninepeghaamnapdjmlfn] - hxxpsclients2.google.comserviceupdate2crx => Error: No automatic fix found for this entry.
CHR HKUS-1-5-21-1249297947-423921045-933663465-1000SOFTWAREGoogleChromeExtensions...ChromeExtension [lfkjojacgdjkninepeghaamnapdjmlfn] - hxxpsclients2.google.comserviceupdate2crx => Error: No automatic fix found for this entry.
CHR HKLM-x32...ChromeExtension [cjabmdjcfcfdmffimndhafhblfmpjdpe] - CProgram Files (x86)Norton 360 Premier EditionEngine22.5.5.15ExtsChrome.crx [2015-11-30] => Error: No automatic fix found for this entry.
CHR HKLM-x32...ChromeExtension [iikflkcanblccfahdhdonehdalibjnif] - hxxpsclients2.google.comserviceupdate2crx => Error: No automatic fix found for this entry.
CHR HKLM-x32...ChromeExtension [lfkjojacgdjkninepeghaamnapdjmlfn] - hxxpsclients2.google.comserviceupdate2crx => Error: No automatic fix found for this entry.
StartMenuInternet Google Chrome - chrome.exe => Error: No automatic fix found for this entry.
CUsersCMPDOWNEYDocumentsThumbs.db => Error: No automatic fix found for this entry.
"2014-09-01 0018 - 2015-06-19 1219 - 0000365 _____ () CUsersCMPDOWNEYAppDataRoamingHIIRVLCX" => not found.
"2015-01-05 1320 - 2015-01-05 1320 - 0000064 _____ () CUsersCMPDOWNEYAppDataLocalf3d14eee4203fec63d37663bd9783c74" => not found.
"2013-05-01 1139 - 2013-05-01 1139 - 0000600 _____ () CUsersCMPDOWNEYAppDataLocalPUTTY.RND" => not found.
"2014-01-04 1210 - 2014-01-04 1210 - 0000057 _____ () CProgramDataAment.ini" => not found.
"2013-05-01 1030 - 2013-05-01 1030 - 0031815 __RSH () CProgram Files (x86)DLS8Uninstall.log" => not found.
Reg Reg Delete HKLMSOFTWAREMicrosoftShared ToolsMSConfigstartupreg F => Error: No automatic fix found for this entry.
Reg Reg Add HKLMSOFTWAREMicrosoftShared ToolsMSConfigstartupreg F => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftShared ToolsMSConfigservicesYRuXhArpo = 2 => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftShared ToolsMSConfigstartupregBoost => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftShared ToolsMSConfigstartupregInboxAce Home Page Guard 64 bit => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftShared ToolsMSConfigstartupregInboxAce_1g Browser Plugin Loader => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftShared ToolsMSConfigstartupregSuper Optimizer => Error: No automatic fix found for this entry.
CProgram Files (x86)BoostBoost.exe => Error: No automatic fix found for this entry.
CPROGRA~2INBOXA~2bar1.binAppIntegrator64.exe => Error: No automatic fix found for this entry.
CPROGRA~2INBOXA~2bar1.bin1gbrmon.exe => Error: No automatic fix found for this entry.
CProgram Files (x86)Super OptimizerSupOptLauncher.exe => Error: No automatic fix found for this entry.
EmptyTemp => Error: No automatic fix found for this entry.
Shortcut => Error: No automatic fix found for this entry.
 
==== End of Fixlog 15:01:28 ====
 
 
 
Chrome work completed also


#9 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 17 February 2016 - 06:28 PM

it does not look operation is successful

 

Step 1:

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 2:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3:

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 TheSentinel

TheSentinel
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 17 February 2016 - 07:20 PM

# AdwCleaner v5.034 - Logfile created 17/02/2016 at 15:35:08
# Updated 16/02/2016 by Xplode
# Database : 2016-02-16.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : CMPDOWNEY - ADMINPC
# Running from : C:\Users\CMPDOWNEY\Desktop\adwcleaner_5.034.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\ospd_us_502
[-] Folder Deleted : C:\ProgramData\donutleads
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY
[#] Folder Deleted : C:\Users\CMPDOWNEY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\CMPDOWNEY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehhlaekjfiiojlddgndcnefflngfmhen_0.localstorage
[-] File Deleted : C:\Users\CMPDOWNEY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfkjojacgdjkninepeghaamnapdjmlfn_0.localstorage
[-] File Deleted : C:\Users\CMPDOWNEY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jdkokpcldhneihjdhigfjmoeojkdcbmg_0.localstorage
[-] File Deleted : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
[-] File Deleted : C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
[-] File Deleted : C:\Windows\patsearch.bin
[-] File Deleted : C:\Windows\SysNative\drivers\SPPD.sys
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key Deleted : HKCU\Software\ONESOFTPERDAY
[-] Key Deleted : HKLM\SOFTWARE\ONESOFTPERDAY
[-] Key Deleted : HKLM\SOFTWARE\SPPDCOM
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ospd_us_502_is1
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\babylon.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\dotomi.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\translation.babylon.com
 
***** [ Web browsers ] *****
 
[-] [C:\Users\CMPDOWNEY\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\CMPDOWNEY\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\CMPDOWNEY\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : lfkjojacgdjkninepeghaamnapdjmlfn
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3284 bytes] ##########
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Home Premium x64 
Ran by CMPDOWNEY (Administrator) on Wed 02/17/2016 at 15:42:59.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 445 
 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\{71B0641E-DF08-4EA6-A9AE-5A17060986ED} (Empty Folder)
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\{770CCA5F-56A0-4E59-BDE4-5F1B68F15F91} (Empty Folder)
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\f3d14eee4203fec63d37663bd9783c74 (File) 
Successfully deleted: C:\Windows\system32\Tasks\01401597-d42b-4515-ba69-ff56f90c2a9a-1 (Task)
Successfully deleted: C:\Windows\system32\Tasks\01401597-d42b-4515-ba69-ff56f90c2a9a-6 (Task)
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\04ARNVKQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JZVSSIZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0KKB2ZN2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0RRN8QHA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0RRUX867 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0S3EVDBF (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1EZVR9RU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1J6Y93UC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1MGXW5JJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OBCK5U5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1PW9DRX5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1SA6H7M4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1U156MWH (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VCMRFZT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\23S5U1PT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2D4GMIHE (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2E1V2CJP (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FYKXWWA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2L0HKEIV (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Q0TLX1B (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2WMW8NZM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2YF4P1DQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Z483CQM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31P4PEB6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CHUSGIB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3DROTEZB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3KIBLM7X (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LLMT8K3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OXT7XLO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3V681XJG (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Z6HWGFG (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Z9NZR21 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48E1BP1I (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4NM53AIM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4NYROBRM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJF4C65 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5H537Z59 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5UFNOZLW (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5XAJH30M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66G4GA0Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\68F1093A (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6CPUYEF0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IC1C5OC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6KRBAE8R (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJ13XCX (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6W4O1K23 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\707UNVEU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72NXUC4J (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75ODCEJ1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77VW952W (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7HS4XP2B (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7LP50HO4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7PAHE7K4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7RWO3YNP (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\89OFM7MX (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8G6I5H6G (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8J2O5BNI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8PQRG751 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Q4ZRPK9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8UOZCMZK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98B0QQ3O (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9A1RVQ3I (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CBTYFIH (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9FXWIB7A (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GR8IVCC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9JGC3K40 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9KBRHNZO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WO3ZXL5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WZDRYX9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ADGHLQ0P (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AHV2KADG (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AL21UOL0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\APS1UZIQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZ76QLM1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B3DNHF95 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B78TR67Q (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BH7FDQO4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BP20DGVL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRB9HI9C (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CDWJRH4H (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CG3OO2MX (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CRNBPY1B (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CUFY9O2J (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D28PM80M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DH3WD8IP (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DNQ12AZ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTEL95KZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DYCBJSL1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DYL1FXFS (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E4JMILRD (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E65XO2OM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6DZNXVQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ESCUWGRC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ETB4GYCE (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EW65YMY2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXIQV63M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXR95W04 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F5U2P9JY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F8IBU3IT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FDRW0J9S (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHOPSXJE (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHYAFAFT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G7A16GEY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G8RV1APK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GGRP09VU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GI8Y0IXP (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GPWGH8YC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GRWX3JWY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZ9HQGDQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3AVHWRG (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJFW6N2U (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJHSVSBU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I6Q7LPE0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I8RAD2TQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ICNOR079 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IK7AKTO0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ILUKJBWY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IOC641NR (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8BTM9KF (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J9QDFMYC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J9SNBUMB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JDDX7162 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIYNED2U (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPZQ0RW7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JS4D5N9Q (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K18VHDP5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KDU2MQAM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KI6LQ5XA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLQ12036 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KMDXVYCU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L2K6OUTL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LJYN5QK5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LLL31K01 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LN3JWQ8Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LP3BMFAK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0H3MU7G (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M1CT7M6P (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3YOK25V (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M4GVEBQJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6TKMIGL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6Y9NT8P (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MBHIEKV6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MHDU74I6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MRXV449D (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MYAIHCP0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZ9QEK2G (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZXY2EVT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NKC2PN0C (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NMSJRSNI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NPHQF1H8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSH969RJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O505XVVO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEO2TOZK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OIKF70YT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OL3IY8FH (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OZS98XFU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P3OWPES5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PBVWSEJX (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLR9VHE9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q1DS5G18 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q39GCSB9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q81MBD1C (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QAISYU0K (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QGXN3ZHV (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QGZZV6U5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QL23G2BI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RARWFNE9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB42WQZ0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RZC5J68U (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S5DJ84K0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S5R2K7AB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7L6YWIV (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S9E51TY2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBI43T0M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIBJ3PZ9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM3OR4QP (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SRQ4B340 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SY1O3UZ4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYX0ARKX (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1H2XFE4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TGDCAGRD (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJI0NNP4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TO4LD7DL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TSIXVHLA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TZHDR93V (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U08V16PK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UAMYTHI9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFEENR2X (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHZWR9H8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UN1A1PBT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOJEV8TJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0RIFPL5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VGUMW1Y2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQKYAJ90 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VSQ6EDHO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W5G34PAQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7AGSSRB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W8PBQKB9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WBODYIB4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHRL5AZS (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUYCXPZL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3YS4213 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XPVDM8MN (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XZD6ZSSS (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y49K0CS0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6R1BSDM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCTEBMAO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YLVA14VL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YMLXIPC5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YVVKTABK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5SW43HN (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z75LG74V (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJIQ0263 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOURHAY5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPRZCB7O (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\CMPDOWNEY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZSNGG8W7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\04ARNVKQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JZVSSIZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0KKB2ZN2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0RRN8QHA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0RRUX867 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0S3EVDBF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1EZVR9RU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1J6Y93UC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1MGXW5JJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OBCK5U5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1PW9DRX5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1SA6H7M4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1U156MWH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VCMRFZT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\23S5U1PT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2D4GMIHE (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2E1V2CJP (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FYKXWWA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2L0HKEIV (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Q0TLX1B (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2WMW8NZM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2YF4P1DQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Z483CQM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31P4PEB6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CHUSGIB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3DROTEZB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3KIBLM7X (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LLMT8K3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OXT7XLO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3V681XJG (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Z6HWGFG (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Z9NZR21 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48E1BP1I (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4NM53AIM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4NYROBRM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJF4C65 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5H537Z59 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5UFNOZLW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5XAJH30M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66G4GA0Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\68F1093A (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6CPUYEF0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IC1C5OC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6KRBAE8R (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QJ13XCX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6W4O1K23 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\707UNVEU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72NXUC4J (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75ODCEJ1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77VW952W (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7HS4XP2B (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7LP50HO4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7PAHE7K4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7RWO3YNP (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\89OFM7MX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8G6I5H6G (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8J2O5BNI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8PQRG751 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Q4ZRPK9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8UOZCMZK (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98B0QQ3O (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9A1RVQ3I (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CBTYFIH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9FXWIB7A (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GR8IVCC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9JGC3K40 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9KBRHNZO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WO3ZXL5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WZDRYX9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ADGHLQ0P (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AHV2KADG (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AL21UOL0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\APS1UZIQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZ76QLM1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B3DNHF95 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B78TR67Q (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BH7FDQO4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BP20DGVL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRB9HI9C (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CDWJRH4H (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CG3OO2MX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CRNBPY1B (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CUFY9O2J (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D28PM80M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DH3WD8IP (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DNQ12AZ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTEL95KZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DYCBJSL1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DYL1FXFS (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E4JMILRD (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E65XO2OM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6DZNXVQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ESCUWGRC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ETB4GYCE (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EW65YMY2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXIQV63M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXR95W04 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F5U2P9JY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F8IBU3IT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FDRW0J9S (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHOPSXJE (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHYAFAFT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G7A16GEY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G8RV1APK (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GGRP09VU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GI8Y0IXP (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GPWGH8YC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GRWX3JWY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZ9HQGDQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3AVHWRG (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJFW6N2U (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJHSVSBU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I6Q7LPE0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I8RAD2TQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ICNOR079 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IK7AKTO0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ILUKJBWY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IOC641NR (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8BTM9KF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J9QDFMYC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J9SNBUMB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JDDX7162 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIYNED2U (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPZQ0RW7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JS4D5N9Q (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K18VHDP5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KDU2MQAM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KI6LQ5XA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLQ12036 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KMDXVYCU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L2K6OUTL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LJYN5QK5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LLL31K01 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LN3JWQ8Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LP3BMFAK (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0H3MU7G (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M1CT7M6P (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3YOK25V (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M4GVEBQJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6TKMIGL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6Y9NT8P (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MBHIEKV6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MHDU74I6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MRXV449D (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MYAIHCP0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZ9QEK2G (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZXY2EVT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NKC2PN0C (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NMSJRSNI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NPHQF1H8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSH969RJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O505XVVO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEO2TOZK (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OIKF70YT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OL3IY8FH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OZS98XFU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P3OWPES5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PBVWSEJX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLR9VHE9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q1DS5G18 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q39GCSB9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q81MBD1C (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QAISYU0K (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QGXN3ZHV (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QGZZV6U5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QL23G2BI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RARWFNE9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB42WQZ0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RZC5J68U (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S5DJ84K0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S5R2K7AB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7L6YWIV (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S9E51TY2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBI43T0M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIBJ3PZ9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM3OR4QP (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SRQ4B340 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SY1O3UZ4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYX0ARKX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1H2XFE4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TGDCAGRD (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJI0NNP4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TO4LD7DL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TSIXVHLA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TZHDR93V (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U08V16PK (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UAMYTHI9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFEENR2X (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHZWR9H8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UN1A1PBT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOJEV8TJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0RIFPL5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VGUMW1Y2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQKYAJ90 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VSQ6EDHO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W5G34PAQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7AGSSRB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W8PBQKB9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WBODYIB4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHRL5AZS (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUYCXPZL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3YS4213 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XPVDM8MN (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XZD6ZSSS (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y49K0CS0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6R1BSDM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCTEBMAO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YLVA14VL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YMLXIPC5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YVVKTABK (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5SW43HN (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z75LG74V (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJIQ0263 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOURHAY5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPRZCB7O (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZSNGG8W7 (Temporary Internet Files Folder) 
 
 
 
Registry: 3 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B50DF051-E1D4-439C-B94E-F4DE82B56542} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B50DF051-E1D4-439C-B94E-F4DE82B56542} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/17/2016 at 15:50:10.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/17/2016
Scan Time: 3:53 PM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.02.17.07
Rootkit Database: v2016.02.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: CMPDOWNEY
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349861
Time Elapsed: 17 min, 23 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 22
PUP.Optional.CartWheelShopping, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B50DF051-E1D4-439C-B94E-F4DE82B56542}, Quarantined, [7259154cbcddec4aeb03910afc06cd33], 
PUP.Optional.CartWheelShopping, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B50DF051-E1D4-439C-B94E-F4DE82B56542}, Quarantined, [7259154cbcddec4aeb03910afc06cd33], 
PUP.Optional.CartWheelShopping, HKLM\SOFTWARE\CLASSES\TYPELIB\{CBDAF04A-ED5B-4128-BAEE-2F0608F62E17}, Quarantined, [7259154cbcddec4aeb03910afc06cd33], 
PUP.Optional.CartWheelShopping, HKLM\SOFTWARE\CLASSES\INTERFACE\{E8984239-8C4C-461C-81B8-685AF4E56152}, Quarantined, [7259154cbcddec4aeb03910afc06cd33], 
PUP.Optional.CartWheelShopping, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E8984239-8C4C-461C-81B8-685AF4E56152}, Quarantined, [7259154cbcddec4aeb03910afc06cd33], 
PUP.Optional.CartWheelShopping, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E8984239-8C4C-461C-81B8-685AF4E56152}, Quarantined, [7259154cbcddec4aeb03910afc06cd33], 
PUP.Optional.CartWheelShopping, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{CBDAF04A-ED5B-4128-BAEE-2F0608F62E17}, Quarantined, [7259154cbcddec4aeb03910afc06cd33], 
PUP.Optional.CartWheelShopping, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{CBDAF04A-ED5B-4128-BAEE-2F0608F62E17}, Quarantined, [7259154cbcddec4aeb03910afc06cd33], 
PUP.Optional.CartWheelShopping, HKLM\SOFTWARE\CLASSES\Stw2BHO.1, Quarantined, [7259154cbcddec4aeb03910afc06cd33], 
PUP.Optional.CartWheelShopping, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Stw2BHO.1, Quarantined, [7259154cbcddec4aeb03910afc06cd33], 
PUP.Optional.CartWheelShopping, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Stw2BHO.1, Quarantined, [7259154cbcddec4aeb03910afc06cd33], 
PUP.Optional.CartWheelShopping, HKU\S-1-5-21-1249297947-423921045-933663465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{B50DF051-E1D4-439C-B94E-F4DE82B56542}, Quarantined, [7259154cbcddec4aeb03910afc06cd33], 
PUP.Optional.CartWheelShopping, HKU\S-1-5-21-1249297947-423921045-933663465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B50DF051-E1D4-439C-B94E-F4DE82B56542}, Quarantined, [7259154cbcddec4aeb03910afc06cd33], 
PUP.Optional.CartWheelShopping, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B50DF051-E1D4-439C-B94E-F4DE82B56542}, Quarantined, [7259154cbcddec4aeb03910afc06cd33], 
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{589B893E-773C-4941-88C2-0DCC718E621C}, Quarantined, [4487461ba8f18bab4295dcc6936f03fd], 
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32LDR  , Quarantined, [68635f02c8d10531e7ce19f262a20ef2], 
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [2d9e6af77524e2544f4c48068183fb05], 
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [547792cf4a4f57df386488c662a2847c], 
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarantined, [1bb0acb50e8b95a168778bbc966e17e9], 
PUP.Optional.CartWheelShopping, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{63E29D1A-D6B5-4295-BFAC-967606232411}_is1, Quarantined, [cb0094cda7f280b667f933a52ed57f81], 
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Quarantined, [d1fa233e58418da959869ea99b69df21], 
PUP.Optional.CartWheelShopping, HKU\S-1-5-21-1249297947-423921045-933663465-1000\SOFTWARE\CARTWHEEL, Quarantined, [f0db075a2e6b043267f82fa9bb48c739], 
 
Registry Values: 11
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130632268529841202, Quarantined, [0bc0acb51683f83eb5ff828932d24eb2]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.xxx|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130632268529841202, Quarantined, [3299c79a9aff1620caeae92240c4a759]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130632268529841202, Quarantined, [1bb090d18811e6505c580308897b5fa1]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130632268529841202, Quarantined, [e1ea6df4bcdda492d8dc1cef9371c63a]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_removal_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130632268529841202, Quarantined, [9a31fb66920741f5f8bcca41bc4860a0]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_reporter_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130632268529841202, Quarantined, [05c688d9b6e3ef47fbb9b3580afa847c]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32Ldr  |{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130632268529841202, Quarantined, [68635f02c8d10531e7ce19f262a20ef2]
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [1bb0acb50e8b95a168778bbc966e17e9]
PUP.Optional.Taplika, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Taplika\\, Quarantined, [cdfecd945a3fa195a63ca564ac588b75]
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [d1fa233e58418da959869ea99b69df21]
PUP.Optional.CartWheelShopping, HKU\S-1-5-21-1249297947-423921045-933663465-1000\SOFTWARE\CARTWHEEL|lastkeywordsupdate, Quarantined, [f0db075a2e6b043267f82fa9bb48c739], 
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.NorthernThemesService, C:\Users\CMPDOWNEY\AppData\NTSFile, Quarantined, [2d9e93ce1188fb3bc5424aae57ac8878], 
 
Files: 5
PUP.Optional.CartWheelShopping, C:\Users\CMPDOWNEY\AppData\Roaming\Cartwheel\Cartwheel.dll, Quarantined, [7259154cbcddec4aeb03910afc06cd33], 
PUP.Optional.NorthernThemesService, C:\Users\CMPDOWNEY\AppData\NTSFile\db.ini, Quarantined, [2d9e93ce1188fb3bc5424aae57ac8878], 
PUP.Optional.NorthernThemesService, C:\Users\CMPDOWNEY\AppData\NTSFile\helper.dll, Quarantined, [2d9e93ce1188fb3bc5424aae57ac8878], 
PUP.Optional.NorthernThemesService, C:\Users\CMPDOWNEY\AppData\NTSFile\uninst.exe, Quarantined, [2d9e93ce1188fb3bc5424aae57ac8878], 
PUP.Optional.WebInstr, C:\Windows\System32\drivers\Msft_Kernel_webinstrNewH_01009.Wdf, Quarantined, [705b6cf51d7c26107ddb61aeb450ec14], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 17 February 2016 - 07:41 PM

Perfect :thumbup2:

 

Step1:
ComboFix run:
Please be sure to run our tools with administrator rights.
* IMPORTAN: 1   Place ComboFix.exe on your Desktop
* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.
 
Step2:
Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 TheSentinel

TheSentinel
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 17 February 2016 - 09:38 PM

I'll try and get to this tomorrow



#13 TheSentinel

TheSentinel
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 18 February 2016 - 03:52 PM

ComboFix 16-02-15.01 - CMPDOWNEY 02/18/2016  12:02:35.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1992.379 [GMT -8:00]
Running from: c:\users\CMPDOWNEY\Desktop\ComboFix.exe
AV: Norton 360 Premier *Disabled/Outdated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
FW: Norton 360 Premier *Disabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
SP: Norton 360 Premier *Disabled/Outdated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1887373585
c:\programdata\2355320829
c:\users\CMPDOWNEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
.
.
(((((((((((((((((((((((((   Files Created from 2016-01-18 to 2016-02-18  )))))))))))))))))))))))))))))))
.
.
2016-02-18 20:13 . 2016-02-18 20:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-02-18 20:08 . 2016-02-18 20:08 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{85F24287-9866-4B56-B541-6DD9E5B9529C}\offreg.2988.dll
2016-02-18 20:07 . 2016-02-18 20:07 -------- d-----w- c:\users\CMPDOWNEY\AppData\Local\TempTaskUpdateDetectionA34DA482-C924-408A-A973-BB072008F418
2016-02-17 23:52 . 2016-02-18 19:53 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-17 23:52 . 2015-10-05 17:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-02-17 23:52 . 2015-10-05 17:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-02-17 23:52 . 2015-10-05 17:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-02-17 23:52 . 2016-02-17 23:52 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-02-17 23:52 . 2016-02-17 23:52 -------- d-----w- c:\programdata\Malwarebytes
2016-02-17 21:00 . 2016-02-17 21:01 202144 ----a-w- c:\windows\system32\drivers\zam64.sys
2016-02-17 21:00 . 2016-02-17 21:01 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2016-02-17 20:59 . 2016-02-17 21:01 202144 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2016-02-17 20:59 . 2016-02-17 20:59 -------- d-----w- c:\users\CMPDOWNEY\AppData\Local\Zemana
2016-02-17 20:49 . 2016-02-17 20:49 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{85F24287-9866-4B56-B541-6DD9E5B9529C}\offreg.2728.dll
2016-02-16 18:08 . 2015-12-16 18:15 11154520 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{85F24287-9866-4B56-B541-6DD9E5B9529C}\mpengine.dll
2016-02-10 19:16 . 2016-01-22 06:32 34304 ----a-w- c:\windows\system32\iernonce.dll
2016-02-10 19:15 . 2016-01-07 17:42 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-02-10 19:14 . 2015-12-20 18:50 3180544 ----a-w- c:\windows\system32\rdpcorets.dll
2016-02-10 19:14 . 2015-12-20 18:50 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2016-02-10 19:14 . 2015-12-20 14:08 243200 ----a-w- c:\windows\system32\rdpudd.dll
2016-02-10 19:14 . 2016-01-07 17:53 3211776 ----a-w- c:\windows\system32\win32k.sys
2016-02-10 19:14 . 2016-01-16 19:01 2085888 ----a-w- c:\windows\system32\ole32.dll
2016-02-10 19:14 . 2016-01-16 18:36 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
2016-02-10 19:11 . 2016-01-22 06:12 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-10 19:09 . 2016-01-22 06:19 14179840 ----a-w- c:\windows\system32\shell32.dll
2016-02-10 19:09 . 2016-01-22 05:19 3231232 ----a-w- c:\windows\explorer.exe
2016-02-10 19:09 . 2016-01-22 06:15 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-02-10 19:09 . 2016-01-22 06:12 1940992 ----a-w- c:\windows\system32\authui.dll
2016-02-10 19:09 . 2016-01-22 05:12 2973184 ----a-w- c:\windows\SysWow64\explorer.exe
2016-02-10 19:09 . 2016-01-22 05:59 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2016-02-10 19:09 . 2016-01-22 06:00 1498624 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-11 00:31 . 2013-04-24 10:36 146614896 ----a-w- c:\windows\system32\MRT.exe
2016-02-09 20:44 . 2012-04-13 07:11 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-02-09 20:44 . 2012-04-13 07:11 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-01-22 05:59 . 2016-02-10 19:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-01-21 18:33 . 2013-12-31 18:31 630992 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-12-10 03:58 . 2015-12-10 03:58 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2015-12-08 21:54 . 2016-01-12 18:51 902144 ----a-w- c:\windows\SysWow64\WMADMOD.DLL
2015-12-08 21:54 . 2016-01-12 18:51 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2015-12-08 21:54 . 2016-01-12 18:51 815616 ----a-w- c:\windows\SysWow64\WMADMOE.DLL
2015-12-08 21:54 . 2016-01-12 18:51 739328 ----a-w- c:\windows\SysWow64\WMSPDMOD.DLL
2015-12-08 21:54 . 2016-01-12 18:51 541184 ----a-w- c:\windows\SysWow64\WMVSDECD.DLL
2015-12-08 21:54 . 2016-01-12 18:51 740352 ----a-w- c:\windows\SysWow64\wmpmde.dll
2015-12-08 21:54 . 2016-01-12 18:51 665088 ----a-w- c:\windows\SysWow64\WMVXENCD.DLL
2015-12-08 21:54 . 2016-01-12 18:51 1568768 ----a-w- c:\windows\SysWow64\WMVENCOD.DLL
2015-12-08 21:54 . 2016-01-12 18:51 358400 ----a-w- c:\windows\SysWow64\WMVSENCD.DLL
2015-12-08 21:54 . 2016-01-12 18:51 1325056 ----a-w- c:\windows\SysWow64\WMSPDMOE.DLL
2015-12-08 21:54 . 2016-01-12 18:51 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2015-12-08 21:54 . 2016-01-12 18:51 154112 ----a-w- c:\windows\SysWow64\VIDRESZR.DLL
2015-12-08 21:53 . 2016-01-12 18:51 206848 ----a-w- c:\windows\SysWow64\RESAMPLEDMO.DLL
2015-12-08 21:53 . 2016-01-12 18:51 509952 ----a-w- c:\windows\SysWow64\qedit.dll
2015-12-08 21:53 . 2016-01-12 18:51 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2015-12-08 21:53 . 2016-01-12 18:51 1329664 ----a-w- c:\windows\SysWow64\quartz.dll
2015-12-08 21:53 . 2016-01-12 18:51 206848 ----a-w- c:\windows\SysWow64\qasf.dll
2015-12-08 21:53 . 2016-01-12 18:51 970240 ----a-w- c:\windows\SysWow64\msmpeg2adec.dll
2015-12-08 21:53 . 2016-01-12 18:51 829952 ----a-w- c:\windows\SysWow64\MSMPEG2ENC.DLL
2015-12-08 21:53 . 2016-01-12 18:51 241152 ----a-w- c:\windows\SysWow64\MPG4DECD.DLL
2015-12-08 21:53 . 2016-01-12 18:51 241152 ----a-w- c:\windows\SysWow64\MP43DECD.DLL
2015-12-08 21:53 . 2016-01-12 18:51 79872 ----a-w- c:\windows\SysWow64\MP3DMOD.DLL
2015-12-08 21:53 . 2016-01-12 18:51 415744 ----a-w- c:\windows\SysWow64\MP4SDECD.DLL
2015-12-08 21:53 . 2016-01-12 18:51 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2015-12-08 21:53 . 2016-01-12 18:51 354816 ----a-w- c:\windows\SysWow64\mfplat.dll
2015-12-08 21:53 . 2016-01-12 18:51 609280 ----a-w- c:\windows\SysWow64\MFWMAAEC.DLL
2015-12-08 21:53 . 2016-01-12 18:51 53248 ----a-w- c:\windows\SysWow64\mfvdsp.dll
2015-12-08 21:53 . 2016-01-12 18:51 4608 ----a-w- c:\windows\SysWow64\ksuser.dll
2015-12-08 21:53 . 2016-01-12 18:51 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2015-12-08 21:53 . 2016-01-12 18:51 489984 ----a-w- c:\windows\SysWow64\evr.dll
2015-12-08 21:53 . 2016-01-12 18:51 67584 ----a-w- c:\windows\SysWow64\devenum.dll
2015-12-08 21:53 . 2016-01-12 18:51 153600 ----a-w- c:\windows\SysWow64\COLORCNV.DLL
2015-12-08 21:53 . 2016-01-12 18:51 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2015-12-08 21:53 . 2016-01-12 18:51 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe
2015-12-08 21:53 . 2016-01-12 18:51 193536 ----a-w- c:\windows\SysWow64\ksproxy.ax
2015-12-08 21:52 . 2016-01-12 18:48 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-12-08 21:50 . 2016-01-12 18:51 2048 ----a-w- c:\windows\SysWow64\mferror.dll
2015-12-08 19:07 . 2016-01-12 18:51 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2015-12-08 19:07 . 2016-01-12 18:51 1232896 ----a-w- c:\windows\system32\WMADMOD.DLL
2015-12-08 19:07 . 2016-01-12 18:51 978944 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2015-12-08 19:07 . 2016-01-12 18:51 666112 ----a-w- c:\windows\system32\WMVSDECD.DLL
2015-12-08 19:07 . 2016-01-12 18:51 1153024 ----a-w- c:\windows\system32\WMADMOE.DLL
2015-12-08 19:07 . 2016-01-12 18:51 1026048 ----a-w- c:\windows\system32\wmpmde.dll
2015-12-08 19:07 . 2016-01-12 18:51 642048 ----a-w- c:\windows\system32\WMVXENCD.DLL
2015-12-08 19:07 . 2016-01-12 18:51 1955328 ----a-w- c:\windows\system32\WMVENCOD.DLL
2015-12-08 19:07 . 2016-01-12 18:51 1575424 ----a-w- c:\windows\system32\WMSPDMOE.DLL
2015-12-08 19:07 . 2016-01-12 18:51 447488 ----a-w- c:\windows\system32\WMVSENCD.DLL
2015-12-08 19:07 . 2016-01-12 18:51 1393152 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2015-12-08 19:07 . 2016-01-12 18:51 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-12-08 19:07 . 2016-01-12 18:51 292352 ----a-w- c:\windows\system32\VIDRESZR.DLL
2015-12-08 19:07 . 2016-01-12 18:51 378880 ----a-w- c:\windows\system32\SysFxUI.dll
2015-12-08 19:07 . 2016-01-12 18:51 225792 ----a-w- c:\windows\system32\RESAMPLEDMO.DLL
2015-12-08 19:07 . 2016-01-12 18:51 624640 ----a-w- c:\windows\system32\qedit.dll
2015-12-08 19:07 . 2016-01-12 18:51 1573888 ----a-w- c:\windows\system32\quartz.dll
2015-12-08 19:07 . 2016-01-12 18:51 371712 ----a-w- c:\windows\system32\qdvd.dll
2015-12-08 19:07 . 2016-01-12 18:51 254464 ----a-w- c:\windows\system32\qasf.dll
2015-12-08 19:07 . 2016-01-12 18:51 1307136 ----a-w- c:\windows\system32\msmpeg2adec.dll
2015-12-08 19:07 . 2016-01-12 18:51 1160192 ----a-w- c:\windows\system32\MSMPEG2ENC.DLL
2015-12-08 19:07 . 2016-01-12 18:51 4121600 ----a-w- c:\windows\system32\mf.dll
2015-12-08 19:07 . 2016-01-12 18:51 1010688 ----a-w- c:\windows\system32\mcmde.dll
2015-12-08 19:07 . 2016-01-12 18:51 653824 ----a-w- c:\windows\system32\MP4SDECD.DLL
2015-12-08 19:07 . 2016-01-12 18:51 484864 ----a-w- c:\windows\system32\MFWMAAEC.DLL
2015-12-08 19:07 . 2016-01-12 18:51 432128 ----a-w- c:\windows\system32\mfplat.dll
2015-12-08 19:07 . 2016-01-12 18:51 224768 ----a-w- c:\windows\system32\MPG4DECD.DLL
2015-12-08 19:07 . 2016-01-12 18:51 223744 ----a-w- c:\windows\system32\MP43DECD.DLL
2015-12-08 19:07 . 2016-01-12 18:51 70144 ----a-w- c:\windows\system32\mfvdsp.dll
2015-12-08 19:07 . 2016-01-12 18:51 100864 ----a-w- c:\windows\system32\MP3DMOD.DLL
2015-12-08 19:07 . 2016-01-12 18:51 206848 ----a-w- c:\windows\system32\mfps.dll
2015-12-08 19:07 . 2016-01-12 18:51 5120 ----a-w- c:\windows\system32\ksuser.dll
2015-12-08 19:07 . 2016-01-12 18:51 632320 ----a-w- c:\windows\system32\evr.dll
2015-12-08 19:07 . 2016-01-12 18:48 405504 ----a-w- c:\windows\system32\gdi32.dll
2015-12-08 19:07 . 2016-01-12 18:51 189952 ----a-w- c:\windows\system32\COLORCNV.DLL
2015-12-08 19:07 . 2016-01-12 18:51 76288 ----a-w- c:\windows\system32\devenum.dll
2015-12-08 19:07 . 2016-01-12 18:51 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2015-12-08 19:06 . 2016-01-12 18:51 24576 ----a-w- c:\windows\system32\mfpmp.exe
2015-12-08 19:06 . 2016-01-12 18:51 250880 ----a-w- c:\windows\system32\ksproxy.ax
2015-12-08 19:04 . 2016-01-12 18:51 2048 ----a-w- c:\windows\system32\mferror.dll
2015-12-08 18:54 . 2016-01-12 18:51 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2015-12-08 18:12 . 2016-01-12 18:51 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2015-12-08 18:11 . 2016-01-12 18:51 5632 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2015-12-02 21:18 . 2010-11-21 03:27 301728 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-07-01 17:54 223432 ----a-w- c:\users\CMPDOWNEY\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-07-01 17:54 223432 ----a-w- c:\users\CMPDOWNEY\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-07-01 17:54 223432 ----a-w- c:\users\CMPDOWNEY\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"Hotkey Utility"="c:\program files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe" [2012-02-07 636520]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2014-01-16 3774776]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
c:\users\CMPDOWNEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - Admin-Printer (HP Officejet Pro 8600).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN3B6E3HY905KC;CONNECTION=USB;MONITOR=1; [2009-7-13 45568]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
Send to OneNote.lnk - c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [2016-1-21 195248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2013-11-15 6326584]
MySoftware NewsFlash.lnk - c:\program files (x86)\Common Files\MySoftware\Newsflsh.exe [2015-4-7 233472]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2014-1-16 1182536]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2013\QBW32.EXE -silent [2014-1-16 1185096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 DymoPnpService;DYMO PnP Service;c:\program files\DYMO\DYMO Label Software\DymoPnpService.exe;c:\program files\DYMO\DYMO Label Software\DymoPnpService.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R4 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymEFASI;Symantec Extended File Attributes (SI);c:\windows\system32\drivers\N360x64\1605050.00F\SYMEFASI64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1605050.00F\SYMEFASI64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\BASHDefs\20160125.001\BHDrvx64.sys;c:\program files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\BASHDefs\20160125.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1605050.00F\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1605050.00F\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\IPSDefs\20160207.001\IDSvia64.sys;c:\program files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\IPSDefs\20160207.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1605050.00F\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1605050.00F\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1605050.00F\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1605050.00F\SYMNETS.SYS [x]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\N360.exe;c:\program files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\N360.exe [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S2 RalinkRegistryWriter64;RalinkRegistryWriter64;c:\program files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe;c:\program files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-12 23:06 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 20:44]
.
2016-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-19 00:15]
.
2016-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-19 00:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-07-01 17:55 262344 ----a-w- c:\users\CMPDOWNEY\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-07-01 17:55 262344 ----a-w- c:\users\CMPDOWNEY\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-07-01 17:55 262344 ----a-w- c:\users\CMPDOWNEY\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-01-21 18:34 2339032 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-01-21 18:34 2339032 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-01-21 18:34 2339032 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-21 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-21 398104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-21 440600]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-05 13374568]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2016-01-26 12725488]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{97ED4836-916E-42A4-A390-024B76AD4981}: NameServer = 8.8.8.8,8.8.4.4
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - c:\program files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll
Handler: osf-roaming - {C57E9882-B128-4E07-BA2D-FF83B8989C76} - c:\users\CMPDOWNEY\Microsoft Office 15\root\office15\MSOSB.DLL
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-DLSService - c:\program files\DYMO\DYMO Label Software\DLSService.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Adobe Acrobat 4.0 - c:\program files (x86)\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1605050.00F\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15;c:\program files (x86)\Norton 360 Premier Edition\Engine64\22.5.5.15"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-02-18  12:18:45
ComboFix-quarantined-files.txt  2016-02-18 20:18
.
Pre-Run: 399,685,685,248 bytes free
Post-Run: 399,143,948,288 bytes free
.
- - End Of File - - 794729AC3A6B5759E9F7E95BE2303728
 
 
 
RogueKiller V11.0.12.0 (x64) [Feb 15 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : CMPDOWNEY [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 02/18/2016 12:46:00
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 2 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BridgeMP (system32\DRIVERS\bridge.sys) -> Found
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\ComboFix\catchme.sys) -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721050CLA660 +++++
--- User ---
[MBR] 7524279e1627bf54d5310e698409a061
[BSP] f79bb5a13fa61f9ea5d1d45f955f06e2 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 20480 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 41945088 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 42149888 | Size: 456358 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: HP Officejet Pro 86 USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: Multiple Flash Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: WD My Book 1230 USB Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! ([79] The semaphore timeout period has expired. )
Error reading LL2 MBR! ([32] The request is not supported. )
 


#14 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 18 February 2016 - 05:13 PM

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

=========================================================================

How is the machine running now and any issues ? Please let me know.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 TheSentinel

TheSentinel
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 18 February 2016 - 07:48 PM

This scan is takinga while, might not have it ill tonight or tomorrow.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users