Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Banner ads from adk2x interfering with websites


  • This topic is locked This topic is locked
35 replies to this topic

#1 myRiad_spartans

myRiad_spartans

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Midlands, United Kingdom
  • Local time:10:23 AM

Posted 21 March 2016 - 07:11 AM

Original thread: http://www.bleepingcomputer.com/forums/t/608357/banner-ads-from-adk2x-interfering-with-websites

I am getting ads from adk2x inferring with some of the websites that I visit. The ads take over ad spaces as well as parts of the website that are supposed to show videos. In a few cases the browser jumps to an adware website by itself. This problem affects some of the browsers but not all of them. The systems affected are:
◾Google Chrome on Windows 7 SP1 but not Internet Explorer 11
◾Microsoft Edge 20 on Windows 10 but not Firefox 44.0.2
◾Google Chromebook ChromeOS 49

I am connected to the Internet with a router from TalkTalk. The router is D-Link DSL-3680.

The main website affected is eharmony.co.uk. There is a link which says "View Our Safety Tips". There is a YouTube video underneath the link but on the affected systems this is replaced with banner ads. There was also some temporary problems on presstv.ir/Default/Live as well as videos on manic-expression.com.

I have used Security Check, Farbar Service Scanner, MiniToolBox, Malwarebytes Anti-Malware, Malwarebytes Anti-Rootkit and Rkill. I have not removed anything from the computers.

I will post the FRST log for Windows 7 here and then post the FRST log for Windows 10 in the following post. I do not know what to use to scan the Chromebook.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Marlene (administrator) on MARLENE-PC (21-03-2016 11:34:58)
Running from C:\Users\Marlene\Desktop
Loaded Profiles: Marlene (Available Profiles: Marlene & Kevin & Xbox Live Player & Mcx1-MARLENE-PC & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SDKs\Kinect\v1.0 Beta2\Service\KinectManagementService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Octoshape ApS) C:\Users\Marlene\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(CyberLink Corp.) C:\Program Files (x86)\Hp\QuickPlay\QPService.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\EpmNews.exe
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\TrayPopupE\TrayTipAgentE.exe
() C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-12-18] (IDT, Inc.)
HKLM\...\Run: [EPSON Stylus DX4800 Series (Copy 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIADE.EXE [98304 2005-02-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-18] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-13] (Symantec Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [612872 2014-01-03] (EasyBits Software AS)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [QPService] => C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2009-09-08] (CyberLink Corp.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [1858152 2012-03-30] (Microsoft Corp.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-19] (AVAST Software)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\EpmNews.exe [2089056 2015-04-14] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM-x32\...\Run: [EaseUS TB Tray Agent] => C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2014-12-15] ()
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25577864 2016-03-12] (Dropbox, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\Run: [Facebook Update] => C:\Users\Marlene\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1566016 2015-07-27] (Samsung)
HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-03-20] (Samsung Electronics)
HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\Run: [Octoshape Streaming Services] => C:\Users\Marlene\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-04-30] (TomTom)
HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6274184 2015-08-23] (Plex, Inc.)
HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\MountPoints2: {59270df1-9623-11e3-bdc8-00269e8ee64a} - F:\iStudio.exe
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2
ShellExecuteHooks: - {E54729E8-643D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook64.dll [773192 2014-06-01] ()
ShellExecuteHooks-x32: - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook32.dll [484936 2014-06-01] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-03-04] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2013-03-10]
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Marlene\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 217.12.218.120 8.8.8.8
Tcpip\..\Interfaces\{0985480C-B9DE-442A-B6E8-415D3C5ED732}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3C990A9B-BB12-424C-B447-CC5ADF365E53}: [DhcpNameServer] 217.12.218.120 8.8.8.8
Tcpip\..\Interfaces\{4F281B08-AA12-4757-A18B-18345AAFA36F}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3688857076-792490274-234704465-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://uk.yahoo.com/
URLSearchHook: HKU\S-1-5-21-3688857076-792490274-234704465-1001 - (No Name) - {f864ba3f-9878-458a-ba2b-dad32bcbc472} - C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0eSrcAs.dll (COMPANYVERS_NAME)
URLSearchHook: HKU\S-1-5-21-3688857076-792490274-234704465-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-3688857076-792490274-234704465-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {AC3F49B1-2912-4F76-81AB-624EA7E8F491} URL = hxxp://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
SearchScopes: HKLM -> {C1D5EC18-B665-4AA3-ADFD-9E466629E6D1} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcnnbie7-en-gb
SearchScopes: HKLM -> {F9FC1670-8AD8-4BDC-8E58-56EB224739CA} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {AC3F49B1-2912-4F76-81AB-624EA7E8F491} URL = hxxp://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
SearchScopes: HKLM-x32 -> {C1D5EC18-B665-4AA3-ADFD-9E466629E6D1} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcnnbie7-en-gb
SearchScopes: HKLM-x32 -> {F9FC1670-8AD8-4BDC-8E58-56EB224739CA} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> {ffab9ec5-7889-45c9-b6fa-5d19ccfea2d2} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YUxdm002YYgb&ptb=7E29705A-5E77-480A-938A-22965BCCFE80&ind=2013030118&ptnrS=YUxdm002YYgb&si=translateye&n=77fc66e6&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {3F243AB0-5236-4FF5-8D2D-E67022440788} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\.DEFAULT -> {3F243AB0-5236-4FF5-8D2D-E67022440788} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> DefaultScope {98DA51C4-65D6-44F5-9ECE-F5B117EECDF2} URL = hxxps://www.google.co.uk/#q={searchTerms}
SearchScopes: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> {05664F42-5FBE-44D7-ADFA-F792611BFA68} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C014GB499D20151204&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> {3BA0F500-9CAB-4921-A971-96BB46F4CE99} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C010GB0D19700101&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> {3ED778CD-1535-4C54-9057-08339B99E0D7} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=FTB&o=41648107&src=kw&q={searchTerms}&locale=&apn_ptnrs=9D&apn_dtid=YYYYYYYYGB&apn_uid=51A4C060-9097-4AB8-92E7-17394EBE8D78&apn_sauid=A6A8FCC4-9527-4A46-B1F5-13FBA4C6A6D3
SearchScopes: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> {95981329-F311-48AD-B02D-7540FB6F3276} URL = hxxp://www.youtube.com/results?search_query={searchTerms}&page={startPage?}&utm_source=opensearch
SearchScopes: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> {98DA51C4-65D6-44F5-9ECE-F5B117EECDF2} URL = hxxps://www.google.co.uk/#q={searchTerms}
SearchScopes: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> {AC3F49B1-2912-4F76-81AB-624EA7E8F491} URL = hxxp://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
SearchScopes: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> {C1D5EC18-B665-4AA3-ADFD-9E466629E6D1} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcnnbie7-en-gb
SearchScopes: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> {F9FC1670-8AD8-4BDC-8E58-56EB224739CA} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> {ffab9ec5-7889-45c9-b6fa-5d19ccfea2d2} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YUxdm002YYgb&ptb=7E29705A-5E77-480A-938A-22965BCCFE80&ind=2011090505&ptnrS=YUxdm002YYgb&si=translateye&n=77dece49&psa=&st=sb&searchfor={searchTerms}
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL => No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-03-04] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll => No File
BHO-x32: No Name -> {4cbfd6a0-f21b-4d52-bf56-c57a37625141} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-16] (Oracle Corporation)
BHO-x32: No Name -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> No File
BHO-x32: No Name -> {8ca6701f-b8e8-43b9-b206-b2a9ee3216cf} -> No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-04] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: No Name -> {b81eac74-1eda-4e15-994e-76c38c1dee91} -> No File
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-16] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
Toolbar: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
Toolbar: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
Toolbar: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> No Name - {8175E372-1FF1-4288-8E6E-ADDEBD415D47} - No File
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\11\NP_wtapp.dll [2015-01-17] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3688857076-792490274-234704465-1001: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Marlene\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll [2013-12-18] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-3688857076-792490274-234704465-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Marlene\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3688857076-792490274-234704465-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marlene\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-05] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3688857076-792490274-234704465-1001: vates.com/ppo -> C:\Users\Marlene\AppData\Roaming\Mcafee Social Protection Beta\npppo.dll [2013-06-28] (McAfee)
FF Plugin ProgramFiles/Appdata: C:\Users\Marlene\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2014-05-11] (Octoshape ApS)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-04]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-04]

Chrome:
=======
CHR StartupUrls: Profile 1 -> "hxxp://uk.yahoo.com/"
CHR Profile: C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Cast) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-19]
CHR Extension: (Avast SafePrice) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-02-23]
CHR Extension: (Avast Online Security) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-26]
CHR Extension: (Skype) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-22]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-01]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-03-04]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-04] (AVAST Software)
S4 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [151656 2012-03-30] (Microsoft Corp.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-25] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-25] (Dropbox, Inc.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37416 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]
S2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
S2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-02-10] (WildTangent)
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-09] (Hewlett-Packard) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 KinectManagement; C:\Program Files\Microsoft SDKs\Kinect\v1.0 Beta2\Service\KinectManagementService.exe [131584 2011-09-24] (Microsoft Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-02-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-03-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-03-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-03-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-03-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-03-04] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-03-09] (Symantec Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2014-11-18] ()
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-14] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
S3 KinectCamera; C:\Windows\System32\Drivers\kinectcamera.sys [42880 2011-09-24] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [36968 2016-01-19] (McAfee, Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
U4 eabfiltr; no ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-21 11:34 - 2016-03-21 11:37 - 00039833 _____ C:\Users\Marlene\Desktop\FRST.txt
2016-03-21 11:34 - 2016-03-21 11:34 - 00000000 ____D C:\FRST
2016-03-21 11:33 - 2016-03-21 11:34 - 02374144 _____ (Farbar) C:\Users\Marlene\Desktop\FRST64.exe
2016-03-21 10:43 - 2016-03-21 10:53 - 00002124 _____ C:\Users\Marlene\Desktop\Rkill.txt
2016-03-21 10:43 - 2016-03-21 10:43 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Marlene\Desktop\rkill.exe
2016-03-20 19:51 - 2016-03-20 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-20 17:20 - 2016-03-20 19:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-03-20 17:18 - 2016-03-20 19:56 - 00000000 ____D C:\Users\Marlene\Desktop\mbar
2016-03-20 17:16 - 2016-03-20 17:17 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Marlene\Desktop\mbar-1.09.3.1001.exe
2016-03-20 15:05 - 2016-03-20 15:06 - 00039084 _____ C:\Users\Marlene\Desktop\MTB.txt
2016-03-20 15:04 - 2016-03-20 15:04 - 00891392 _____ (Farbar) C:\Users\Marlene\Desktop\MiniToolBox.exe
2016-03-20 14:49 - 2016-03-20 14:49 - 00002517 _____ C:\Users\Marlene\Desktop\FSS.txt
2016-03-20 14:47 - 2016-03-20 14:48 - 00899584 _____ (Farbar) C:\Users\Marlene\Desktop\FSS.exe
2016-03-20 13:54 - 2016-03-20 13:55 - 00852798 _____ C:\Users\Marlene\Desktop\SecurityCheck.exe
2016-03-17 23:00 - 2016-03-17 23:03 - 36413909 _____ C:\Users\Kevin\v57_eng_d8hd.pdf
2016-03-17 22:57 - 2016-03-17 23:00 - 41843476 _____ C:\Users\Kevin\Downloads\v57_eng_asj9.zip
2016-03-15 22:33 - 2016-03-15 22:34 - 00000000 ____D C:\Users\Kevin\Desktop\New folder (3)
2016-03-15 17:08 - 2016-03-15 17:08 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\WordPress.com
2016-03-14 22:30 - 2016-03-14 22:39 - 17895341 _____ C:\Users\Kevin\Downloads\maksamaksa_am_207_44.rar
2016-03-14 20:27 - 2016-03-14 20:31 - 05861852 _____ C:\Users\Kevin\Downloads\DilBobJo2.zip
2016-03-14 14:08 - 2016-03-14 14:09 - 03073668 _____ C:\Users\Kevin\Downloads\Kirsty.zip
2016-03-14 12:30 - 2016-03-14 12:30 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\OpenOffice
2016-03-13 00:35 - 2016-03-13 00:38 - 08865365 _____ C:\Users\Kevin\Downloads\MelMad1.zip
2016-03-12 00:05 - 2016-03-12 00:08 - 07577309 _____ C:\Users\Kevin\Downloads\mtr4-982.zip
2016-03-11 19:17 - 2016-03-11 19:18 - 09567482 ____T C:\Users\Kevin\Documents\Order_233976-Priority_Entry_Weekend_Birmingham_CC_March_2016-2.prn
2016-03-11 19:14 - 2016-03-11 19:15 - 09571859 ____T C:\Users\Kevin\Documents\Order_233976-Priority_Entry_Weekend_Birmingham_CC_March_2016-1.prn
2016-03-10 22:05 - 2016-03-10 22:11 - 08153027 _____ C:\Users\Kevin\Downloads\mtr4-1025.zip
2016-03-10 19:41 - 2016-03-10 19:46 - 57382897 _____ C:\Users\Kevin\Downloads\SB Episode 62.zip
2016-03-10 19:07 - 2016-03-10 19:09 - 03633345 _____ C:\Users\Kevin\Downloads\mtr5-523.zip
2016-03-10 19:05 - 2016-03-11 01:47 - 00000000 ____D C:\Users\Marlene\AppData\Roaming\WordPress.com
2016-03-10 19:03 - 2016-03-10 19:03 - 00001031 _____ C:\Users\Public\Desktop\WordPress.com.lnk
2016-03-10 19:03 - 2016-03-10 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordPress.com
2016-03-10 19:01 - 2016-03-10 19:03 - 00000000 ____D C:\Program Files (x86)\WordPress.com
2016-03-10 18:55 - 2016-03-10 18:59 - 48906240 _____ C:\Users\Kevin\Downloads\wordpress-com-1-3-0-setup.exe
2016-03-10 17:32 - 2016-03-10 17:58 - 181649778 _____ C:\Users\Kevin\Downloads\MILF Carina.rar
2016-03-10 02:46 - 2015-10-04 21:15 - 275675198 ____N C:\Users\Kevin\Downloads\53.862-Chiakis_70_sticky_bukkake_from_hell_again.mp4
2016-03-10 00:56 - 2016-03-10 02:42 - 274668108 _____ C:\Users\Kevin\Downloads\53.862-Chiakis_70_sticky_bukkake_from_hell_again.rar
2016-03-09 18:11 - 2016-03-09 18:13 - 04498807 _____ C:\Users\Kevin\Downloads\GFTURE-378.zip
2016-03-09 00:38 - 2016-03-09 00:48 - 11545205 _____ C:\Users\Kevin\Downloads\GDTURE-960.zip
2016-03-08 20:48 - 2016-03-08 20:48 - 00519752 _____ C:\Users\Kevin\Downloads\MCM Expo Store - Order fulfilment #233976.zip
2016-03-08 16:59 - 2016-03-08 17:07 - 12174112 _____ C:\Users\Kevin\Downloads\GDTURE-1070.zip
2016-03-08 13:56 - 2016-03-08 14:02 - 12580104 _____ C:\Users\Kevin\Downloads\Jay1.zip
2016-03-07 22:42 - 2016-03-07 22:50 - 08992564 _____ C:\Users\Kevin\Downloads\Pearl1.zip
2016-03-07 16:31 - 2016-03-07 16:39 - 13615676 _____ C:\Users\Kevin\Downloads\GDTURE-990.zip
2016-03-07 13:46 - 2016-03-07 13:50 - 10320240 _____ C:\Users\Kevin\Downloads\young indian wife shama.wmv
2016-03-06 00:05 - 2016-03-06 00:09 - 10679247 _____ C:\Users\Kevin\Downloads\GDTURE-1035.zip
2016-03-05 22:57 - 2016-03-05 23:03 - 41924540 _____ C:\Users\Kevin\Downloads\KateDor2.zip
2016-03-04 17:17 - 2016-03-04 17:16 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-03-04 17:15 - 2016-03-04 17:15 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-03-03 15:05 - 2016-03-03 15:11 - 11214483 _____ C:\Users\Kevin\Downloads\Francesca2.zip
2016-03-03 13:58 - 2016-03-03 13:58 - 00000045 _____ C:\Users\Kevin\Documents\always remember, #gamergate is here forever!.txt
2016-03-03 13:24 - 2016-03-03 13:29 - 45410540 _____ C:\Users\Kevin\Downloads\Tamil call center bleeped by boss.mp4
2016-03-03 13:01 - 2016-03-03 13:03 - 10358977 _____ C:\Users\Kevin\Downloads\Alex2.zip
2016-03-03 12:54 - 2016-03-03 13:00 - 63080063 _____ C:\Users\Kevin\Downloads\Desi girl bleeped by foreigner.mp4
2016-03-02 23:58 - 2016-03-01 15:44 - 00000000 ____D C:\Users\Kevin\Downloads\maksamaksa_am_206_63
2016-03-02 23:48 - 2016-03-02 23:57 - 67353854 _____ C:\Users\Kevin\Downloads\maksamaksa_am_206_63.rar
2016-03-02 14:25 - 2016-03-02 15:22 - 569802129 _____ C:\Users\Kevin\Downloads\IndianHoreHouse.mp4
2016-03-01 16:48 - 2016-03-01 16:53 - 49679108 _____ C:\Users\Kevin\Downloads\02-27-2016 [9159].zip
2016-03-01 16:46 - 2016-03-01 16:50 - 37144362 _____ C:\Users\Kevin\Downloads\02-28-2016 [9162].zip
2016-03-01 13:43 - 2016-03-01 13:46 - 17143653 _____ C:\Users\Kevin\Downloads\Hillary6.zip
2016-02-29 21:18 - 2016-02-29 21:22 - 30248362 _____ C:\Users\Kevin\Downloads\original (1).mp4
2016-02-29 21:10 - 2016-02-29 21:15 - 33307406 _____ C:\Users\Kevin\Downloads\original.mp4
2016-02-29 20:48 - 2016-02-29 20:53 - 00000000 ____D C:\Users\Kevin\Desktop\Put in a dvd
2016-02-28 00:29 - 2016-02-28 00:33 - 14548652 _____ C:\Users\Kevin\Downloads\GDTURE-866.zip
2016-02-26 01:31 - 2016-02-26 01:31 - 06650416 _____ C:\Users\Kevin\Savita Bhabhi Episode 62.pdf
2016-02-26 01:19 - 2016-02-26 01:20 - 06417867 _____ C:\Users\Kevin\Savita Bhabhi Episode 61.pdf
2016-02-26 01:15 - 2016-02-26 01:15 - 06223778 _____ C:\Users\Kevin\Downloads\GETURE-920.zip
2016-02-25 11:55 - 2016-02-25 11:55 - 00000000 ____D C:\Users\Kevin\AppData\Local\{E6AB5F26-B5D2-4642-9A96-E167F8C8F4D4}
2016-02-25 00:59 - 2016-02-25 00:59 - 05168235 _____ C:\Users\Kevin\Downloads\02-24-2016 [9149].zip
2016-02-24 14:47 - 2016-02-24 14:53 - 35373291 _____ C:\Users\Kevin\Downloads\GDTURE-803.zip
2016-02-23 22:03 - 2016-02-23 22:05 - 11092351 _____ C:\Users\Kevin\Downloads\GDTURE-948.zip
2016-02-23 19:40 - 2016-02-23 19:43 - 12264506 _____ C:\Users\Kevin\Downloads\GDTURE-995.zip
2016-02-20 01:03 - 2016-02-20 01:05 - 04138252 _____ C:\Users\Kevin\Downloads\02-19-2016 [9133].zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-21 11:32 - 2010-01-12 19:23 - 00000000 ____D C:\Users\Marlene\AppData\Roaming\Skype
2016-03-21 11:23 - 2012-03-30 01:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-21 11:13 - 2015-10-25 18:08 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-03-21 11:12 - 2016-01-23 00:32 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3688857076-792490274-234704465-1004UA.job
2016-03-21 11:06 - 2015-07-16 13:13 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-21 10:46 - 2011-07-07 21:54 - 00000934 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3688857076-792490274-234704465-1001UA.job
2016-03-21 10:23 - 2012-04-06 23:01 - 00000926 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3688857076-792490274-234704465-1004UA.job
2016-03-21 10:12 - 2010-01-12 17:58 - 00000362 _____ C:\ProgramData\HPWALog.txt
2016-03-21 09:33 - 2009-07-14 04:45 - 00023568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-21 09:33 - 2009-07-14 04:45 - 00023568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-21 09:26 - 2015-10-25 18:19 - 00000000 ___RD C:\Users\Marlene\Dropbox
2016-03-21 09:26 - 2015-10-25 18:07 - 00000000 ____D C:\Users\Marlene\AppData\Local\Dropbox
2016-03-21 09:23 - 2009-09-25 08:46 - 00000292 _____ C:\ProgramData\hpqp.ini
2016-03-21 09:20 - 2015-10-25 18:08 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-03-21 09:20 - 2012-10-28 15:09 - 00000416 ____H C:\Windows\Tasks\OptimizerPro1UpdaterTask{0DE6A2E9-6F2D-4ED8-8341-4740F25B9981}.job
2016-03-21 09:20 - 2011-01-28 23:03 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-21 09:18 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-21 00:45 - 2010-01-13 16:35 - 00000021 _____ C:\ProgramData\hpqp.txt
2016-03-21 00:06 - 2015-10-10 17:08 - 00000000 ___RD C:\Users\Kevin\OneDrive
2016-03-21 00:03 - 2014-09-04 22:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-20 19:52 - 2015-10-25 18:07 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-03-20 17:20 - 2014-09-04 22:19 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-20 17:18 - 2014-09-04 22:19 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-20 16:46 - 2011-07-07 21:54 - 00000912 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3688857076-792490274-234704465-1001Core.job
2016-03-20 16:23 - 2012-04-06 23:01 - 00000904 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3688857076-792490274-234704465-1004Core.job
2016-03-20 15:38 - 2014-09-04 22:19 - 00001062 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-20 15:38 - 2014-09-04 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-20 14:23 - 2009-07-14 05:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-20 14:23 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2016-03-19 23:16 - 2010-04-23 18:09 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Skype
2016-03-19 19:43 - 2010-01-12 19:23 - 00000000 ____D C:\ProgramData\Skype
2016-03-19 12:43 - 2012-07-14 14:59 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMarlene
2016-03-19 12:43 - 2012-07-14 14:59 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForMarlene.job
2016-03-17 23:12 - 2016-01-23 00:32 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3688857076-792490274-234704465-1004Core.job
2016-03-17 23:03 - 2010-01-16 20:26 - 00000000 ____D C:\Users\Kevin
2016-03-17 15:17 - 2015-02-19 16:08 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-03-15 00:19 - 2012-12-25 18:49 - 00002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-14 00:15 - 2012-01-30 12:17 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Firefighter 2
2016-03-11 20:20 - 2012-10-06 15:58 - 00000000 ____D C:\Users\Kevin\Kirtu
2016-03-10 23:52 - 2014-02-21 00:17 - 00002158 _____ C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-03-10 19:24 - 2012-03-30 01:41 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-10 19:24 - 2012-03-30 01:41 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-10 19:24 - 2011-06-05 23:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-10 18:45 - 2015-10-31 01:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-10 18:06 - 2013-07-25 22:58 - 00000000 ____D C:\Windows\system32\MRT
2016-03-10 17:02 - 2010-01-12 18:13 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-09 17:53 - 2015-02-19 16:08 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-03-09 17:53 - 2015-02-19 16:08 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-03-09 00:51 - 2015-10-20 14:26 - 00000000 ____D C:\Users\Kevin\New folder
2016-03-04 17:21 - 2015-02-19 16:08 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-03-04 17:20 - 2015-02-19 16:08 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-03-04 17:16 - 2015-02-19 16:08 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-03-04 17:16 - 2015-02-19 16:08 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-03-04 17:16 - 2015-02-19 16:08 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-03-04 17:16 - 2015-02-19 16:08 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-02-29 21:10 - 2015-12-07 15:29 - 00000000 ____D C:\Users\Kevin\Downloads\Nandini
2016-02-29 20:44 - 2010-01-19 17:01 - 00000000 ____D C:\Users\Xbox Live Player\AppData\Roaming\Skype
2016-02-28 22:47 - 2016-01-09 20:17 - 00000000 ____D C:\Users\Kevin\Downloads\Vika C
2016-02-23 12:47 - 2009-07-14 05:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2011-03-06 21:18 - 2011-06-19 20:30 - 0001854 _____ () C:\Users\Marlene\AppData\Roaming\GhostObjGAFix.xml
2010-03-14 13:45 - 2015-07-26 16:31 - 0019486 _____ () C:\Users\Marlene\AppData\Roaming\wklnhst.dat
2010-01-12 17:58 - 2010-01-12 17:58 - 0000000 _____ () C:\Users\Marlene\AppData\Local\AtStart.txt
2010-12-06 21:51 - 2015-06-29 16:42 - 0041472 _____ () C:\Users\Marlene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-01-12 17:58 - 2010-01-12 17:58 - 0000000 _____ () C:\Users\Marlene\AppData\Local\DSwitch.txt
2010-01-12 17:58 - 2010-01-12 17:58 - 0000000 _____ () C:\Users\Marlene\AppData\Local\QSwitch.txt
2010-11-01 16:20 - 2010-11-01 16:20 - 0000017 _____ () C:\Users\Marlene\AppData\Local\resmon.resmoncfg
2009-09-25 08:46 - 2016-03-21 09:23 - 0000292 _____ () C:\ProgramData\hpqp.ini
2010-01-13 16:35 - 2016-03-21 00:45 - 0000021 _____ () C:\ProgramData\hpqp.txt
2010-01-12 17:58 - 2016-03-21 10:12 - 0000362 _____ () C:\ProgramData\HPWALog.txt
2009-09-25 08:48 - 2009-09-25 08:48 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-08-14 20:16 - 2009-08-14 20:16 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-09-25 08:47 - 2009-09-25 08:47 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-08-14 20:10 - 2009-08-14 20:12 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-09-25 08:46 - 2009-09-25 08:46 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-09-25 08:47 - 2009-09-25 08:47 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-08-14 20:10 - 2009-08-14 20:10 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-08-14 20:12 - 2009-08-14 20:16 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-09-25 08:48 - 2009-09-25 08:48 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Some files in TEMP:
====================
C:\Users\Kevin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8jidyr.dll
C:\Users\Kevin\AppData\Local\Temp\GURC9EF.exe
C:\Users\Kevin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kevin\AppData\Local\Temp\vlc-2.2.1-win32.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-27 23:55

==================== End of FRST.txt ============================


Edited by myRiad_spartans, 21 March 2016 - 07:28 AM.


BC AdBot (Login to Remove)

 


#2 myRiad_spartans

myRiad_spartans
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Midlands, United Kingdom
  • Local time:10:23 AM

Posted 21 March 2016 - 07:26 AM

Windows 10

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by PRE-SETUP (administrator) on LAPTOP-7CF34RBE (21-03-2016 11:57:15)
Running from C:\Users\PRE-SETUP\Desktop
Loaded Profiles: PRE-SETUP (Available Profiles: PRE-SETUP)
Platform: Windows 10 Home (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
() C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Dashlane SAS) C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(SweetLabs, Inc) C:\Users\PRE-SETUP\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\asww10mon.exe
(TODO: <Company name>) C:\Program Files\Acer\User Experience Improvement Program\Plugin\AppMonitor\AppMonitorPlugIn.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Users\PRE-SETUP\AppData\Local\Viber\Viber.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\SecureLine\SecureLine.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerButton_NB.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.17801.0_x64__8wekyb3d8bbwe\Video.UI.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-07] (Realtek Semiconductor)
HKLM\...\Run: [EPSON Stylus DX4800 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIADE.EXE [98304 2005-02-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [91488 2015-11-23] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-18] (AVAST Software)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-03-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2015-03-24] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [14688 2015-08-31] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-369262057-2122486650-276410892-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50605696 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-369262057-2122486650-276410892-1001\...\Run: [Viber] => C:\Users\PRE-SETUP\AppData\Local\Viber\Viber.exe [59170864 2016-02-15] ()
HKU\S-1-5-21-369262057-2122486650-276410892-1001\...\RunOnce: [Uninstall C:\Users\PRE-SETUP\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\PRE-SETUP\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-369262057-2122486650-276410892-1001\...\RunOnce: [Uninstall C:\Users\PRE-SETUP\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\PRE-SETUP\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-369262057-2122486650-276410892-1001\...\RunOnce: [Uninstall C:\Users\PRE-SETUP\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\PRE-SETUP\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-19] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-19] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-19] (Acer Incorporated)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-12] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 217.12.218.120 8.8.8.8
Tcpip\..\Interfaces\{45819615-9a1d-453f-a7ad-2186f40dfdd7}: [DhcpNameServer] 217.12.218.120 8.8.8.8
Tcpip\..\Interfaces\{a3471dda-0a52-4a18-8e5e-dc0cf2b14bea}: [DhcpNameServer] 40.31.1.55

Internet Explorer:
==================
HKU\S-1-5-21-369262057-2122486650-276410892-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer15.msn.com/?pc=ACTE
HKU\S-1-5-21-369262057-2122486650-276410892-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-369262057-2122486650-276410892-1001 -> DefaultScope {5F838151-5618-4E60-AC7D-FEE545400769} URL =
SearchScopes: HKU\S-1-5-21-369262057-2122486650-276410892-1001 -> {5F838151-5618-4E60-AC7D-FEE545400769} URL =
SearchScopes: HKU\S-1-5-21-369262057-2122486650-276410892-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-12] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-28] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-12] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-28] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2015-12-02] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2015-12-02] (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\PRE-SETUP\AppData\Roaming\Mozilla\Firefox\Profiles\xutp6xd3.default
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-21] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-21] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-28] (Oracle Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-12-22] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Amazon Assistant for Firefox - C:\Users\PRE-SETUP\AppData\Roaming\Mozilla\Firefox\Profiles\xutp6xd3.default\Extensions\abb@amazon.com.xpi [2016-02-11]
FF Extension: English (GB) Language Pack - C:\Users\PRE-SETUP\AppData\Roaming\Mozilla\Firefox\Profiles\xutp6xd3.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2016-02-04]
FF Extension: English (US) Language Pack - C:\Users\PRE-SETUP\AppData\Roaming\Mozilla\Firefox\Profiles\xutp6xd3.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2016-02-04]
FF Extension: British English Dictionary (Forked by Marco Pinto) - C:\Users\PRE-SETUP\AppData\Roaming\Mozilla\Firefox\Profiles\xutp6xd3.default\Extensions\marcoagpinto@mail.telepac.pt [2016-02-28]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-12]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-12]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-25]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Amazon 1Button App Service; c:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [315472 2015-06-28] (Windows ® Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-12] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2016-01-14] (Acer Incorporated)
R2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [75056 2015-06-24] (Dashlane SAS)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573568 2015-05-14] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-12-22] (WildTangent)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [370064 2016-01-30] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [157928 2015-12-02] (McAfee, Inc.)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [398176 2015-07-09] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [450400 2015-07-09] (Acer Incorporated)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [445240 2015-04-30] ()
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [251232 2015-09-14] (acer)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-03-22] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-12] (AVAST Software)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [132360 2015-06-15] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21344 2015-07-09] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [183584 2015-06-12] (Intel Corporation)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-12-02] (McAfee, Inc.)
S3 Qcamain; C:\Windows\System32\drivers\Qcamainx64.sys [2276352 2015-07-10] (Qualcomm Atheros, Inc.)
R3 Qcamain10x64; C:\Windows\system32\DRIVERS\Qcamain10x64.sys [2327344 2015-06-28] (Qualcomm Atheros, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14688 2015-07-09] (Acer Incorporated)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek                                            )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [51368 2015-05-11] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-21 11:57 - 2016-03-21 11:57 - 00022408 _____ C:\Users\PRE-SETUP\Desktop\FRST.txt
2016-03-21 11:57 - 2016-03-21 11:57 - 00000000 ____D C:\FRST
2016-03-21 11:54 - 2016-03-21 11:54 - 02374144 _____ (Farbar) C:\Users\PRE-SETUP\Desktop\FRST64.exe
2016-03-21 11:54 - 2016-03-21 11:54 - 00016148 _____ C:\Windows\system32\LAPTOP-7CF34RBE_PRE-SETUP_HistoryPrediction.bin
2016-03-21 11:43 - 2016-03-21 11:49 - 02374144 _____ (Farbar) C:\Users\PRE-SETUP\Downloads\FRST64.exe
2016-03-21 10:50 - 2016-03-21 10:50 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\PRE-SETUP\Desktop\rkill.exe
2016-03-20 16:19 - 2016-03-20 16:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-03-20 16:16 - 2016-03-20 16:57 - 00000000 ____D C:\Users\PRE-SETUP\Desktop\mbar
2016-03-20 16:13 - 2016-03-20 16:16 - 16563352 _____ (Malwarebytes Corp.) C:\Users\PRE-SETUP\Downloads\mbar-1.09.3.1001.exe
2016-03-20 15:05 - 2016-03-20 15:05 - 00029634 _____ C:\Users\PRE-SETUP\Desktop\MTB.txt
2016-03-20 15:03 - 2016-03-20 15:04 - 00891392 _____ (Farbar) C:\Users\PRE-SETUP\Desktop\MiniToolBox.exe
2016-03-20 14:50 - 2016-03-20 14:50 - 00002794 _____ C:\Users\PRE-SETUP\Desktop\FSS.txt
2016-03-20 14:48 - 2016-03-20 14:49 - 00899584 _____ (Farbar) C:\Users\PRE-SETUP\Desktop\FSS.exe
2016-03-20 14:14 - 2016-03-20 14:17 - 00852798 _____ C:\Users\PRE-SETUP\Desktop\SecurityCheck.exe
2016-03-18 11:06 - 2016-03-18 11:06 - 00003040 _____ C:\Windows\System32\Tasks\avast! Windows 10 Start Menu helper
2016-03-11 19:15 - 2016-02-23 10:48 - 21859840 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-03-11 19:14 - 2016-02-23 14:53 - 01314496 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-03-11 19:14 - 2016-02-23 14:52 - 00858408 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-03-11 19:14 - 2016-02-23 14:51 - 00633184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2016-03-11 19:14 - 2016-02-23 14:51 - 00146784 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2016-03-11 19:14 - 2016-02-23 14:50 - 00630160 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2016-03-11 19:14 - 2016-02-23 14:48 - 08022368 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-11 19:14 - 2016-02-23 14:48 - 01294352 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-03-11 19:14 - 2016-02-23 14:48 - 01123952 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-03-11 19:14 - 2016-02-23 14:41 - 01150816 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-11 19:14 - 2016-02-23 14:41 - 00299600 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL
2016-03-11 19:14 - 2016-02-23 14:41 - 00078040 _____ (Microsoft Corporation) C:\Windows\system32\wkscli.dll
2016-03-11 19:14 - 2016-02-23 14:40 - 00110584 _____ (Microsoft Corporation) C:\Windows\system32\srvcli.dll
2016-03-11 19:14 - 2016-02-23 14:38 - 00272752 _____ (Microsoft Corporation) C:\Windows\system32\sqmapi.dll
2016-03-11 19:14 - 2016-02-23 14:36 - 00080128 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2016-03-11 19:14 - 2016-02-23 14:11 - 00781984 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-11 19:14 - 2016-02-23 14:11 - 00658784 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-03-11 19:14 - 2016-02-23 14:11 - 00103776 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2016-03-11 19:14 - 2016-02-23 14:08 - 03622272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-11 19:14 - 2016-02-23 14:07 - 22322624 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-03-11 19:14 - 2016-02-23 13:39 - 00607416 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-03-11 19:14 - 2016-02-23 13:30 - 01643872 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-03-11 19:14 - 2016-02-23 13:25 - 01085632 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-11 19:14 - 2016-02-23 13:23 - 00952968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-03-11 19:14 - 2016-02-23 13:21 - 00529456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2016-03-11 19:14 - 2016-02-23 13:21 - 00141152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2016-03-11 19:14 - 2016-02-23 13:11 - 00249976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMASF.DLL
2016-03-11 19:14 - 2016-02-23 13:11 - 00073360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srvcli.dll
2016-03-11 19:14 - 2016-02-23 13:11 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wkscli.dll
2016-03-11 19:14 - 2016-02-23 13:09 - 00229352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqmapi.dll
2016-03-11 19:14 - 2016-02-23 13:06 - 00069232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2016-03-11 19:14 - 2016-02-23 12:58 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2016-03-11 19:14 - 2016-02-23 12:50 - 00395264 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2016-03-11 19:14 - 2016-02-23 12:50 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\NetCfgNotifyObjectHost.exe
2016-03-11 19:14 - 2016-02-23 12:42 - 00658536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-11 19:14 - 2016-02-23 12:42 - 00467296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-03-11 19:14 - 2016-02-23 12:42 - 00078176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2016-03-11 19:14 - 2016-02-23 12:39 - 02879024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-11 19:14 - 2016-02-23 12:38 - 20858360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-03-11 19:14 - 2016-02-23 12:35 - 00365568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-11 19:14 - 2016-02-23 12:20 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-03-11 19:14 - 2016-02-23 12:17 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2016-03-11 19:14 - 2016-02-23 12:16 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-11 19:14 - 2016-02-23 12:15 - 00539728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-03-11 19:14 - 2016-02-23 12:15 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-11 19:14 - 2016-02-23 11:59 - 00319488 _____ (Microsoft Corporation) C:\Windows\system32\NetworkBindingEngineMigPlugin.dll
2016-03-11 19:14 - 2016-02-23 11:59 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2016-03-11 19:14 - 2016-02-23 11:57 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-03-11 19:14 - 2016-02-23 11:55 - 24592896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-11 19:14 - 2016-02-23 11:45 - 12504576 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-11 19:14 - 2016-02-23 11:45 - 06788608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-03-11 19:14 - 2016-02-23 11:42 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-03-11 19:14 - 2016-02-23 11:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-11 19:14 - 2016-02-23 11:38 - 02663424 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-03-11 19:14 - 2016-02-23 11:37 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetCfgNotifyObjectHost.exe
2016-03-11 19:14 - 2016-02-23 11:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2016-03-11 19:14 - 2016-02-23 11:25 - 00303104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-11 19:14 - 2016-02-23 11:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-11 19:14 - 2016-02-23 11:17 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2016-03-11 19:14 - 2016-02-23 11:17 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2016-03-11 19:14 - 2016-02-23 11:14 - 00841728 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-03-11 19:14 - 2016-02-23 11:08 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
2016-03-11 19:14 - 2016-02-23 11:04 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2016-03-11 19:14 - 2016-02-23 11:03 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2016-03-11 19:14 - 2016-02-23 11:03 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-11 19:14 - 2016-02-23 11:02 - 03587584 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-03-11 19:14 - 2016-02-23 10:55 - 19326464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-11 19:14 - 2016-02-23 10:55 - 14241792 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-11 19:14 - 2016-02-23 10:51 - 00915456 _____ (Microsoft Corporation) C:\Windows\system32\configurationclient.dll
2016-03-11 19:14 - 2016-02-23 10:51 - 00678912 _____ (Microsoft Corporation) C:\Windows\system32\scapi.dll
2016-03-11 19:14 - 2016-02-23 10:48 - 05157376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-03-11 19:14 - 2016-02-23 10:46 - 00400384 _____ (Microsoft Corporation) C:\Windows\system32\sharemediacpl.dll
2016-03-11 19:14 - 2016-02-23 10:45 - 01844736 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe
2016-03-11 19:14 - 2016-02-23 10:45 - 00574464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2016-03-11 19:14 - 2016-02-23 10:45 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-03-11 19:14 - 2016-02-23 10:45 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-11 19:14 - 2016-02-23 10:44 - 01821696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-03-11 19:14 - 2016-02-23 10:38 - 07524864 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-03-11 19:14 - 2016-02-23 10:29 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2016-03-11 19:14 - 2016-02-23 10:17 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2016-03-11 19:14 - 2016-02-23 10:17 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-11 19:14 - 2016-02-23 10:11 - 12589056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-11 19:14 - 2016-02-23 10:03 - 01495040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPDMC.exe
2016-03-11 19:14 - 2016-02-23 10:00 - 11263488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-11 19:14 - 2016-02-23 10:00 - 05457408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-03-11 19:14 - 2016-02-23 09:58 - 18800640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-03-11 19:14 - 2016-01-31 06:25 - 01951872 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-11 19:14 - 2016-01-31 06:25 - 01248896 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2016-03-11 19:14 - 2016-01-31 06:24 - 01824880 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-11 19:14 - 2016-01-31 06:23 - 02601160 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2016-03-11 19:14 - 2016-01-31 06:23 - 01420392 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-03-11 19:14 - 2016-01-31 06:06 - 01535032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-11 19:14 - 2016-01-31 06:06 - 01531368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-11 19:14 - 2016-01-31 06:06 - 00809336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2016-03-11 19:14 - 2016-01-31 06:04 - 01811360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2016-03-11 19:14 - 2016-01-31 06:04 - 01180696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-03-11 19:14 - 2016-01-31 05:34 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\ngckeyenum.dll
2016-03-11 19:14 - 2016-01-31 05:33 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\IoTAssignedAccessLockFramework.dll
2016-03-11 19:14 - 2016-01-31 05:29 - 11557888 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-03-11 19:14 - 2016-01-31 05:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rasman.dll
2016-03-11 19:14 - 2016-01-31 05:26 - 03793408 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-03-11 19:14 - 2016-01-31 05:25 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2016-03-11 19:14 - 2016-01-31 05:25 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-03-11 19:14 - 2016-01-31 05:24 - 00784384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-11 19:14 - 2016-01-31 05:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-11 19:14 - 2016-01-31 05:23 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-03-11 19:14 - 2016-01-31 05:22 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2016-03-11 19:14 - 2016-01-31 05:20 - 02849792 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-11 19:14 - 2016-01-31 05:19 - 01602560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-11 19:14 - 2016-01-31 05:19 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\NetworkDesktopSettings.dll
2016-03-11 19:14 - 2016-01-31 05:19 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IoTAssignedAccessLockFramework.dll
2016-03-11 19:14 - 2016-01-31 05:18 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-03-11 19:14 - 2016-01-31 05:17 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-03-11 19:14 - 2016-01-31 05:16 - 09889280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-03-11 19:14 - 2016-01-31 05:16 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-11 19:14 - 2016-01-31 05:13 - 04791808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-11 19:14 - 2016-01-31 05:13 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasman.dll
2016-03-11 19:14 - 2016-01-31 05:13 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\ztrace_maps.dll
2016-03-11 19:14 - 2016-01-31 05:11 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-11 19:14 - 2016-01-31 05:11 - 00291840 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-03-11 19:14 - 2016-01-31 05:11 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-03-11 19:14 - 2016-01-31 05:06 - 02316800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-11 19:14 - 2016-01-31 05:05 - 01380864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-11 19:14 - 2016-01-31 05:05 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-03-11 19:14 - 2016-01-31 05:04 - 00100352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-03-11 19:14 - 2016-01-31 05:02 - 03580416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-11 19:14 - 2016-01-31 05:02 - 00768000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-11 19:14 - 2016-01-31 04:58 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ztrace_maps.dll
2016-02-29 18:52 - 2016-02-29 18:52 - 00001917 _____ C:\Malwarebytes scan results 29_02_2016.txt
2016-02-29 18:29 - 2016-02-29 18:29 - 00000027 _____ C:\Users\PRE-SETUP\Desktop\TalkTalk DNS.txt
2016-02-29 18:23 - 2016-03-20 16:19 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-29 18:23 - 2016-03-20 16:16 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-02-29 18:23 - 2016-02-29 18:23 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-29 18:23 - 2016-02-29 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-29 18:23 - 2016-02-29 18:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-29 18:23 - 2016-02-29 18:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-29 18:23 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-02-29 18:23 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-02-29 18:20 - 2016-02-29 18:22 - 22908888 _____ (Malwarebytes ) C:\Users\PRE-SETUP\Downloads\mbam-setup-2.2.0.1024.exe
2016-02-28 22:20 - 2016-02-28 22:20 - 00000000 ____D C:\Users\PRE-SETUP\AppData\Roaming\Sun
2016-02-28 22:20 - 2016-02-28 22:20 - 00000000 ____D C:\Users\PRE-SETUP\AppData\LocalLow\Sun
2016-02-28 22:20 - 2016-02-28 22:20 - 00000000 ____D C:\Users\PRE-SETUP\.oracle_jre_usage
2016-02-28 22:19 - 2016-02-28 22:46 - 00000000 ____D C:\ProgramData\Oracle
2016-02-28 22:19 - 2016-02-28 22:19 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-02-28 22:19 - 2016-02-28 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-28 22:19 - 2016-02-28 22:19 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-28 22:13 - 2016-02-28 22:13 - 00735328 _____ (Oracle Corporation) C:\Users\PRE-SETUP\Downloads\JavaSetup8u73.exe
2016-02-28 22:13 - 2016-02-28 22:13 - 00000000 ____D C:\Users\PRE-SETUP\AppData\LocalLow\Oracle
2016-02-28 18:00 - 2016-02-28 18:01 - 00000000 ____D C:\Users\PRE-SETUP\Desktop\Chinese New Year 2016 Videos
2016-02-23 15:16 - 2016-02-23 15:16 - 00000000 ____D C:\Users\PRE-SETUP\AppData\Roaming\EPSON
2016-02-22 20:23 - 2016-03-21 10:55 - 00000000 ____D C:\Users\PRE-SETUP\AppData\Local\Viber
2016-02-21 21:55 - 2016-02-21 21:58 - 01190608 _____ (Adobe Systems Incorporated) C:\Users\PRE-SETUP\Downloads\flashplayer20_ha_install(1).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-21 11:41 - 2015-12-26 02:03 - 00000000 ____D C:\Users\PRE-SETUP\AppData\Roaming\ViberPC
2016-03-21 11:41 - 2015-12-26 01:44 - 00000000 ____D C:\Users\PRE-SETUP\AppData\Roaming\Skype
2016-03-21 10:50 - 2016-02-04 12:00 - 00004172 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1823A7E3-9291-49F8-A668-23BBDEBD3FF5}
2016-03-21 10:48 - 2015-11-23 23:55 - 00000000 ____D C:\Users\PRE-SETUP\AppData\Local\Host App Service
2016-03-21 10:46 - 2015-11-23 23:55 - 00000000 __SHD C:\Users\PRE-SETUP\IntelGraphicsProfiles
2016-03-21 10:46 - 2015-11-23 23:53 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-03-20 17:19 - 2015-07-10 11:04 - 00000000 ____D C:\Windows\rescache
2016-03-19 13:05 - 2015-07-10 11:04 - 00000000 ____D C:\Windows\AppReadiness
2016-03-19 13:01 - 2015-07-10 12:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-18 21:20 - 2015-11-23 23:55 - 00000000 ____D C:\Users\PRE-SETUP
2016-03-18 21:10 - 2015-07-16 03:28 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-18 21:08 - 2015-07-10 12:20 - 00224256 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-18 21:07 - 2015-07-10 09:05 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-03-18 21:06 - 2015-07-10 13:14 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-18 21:06 - 2015-07-10 11:04 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-18 21:06 - 2015-07-10 11:04 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-18 21:06 - 2015-07-10 11:04 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-18 21:06 - 2015-07-10 11:04 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-18 21:06 - 2015-07-10 11:02 - 00000000 ____D C:\Windows\INF
2016-03-18 11:08 - 2015-07-10 11:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-11 20:29 - 2015-12-26 13:14 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-03-11 20:29 - 2015-12-26 13:14 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-03-11 20:00 - 2015-07-10 10:55 - 00000000 ____D C:\Windows\CbsTemp
2016-03-11 19:54 - 2016-01-30 18:06 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-11 19:54 - 2016-01-30 18:06 - 00000000 ____D C:\Windows\system32\MRT
2016-03-11 19:17 - 2015-07-16 04:18 - 00000000 ____D C:\Windows\Panther
2016-03-11 18:42 - 2015-11-23 23:58 - 00002379 _____ C:\Users\PRE-SETUP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-11 18:42 - 2015-11-23 23:58 - 00000000 ___RD C:\Users\PRE-SETUP\OneDrive
2016-03-09 15:40 - 2016-01-02 15:38 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-08 07:10 - 2015-07-10 11:06 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-08 07:10 - 2015-07-10 11:06 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-07 13:41 - 2015-12-26 13:14 - 00004280 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-03-07 13:35 - 2015-07-10 11:04 - 00000000 ____D C:\Windows\LiveKernelReports
2016-03-05 10:40 - 2016-01-02 15:49 - 00000000 ____D C:\Users\PRE-SETUP\Desktop\HC-One Touchstone Documents
2016-02-29 18:36 - 2015-12-26 01:43 - 00000000 ____D C:\ProgramData\Skype
2016-02-25 22:27 - 2015-12-26 13:14 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-02-23 15:32 - 2015-07-16 03:31 - 00875126 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-21 21:59 - 2016-01-02 13:53 - 00000000 ____D C:\Users\PRE-SETUP\AppData\Local\Adobe

==================== Files in the root of some directories =======

2015-09-16 21:28 - 2015-09-16 21:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\PRE-SETUP\AppData\Local\Temp\McCSPInstall.dll
C:\Users\PRE-SETUP\AppData\Local\Temp\mccspuninstall.exe
C:\Users\PRE-SETUP\AppData\Local\Temp\oct159B.tmp.exe
C:\Users\PRE-SETUP\AppData\Local\Temp\oct1CB8.tmp.exe
C:\Users\PRE-SETUP\AppData\Local\Temp\octE4A.tmp.exe
C:\Users\PRE-SETUP\AppData\Local\Temp\octEEB2.tmp.exe
C:\Users\PRE-SETUP\AppData\Local\Temp\octEF14.tmp.exe
C:\Users\PRE-SETUP\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-18 11:25

==================== End of FRST.txt ============================



#3 satchfan

satchfan

  • Malware Response Team
  • 2,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:23 AM

Posted 21 March 2016 - 11:34 AM

Hello myRiad_spartans and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

 

Let's deal with one thing at a time.

 

We'll concentrate on the Windows 7 PC first.

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please run FRST again and make sure there is a checkmark next to "Addition.txt" before you hit “Scan”.

Logs to include with next post:

AdwCleaner log
JRT.txt
Frst.txt
Addition.txt


Thanks

Satchfan


Edited by satchfan, 21 March 2016 - 11:38 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#4 myRiad_spartans

myRiad_spartans
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Midlands, United Kingdom
  • Local time:10:23 AM

Posted 22 March 2016 - 11:00 AM

I will follow the instructions on the Windows 7 machine. While you wait for me to post all of the logs I need to point out the possibility that the router could be infected. Someone has mentioned this to TalkTalk (my ISP) but have not given a detailed explanation on how the issue was resolved. You can read about it here: http://community.talktalk.co.uk/t5/Unlimited-Broadband/router-infected/m-p/1740535#M603108



#5 myRiad_spartans

myRiad_spartans
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Midlands, United Kingdom
  • Local time:10:23 AM

Posted 22 March 2016 - 11:04 AM

Windows 7

 

AdwCleaner[S1].txt

 

# AdwCleaner v5.105 - Logfile created 22/03/2016 at 15:03:53
# Updated 21/03/2016 by Xplode
# Database : 2016-03-21.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Marlene - MARLENE-PC
# Running from : C:\Users\Marlene\Desktop\adwcleaner_5.105.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\DAP
Folder Found : C:\Program Files (x86)\myfree codec
Folder Found : C:\Program Files (x86)\CieoNetUtilities_0e
Folder Found : C:\Program Files (x86)\CieoNetUtilities_0eEI
Folder Found : C:\Program Files (x86)\Common Files\Speedbit
Folder Found : C:\Program Files\Common Files\Speedbit
Folder Found : C:\ProgramData\Speedbit
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Found : C:\Users\Kevin\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Kevin\AppData\LocalLow\CieoNetUtilities_0e
Folder Found : C:\Users\Kevin\AppData\Roaming\Coupons
Folder Found : C:\Users\Marlene\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Marlene\AppData\LocalLow\CieoNetUtilities_0e
Folder Found : C:\Users\Marlene\AppData\LocalLow\CieoNetUtilities_0eEI
Folder Found : C:\Users\Marlene\AppData\Roaming\One System Care
Folder Found : C:\Users\Marlene\AppData\Roaming\Speedbit
Folder Found : C:\Users\Xbox Live Player\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Xbox Live Player\AppData\LocalLow\CieoNetUtilities_0e
Folder Found : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

***** [ Files ] *****

File Found : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_safesearch.raaz.io_0.localstorage
File Found : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_safesearch.raaz.io_0.localstorage-journal
File Found : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cdn.turn.com_0.localstorage
File Found : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cdn.turn.com_0.localstorage-journal
File Found : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cdncache-a.akamaihd.net_0.localstorage
File Found : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cdncache-a.akamaihd.net_0.localstorage-journal
File Found : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_driverupdate.net_0.localstorage
File Found : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_driverupdate.net_0.localstorage-journal
File Found : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_hdvshare.com_0.localstorage
File Found : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_hdvshare.com_0.localstorage-journal
File Found : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_primeshare.tv_0.localstorage
File Found : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_primeshare.tv_0.localstorage-journal
File Found : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_servedse.dealply.com_0.localstorage
File Found : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_servedse.dealply.com_0.localstorage-journal
File Found : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Found : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.bleepcrawler.com_0.localstorage
File Found : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.bleepcrawler.com_0.localstorage-journal
File Found : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.movshare.sx_0.localstorage
File Found : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.movshare.sx_0.localstorage-journal
File Found : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage
File Found : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage-journal

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

Task Found : Scheduled Update for Ask Toolbar
Task Found : OptimizerPro1UpdaterTask{0DE6A2E9-6F2D-4ED8-8341-4740F25B9981}
Task Found : OptimizerPro1UpdaterTask{0DE6A2E9-6F2D-4ED8-8341-4740F25B9981}

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CieoNetUtilities_0ebar Uninstall
Key Found : HKLM\SOFTWARE\Classes\Applications\iLividSetup.exe
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.DynamicBarButton
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.DynamicBarButton.1
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.FeedManager
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.FeedManager.1
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.HTMLMenu
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.HTMLMenu.1
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.HTMLPanel
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.HTMLPanel.1
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.MultipleButton
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.MultipleButton.1
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.PseudoTransparentPlugin
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.PseudoTransparentPlugin.1
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.Radio
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.Radio.1
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.RadioSettings
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.RadioSettings.1
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.ScriptButton
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.ScriptButton.1
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.SettingsPlugin
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.SettingsPlugin.1
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.ThirdPartyInstaller
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.ThirdPartyInstaller.1
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.ToolbarPlugin
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.ToolbarPlugin.1
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.UrlAlertButton
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.UrlAlertButton.1
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.XMLSessionPlugin
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.XMLSessionPlugin.1
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0eInstaller.Start
Key Found : HKLM\SOFTWARE\Classes\CieoNetUtilities_0eInstaller.Start.1
Key Found : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKCU\Software\Classes\CLSID\{f864ba3f-9878-458a-ba2b-dad32bcbc472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{98EE749F-A86F-4C48-8007-4B47F5657936}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{07e92310-4028-4869-abe8-3b94fd5e317f}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0b08513a-0187-4746-93dc-dedae21b8ab2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10ca037d-2e29-436b-a2c3-538c81d74aa7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1b3cf572-0d15-4e95-bd03-c59a653b30cd}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{227c2234-107f-41d3-8be5-7f9180e7dd6c}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{23bcc7f2-0782-4d1f-af18-75dc5e7ea3f1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4d9e6a3f-f05d-4f96-a826-87c38aec5599}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EC936E8-224E-41AB-8A5D-E5D62EB3B6F3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{719a0e21-6b15-468e-b4d8-d453c3ee5aab}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{98ee749f-a86f-4c48-8007-4b47f5657936}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9be25e48-df8d-475a-9939-a6716ee36d79}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{a5796feb-f4ab-43d2-8143-5dcff93dc172}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{b44f5f55-d0df-4722-be85-08d5d9539a8d}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{b685a84a-acbe-43b0-b4bc-464068ffd11a}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{c0ccafac-ea0a-4e33-8a94-51a25453a40e}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{c5818d18-4d28-4e42-bde6-1460f5d29628}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{d0aceac7-b205-4a51-804b-53ba679ab30b}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{d373ce79-0fa5-493c-808b-176fa5eef7c8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{dbb281f1-59b4-44de-91c4-00286c52b9ab}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{e2d12817-fbc7-41ee-8835-20e4de3ca5d9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{f51c5954-93cc-468c-bf62-d7ad2df5e6f9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0E6A5ADB-B294-4B4F-81D3-3F7DF3FA7A2E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1C4CB152-4A39-454E-8355-DA786E41FED3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1E037492-2389-47CB-9E6B-E09AE6A67682}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1FF07ED0-5C5F-4361-8156-AFF9FCAEABC9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3628CFBA-DCF1-41FF-A01D-C0CBEEA56107}
Key Found : HKLM\SOFTWARE\Classes\Interface\{377E99BA-EB87-43A7-A029-AA36C6125901}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E702BE4-8341-402A-AEE0-01093136E7AE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F149704-B93D-4E37-842F-AD2713A663A0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45B85E52-997A-44E4-BCA5-14F26C18DC5B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{49E71C23-2E90-435D-B5EB-9ED6362CB627}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C157D89-1118-44D3-86AB-B18F57EFAF18}
Key Found : HKLM\SOFTWARE\Classes\Interface\{56148E1C-FA55-42FA-B6CA-3B993127400E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DF6F099-2091-497C-89F4-1571C041F608}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5EB589AD-AA1F-4B04-B5F0-04B83C83061E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6472B271-E22C-463D-B192-1AA246535861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6FC7DE58-73EF-4266-8EBF-4A883659C17C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6FFEDE56-5089-44A8-9BEE-2392B48A7650}
Key Found : HKLM\SOFTWARE\Classes\Interface\{83028E9D-5430-4FEB-B71B-D99A5B081B88}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FBD3AA1-A74B-4770-B87E-8345F9BF8F56}
Key Found : HKLM\SOFTWARE\Classes\Interface\{99E94398-B92D-4577-B0B7-D5EF099A7645}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9340D95-3104-4EF5-AFE0-154420542902}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A965300C-355C-46F7-AF69-C5A526B8AC9E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B3D30D2D-7200-4D59-8562-8124C640620B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BAB25028-8543-43D3-A256-3DDFC6B68926}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C267B372-FADF-4F63-8634-4D29D9E533CF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DD73117B-8024-4D9E-BA3A-8AC8B151D607}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DF3A1434-9497-4938-8EED-C77C5493097B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EC209286-E14D-407D-977E-3C7F7D5A0153}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8E80CE33-CD54-421C-9DE4-BC946780AB98}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0894C686-3D9F-470F-A808-28DDB348D559}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2A7E74C8-7CC3-4656-903B-C16B5419E393}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{309AA8F1-BEC1-46F2-97DF-8CE481248910}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{319C598D-FEBE-437E-9823-173B89169E63}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8E80CE33-CD54-421C-9DE4-BC946780AB98}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A05732E8-9B6A-4D61-956D-707AD06779CA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A48591FF-203F-4844-B6C7-4CD8B715A16B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B4F710E6-E773-481B-BB85-3540A21DB4D5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B4FC519F-3F98-450D-8A16-CC92916420F4}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B65D3FEC-897D-4CC2-8214-9E867D6623F8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F51E097C-E6B7-4321-81D4-0988CB531186}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FC2AE03D-EFEF-467D-9809-EEA341538C0B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1b3cf572-0d15-4e95-bd03-c59a653b30cd}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{f864ba3f-9878-458a-ba2b-dad32bcbc472}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98EE749F-A86F-4C48-8007-4B47F5657936}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07e92310-4028-4869-abe8-3b94fd5e317f}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0b08513a-0187-4746-93dc-dedae21b8ab2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1b3cf572-0d15-4e95-bd03-c59a653b30cd}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23bcc7f2-0782-4d1f-af18-75dc5e7ea3f1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6EC936E8-224E-41AB-8A5D-E5D62EB3B6F3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98ee749f-a86f-4c48-8007-4b47f5657936}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9be25e48-df8d-475a-9939-a6716ee36d79}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0E6A5ADB-B294-4B4F-81D3-3F7DF3FA7A2E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1C4CB152-4A39-454E-8355-DA786E41FED3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1E037492-2389-47CB-9E6B-E09AE6A67682}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1FF07ED0-5C5F-4361-8156-AFF9FCAEABC9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3628CFBA-DCF1-41FF-A01D-C0CBEEA56107}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{377E99BA-EB87-43A7-A029-AA36C6125901}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3E702BE4-8341-402A-AEE0-01093136E7AE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F149704-B93D-4E37-842F-AD2713A663A0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{45B85E52-997A-44E4-BCA5-14F26C18DC5B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{49E71C23-2E90-435D-B5EB-9ED6362CB627}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4C157D89-1118-44D3-86AB-B18F57EFAF18}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{56148E1C-FA55-42FA-B6CA-3B993127400E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5DF6F099-2091-497C-89F4-1571C041F608}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5EB589AD-AA1F-4B04-B5F0-04B83C83061E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6472B271-E22C-463D-B192-1AA246535861}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6FC7DE58-73EF-4266-8EBF-4A883659C17C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6FFEDE56-5089-44A8-9BEE-2392B48A7650}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{83028E9D-5430-4FEB-B71B-D99A5B081B88}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8FBD3AA1-A74B-4770-B87E-8345F9BF8F56}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{99E94398-B92D-4577-B0B7-D5EF099A7645}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A9340D95-3104-4EF5-AFE0-154420542902}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A965300C-355C-46F7-AF69-C5A526B8AC9E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B3D30D2D-7200-4D59-8562-8124C640620B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BAB25028-8543-43D3-A256-3DDFC6B68926}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C267B372-FADF-4F63-8634-4D29D9E533CF}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DD73117B-8024-4D9E-BA3A-8AC8B151D607}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DF3A1434-9497-4938-8EED-C77C5493097B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EC209286-E14D-407D-977E-3C7F7D5A0153}
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Myfree Codec
Key Found : HKCU\Software\SpeedBit
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\CieoNetUtilities_0e
Key Found : HKCU\Software\AppDataLow\Software\CieoNetUtilities_0eEI
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Myfree Codec
Key Found : HKLM\SOFTWARE\SpeedBit
Key Found : HKLM\SOFTWARE\CieoNetUtilities_0e
Key Found : HKLM\SOFTWARE\CieoNetUtilities_0eEI
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : [x64] HKLM\SOFTWARE\SpeedBit
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Found : HKU\.DEFAULT\Software\AskToolbar
Key Found : HKU\S-1-5-21-3688857076-792490274-234704465-1001\Software\Ask.com
Key Found : HKU\S-1-5-21-3688857076-792490274-234704465-1001\Software\ilivid
Key Found : HKU\S-1-5-21-3688857076-792490274-234704465-1001\Software\Myfree Codec
Key Found : HKU\S-1-5-21-3688857076-792490274-234704465-1001\Software\SpeedBit
Key Found : HKU\S-1-5-21-3688857076-792490274-234704465-1001\Software\YahooPartnerToolbar
Key Found : HKU\S-1-5-21-3688857076-792490274-234704465-1001\Software\AppDataLow\Software\AskToolbar
Key Found : HKU\S-1-5-21-3688857076-792490274-234704465-1001\Software\AppDataLow\Software\CieoNetUtilities_0e
Key Found : HKU\S-1-5-21-3688857076-792490274-234704465-1001\Software\AppDataLow\Software\CieoNetUtilities_0eEI
Key Found : HKU\S-1-5-21-3688857076-792490274-234704465-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Found : HKU\S-1-5-18\Software\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found : [x64] HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3ED778CD-1535-4C54-9057-08339B99E0D7}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C1D5EC18-B665-4AA3-ADFD-9E466629E6D1}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ffab9ec5-7889-45c9-b6fa-5d19ccfea2d2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C1D5EC18-B665-4AA3-ADFD-9E466629E6D1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ffab9ec5-7889-45c9-b6fa-5d19ccfea2d2}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C1D5EC18-B665-4AA3-ADFD-9E466629E6D1}
Key Found : HKU\S-1-5-21-3688857076-792490274-234704465-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3ED778CD-1535-4C54-9057-08339B99E0D7}
Key Found : HKU\S-1-5-21-3688857076-792490274-234704465-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C1D5EC18-B665-4AA3-ADFD-9E466629E6D1}
Key Found : HKU\S-1-5-21-3688857076-792490274-234704465-1001\Software\Microsoft\Internet Explorer\SearchScopes\{ffab9ec5-7889-45c9-b6fa-5d19ccfea2d2}

***** [ Web browsers ] *****

[C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com
[C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : search.mywebsearch.com
[C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : slirsredirect.search.aol.com
[C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : websearch.ask.com
[C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ixquick.com
[C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : gaiilaahiahdejapggenmdmafpmbipje
[C:\Users\Xbox Live Player\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com
[C:\Users\Xbox Live Player\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : search.mywebsearch.com
[C:\Users\Xbox Live Player\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : slirsredirect.search.aol.com
[C:\Users\Xbox Live Player\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : websearch.ask.com
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : search.mywebsearch.com
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : slirsredirect.search.aol.com
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : websearch.ask.com

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [25719 bytes] - [22/03/2016 15:03:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [25793 bytes] ##########

 

AdwCleaner[C1].txt

 

# AdwCleaner v5.105 - Logfile created 22/03/2016 at 15:34:43
# Updated 21/03/2016 by Xplode
# Database : 2016-03-21.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Marlene - MARLENE-PC
# Running from : C:\Users\Marlene\Desktop\adwcleaner_5.105.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Ask.com
[-] Folder Deleted : C:\Program Files (x86)\DAP
[-] Folder Deleted : C:\Program Files (x86)\myfree codec
[-] Folder Deleted : C:\Program Files (x86)\CieoNetUtilities_0e
[-] Folder Deleted : C:\Program Files (x86)\CieoNetUtilities_0eEI
[-] Folder Deleted : C:\Program Files (x86)\Common Files\Speedbit
[-] Folder Deleted : C:\Program Files\Common Files\Speedbit
[-] Folder Deleted : C:\ProgramData\Speedbit
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[-] Folder Deleted : C:\Users\Kevin\AppData\LocalLow\AskToolbar
[-] Folder Deleted : C:\Users\Kevin\AppData\LocalLow\CieoNetUtilities_0e
[-] Folder Deleted : C:\Users\Kevin\AppData\Roaming\Coupons
[-] Folder Deleted : C:\Users\Marlene\AppData\LocalLow\AskToolbar
[-] Folder Deleted : C:\Users\Marlene\AppData\LocalLow\CieoNetUtilities_0e
[-] Folder Deleted : C:\Users\Marlene\AppData\LocalLow\CieoNetUtilities_0eEI
[-] Folder Deleted : C:\Users\Marlene\AppData\Roaming\One System Care
[-] Folder Deleted : C:\Users\Marlene\AppData\Roaming\Speedbit
[-] Folder Deleted : C:\Users\Xbox Live Player\AppData\LocalLow\AskToolbar
[-] Folder Deleted : C:\Users\Xbox Live Player\AppData\LocalLow\CieoNetUtilities_0e
[-] Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

***** [ Files ] *****

[-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_safesearch.raaz.io_0.localstorage
[-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_safesearch.raaz.io_0.localstorage-journal
[-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cdn.turn.com_0.localstorage
[-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cdn.turn.com_0.localstorage-journal
[-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cdncache-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_driverupdate.net_0.localstorage
[-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_driverupdate.net_0.localstorage-journal
[-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_hdvshare.com_0.localstorage
[-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_hdvshare.com_0.localstorage-journal
[-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_primeshare.tv_0.localstorage
[-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_primeshare.tv_0.localstorage-journal
[-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_servedse.dealply.com_0.localstorage
[-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_servedse.dealply.com_0.localstorage-journal
[-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.bleepcrawler.com_0.localstorage
[-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.bleepcrawler.com_0.localstorage-journal
[-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.movshare.sx_0.localstorage
[-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.movshare.sx_0.localstorage-journal
[-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage
[-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage-journal

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : Scheduled Update for Ask Toolbar
[-] Task Deleted : OptimizerPro1UpdaterTask{0DE6A2E9-6F2D-4ED8-8341-4740F25B9981}
[-] Task Deleted : OptimizerPro1UpdaterTask{0DE6A2E9-6F2D-4ED8-8341-4740F25B9981}

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CieoNetUtilities_0ebar Uninstall
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.DynamicBarButton
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.DynamicBarButton.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.FeedManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.FeedManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.HTMLMenu
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.HTMLMenu.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.HTMLPanel
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.HTMLPanel.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.MultipleButton
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.MultipleButton.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.PseudoTransparentPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.PseudoTransparentPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.Radio
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.Radio.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.RadioSettings
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.RadioSettings.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.ScriptButton
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.ScriptButton.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.SettingsPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.SettingsPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.ThirdPartyInstaller
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.ThirdPartyInstaller.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.ToolbarPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.ToolbarPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.UrlAlertButton
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.UrlAlertButton.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.XMLSessionPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0e.XMLSessionPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0eInstaller.Start
[-] Key Deleted : HKLM\SOFTWARE\Classes\CieoNetUtilities_0eInstaller.Start.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{f864ba3f-9878-458a-ba2b-dad32bcbc472}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98EE749F-A86F-4C48-8007-4B47F5657936}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07e92310-4028-4869-abe8-3b94fd5e317f}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0b08513a-0187-4746-93dc-dedae21b8ab2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10ca037d-2e29-436b-a2c3-538c81d74aa7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1b3cf572-0d15-4e95-bd03-c59a653b30cd}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{227c2234-107f-41d3-8be5-7f9180e7dd6c}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{23bcc7f2-0782-4d1f-af18-75dc5e7ea3f1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4d9e6a3f-f05d-4f96-a826-87c38aec5599}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EC936E8-224E-41AB-8A5D-E5D62EB3B6F3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{719a0e21-6b15-468e-b4d8-d453c3ee5aab}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9be25e48-df8d-475a-9939-a6716ee36d79}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{a5796feb-f4ab-43d2-8143-5dcff93dc172}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{b44f5f55-d0df-4722-be85-08d5d9539a8d}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{b685a84a-acbe-43b0-b4bc-464068ffd11a}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{c0ccafac-ea0a-4e33-8a94-51a25453a40e}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{c5818d18-4d28-4e42-bde6-1460f5d29628}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{d0aceac7-b205-4a51-804b-53ba679ab30b}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{d373ce79-0fa5-493c-808b-176fa5eef7c8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{dbb281f1-59b4-44de-91c4-00286c52b9ab}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{e2d12817-fbc7-41ee-8835-20e4de3ca5d9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{f51c5954-93cc-468c-bf62-d7ad2df5e6f9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0E6A5ADB-B294-4B4F-81D3-3F7DF3FA7A2E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C4CB152-4A39-454E-8355-DA786E41FED3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1E037492-2389-47CB-9E6B-E09AE6A67682}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1FF07ED0-5C5F-4361-8156-AFF9FCAEABC9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3628CFBA-DCF1-41FF-A01D-C0CBEEA56107}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{377E99BA-EB87-43A7-A029-AA36C6125901}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E702BE4-8341-402A-AEE0-01093136E7AE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F149704-B93D-4E37-842F-AD2713A663A0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45B85E52-997A-44E4-BCA5-14F26C18DC5B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49E71C23-2E90-435D-B5EB-9ED6362CB627}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C157D89-1118-44D3-86AB-B18F57EFAF18}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56148E1C-FA55-42FA-B6CA-3B993127400E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DF6F099-2091-497C-89F4-1571C041F608}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5EB589AD-AA1F-4B04-B5F0-04B83C83061E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6472B271-E22C-463D-B192-1AA246535861}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6FC7DE58-73EF-4266-8EBF-4A883659C17C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6FFEDE56-5089-44A8-9BEE-2392B48A7650}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{83028E9D-5430-4FEB-B71B-D99A5B081B88}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FBD3AA1-A74B-4770-B87E-8345F9BF8F56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99E94398-B92D-4577-B0B7-D5EF099A7645}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9340D95-3104-4EF5-AFE0-154420542902}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A965300C-355C-46F7-AF69-C5A526B8AC9E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3D30D2D-7200-4D59-8562-8124C640620B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BAB25028-8543-43D3-A256-3DDFC6B68926}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C267B372-FADF-4F63-8634-4D29D9E533CF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD73117B-8024-4D9E-BA3A-8AC8B151D607}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF3A1434-9497-4938-8EED-C77C5493097B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EC209286-E14D-407D-977E-3C7F7D5A0153}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8E80CE33-CD54-421C-9DE4-BC946780AB98}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0894C686-3D9F-470F-A808-28DDB348D559}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2A7E74C8-7CC3-4656-903B-C16B5419E393}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{309AA8F1-BEC1-46F2-97DF-8CE481248910}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{319C598D-FEBE-437E-9823-173B89169E63}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A05732E8-9B6A-4D61-956D-707AD06779CA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A48591FF-203F-4844-B6C7-4CD8B715A16B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B4F710E6-E773-481B-BB85-3540A21DB4D5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B4FC519F-3F98-450D-8A16-CC92916420F4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B65D3FEC-897D-4CC2-8214-9E867D6623F8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F51E097C-E6B7-4321-81D4-0988CB531186}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FC2AE03D-EFEF-467D-9809-EEA341538C0B}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1b3cf572-0d15-4e95-bd03-c59a653b30cd}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{f864ba3f-9878-458a-ba2b-dad32bcbc472}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98EE749F-A86F-4C48-8007-4B47F5657936}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07e92310-4028-4869-abe8-3b94fd5e317f}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0b08513a-0187-4746-93dc-dedae21b8ab2}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1b3cf572-0d15-4e95-bd03-c59a653b30cd}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23bcc7f2-0782-4d1f-af18-75dc5e7ea3f1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6EC936E8-224E-41AB-8A5D-E5D62EB3B6F3}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9be25e48-df8d-475a-9939-a6716ee36d79}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0E6A5ADB-B294-4B4F-81D3-3F7DF3FA7A2E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1C4CB152-4A39-454E-8355-DA786E41FED3}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1E037492-2389-47CB-9E6B-E09AE6A67682}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1FF07ED0-5C5F-4361-8156-AFF9FCAEABC9}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3628CFBA-DCF1-41FF-A01D-C0CBEEA56107}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{377E99BA-EB87-43A7-A029-AA36C6125901}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E702BE4-8341-402A-AEE0-01093136E7AE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F149704-B93D-4E37-842F-AD2713A663A0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45B85E52-997A-44E4-BCA5-14F26C18DC5B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{49E71C23-2E90-435D-B5EB-9ED6362CB627}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C157D89-1118-44D3-86AB-B18F57EFAF18}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{56148E1C-FA55-42FA-B6CA-3B993127400E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5DF6F099-2091-497C-89F4-1571C041F608}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5EB589AD-AA1F-4B04-B5F0-04B83C83061E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6472B271-E22C-463D-B192-1AA246535861}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6FC7DE58-73EF-4266-8EBF-4A883659C17C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6FFEDE56-5089-44A8-9BEE-2392B48A7650}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{83028E9D-5430-4FEB-B71B-D99A5B081B88}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FBD3AA1-A74B-4770-B87E-8345F9BF8F56}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{99E94398-B92D-4577-B0B7-D5EF099A7645}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9340D95-3104-4EF5-AFE0-154420542902}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A965300C-355C-46F7-AF69-C5A526B8AC9E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3D30D2D-7200-4D59-8562-8124C640620B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BAB25028-8543-43D3-A256-3DDFC6B68926}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C267B372-FADF-4F63-8634-4D29D9E533CF}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD73117B-8024-4D9E-BA3A-8AC8B151D607}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DF3A1434-9497-4938-8EED-C77C5493097B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EC209286-E14D-407D-977E-3C7F7D5A0153}
[-] Key Deleted : HKCU\Software\Ask.com
[-] Key Deleted : HKCU\Software\ilivid
[-] Key Deleted : HKCU\Software\Myfree Codec
[-] Key Deleted : HKCU\Software\SpeedBit
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\CieoNetUtilities_0e
[-] Key Deleted : HKCU\Software\AppDataLow\Software\CieoNetUtilities_0eEI
[-] Key Deleted : HKLM\SOFTWARE\AskToolbar
[-] Key Deleted : HKLM\SOFTWARE\Myfree Codec
[-] Key Deleted : HKLM\SOFTWARE\SpeedBit
[-] Key Deleted : HKLM\SOFTWARE\CieoNetUtilities_0e
[-] Key Deleted : HKLM\SOFTWARE\CieoNetUtilities_0eEI
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\SpeedBit
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
[-] Key Deleted : HKU\.DEFAULT\Software\AskToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3ED778CD-1535-4C54-9057-08339B99E0D7}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C1D5EC18-B665-4AA3-ADFD-9E466629E6D1}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ffab9ec5-7889-45c9-b6fa-5d19ccfea2d2}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C1D5EC18-B665-4AA3-ADFD-9E466629E6D1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ffab9ec5-7889-45c9-b6fa-5d19ccfea2d2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C1D5EC18-B665-4AA3-ADFD-9E466629E6D1}

***** [ Web browsers ] *****

[-] [C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
[-] [C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.mywebsearch.com
[-] [C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : slirsredirect.search.aol.com
[-] [C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch.ask.com
[-] [C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ixquick.com
[-] [C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : gaiilaahiahdejapggenmdmafpmbipje
[-] [C:\Users\Xbox Live Player\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
[-] [C:\Users\Xbox Live Player\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.mywebsearch.com
[-] [C:\Users\Xbox Live Player\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : slirsredirect.search.aol.com
[-] [C:\Users\Xbox Live Player\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch.ask.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.mywebsearch.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : slirsredirect.search.aol.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch.ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [25575 bytes] - [22/03/2016 15:34:43]
C:\AdwCleaner\AdwCleaner[S1].txt - [26093 bytes] - [22/03/2016 15:03:53]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [25723 bytes] ##########



#6 satchfan

satchfan

  • Malware Response Team
  • 2,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:23 AM

Posted 22 March 2016 - 11:12 AM

I realise that regarding the router which is probably why both PCs have the same symptoms.

 

We'll rest the router and flush the DNS when I send further instructions.

 

Meanwhile, the first tool has done a good job.

 

Now for the other logs?


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 myRiad_spartans

myRiad_spartans
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Midlands, United Kingdom
  • Local time:10:23 AM

Posted 23 March 2016 - 09:14 AM

Windows 7 Junkware Removal Tool

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 7 Home Premium x64
Ran by Marlene (Administrator) on 23/03/2016 at 13:52:26.42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 687

Successfully deleted: C:\Users\Marlene\AppData\Local\{00106DB1-B47D-4B48-9925-0BD00CEA6F8F} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{00347F3E-8392-4B98-9CC0-D0BD9FD62306} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{00EDA4E0-63B7-4CF2-A94B-604B216FBECB} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{0112CC04-0F14-49B9-AF01-86E984236EDB} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{012425AD-4E65-47A2-AD84-8AEE39EE7810} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{01CA4FF6-FDE2-4B8E-BAD6-F1437748A0ED} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{021EB55E-8253-4FEC-A011-5766A7764737} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{028BAEEC-D685-4871-8970-18EB7B06CF61} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{02A265AC-7907-4D69-98CE-8580FE87065A} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{02D76E1C-14E5-450C-807B-28D2B94B508F} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{03E4A593-D583-4A17-87C2-A62709FCEC52} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{03F51BAA-DBFB-449F-B034-D442E0935D95} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{040435C0-2607-493A-A327-943940695CF9} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{04470F05-F5F4-4CA8-B685-4DE35864A80A} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{047B3224-6FD7-4DA1-A6B1-EB82A847A8BA} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{04B9F76C-E0D4-41EB-BB89-5D2E7140D9EE} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{04C05DD0-1DAD-4E91-92A3-669BF20714A8} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{050650F2-F97D-4DBE-BE7B-C268D3DBFFBB} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{05A4E6AE-8F96-4F7E-9D4C-BF101AD6883B} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{06AAD8B2-B6C4-439A-A8DE-BB9EB2CF77D5} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{06CAB20B-1DC4-4F68-A7CB-1053BF0165C3} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{070F3C4F-6A2E-4484-B6E7-E286BC21D252} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{07100E57-6601-4D8E-8813-FBEC2C9949BF} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{071D3F85-F3F4-466D-AA68-4D49796E9ACB} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{079E463D-8547-4E8A-937F-69C8B62A9246} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{07BD57B7-5FBA-4C8B-BCB6-548C8E0DCD37} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{07FF1000-1E32-49E9-88FF-9263629E2D97} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{0808AC4C-034E-418F-9613-B87458D34EE7} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{08D04443-BFA2-4524-B908-7374CF2935D7} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{08DED99A-3F13-414E-AF27-2E5EC146A936} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{095EDE51-C529-4C53-840A-BA45DE9B4145} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{0982B379-5E80-44BD-AF28-B69A899E66E7} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{09E961D6-EBA5-47B3-9A72-E941395F52C0} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{0A4D3DC3-7062-4564-B0AA-10C2CE1BDE56} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{0B3B222A-B640-48C7-8684-A3CE99A9B99D} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{0B41AEB9-1A4E-43E9-8754-DAE1C7D37694} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{0B817DCB-F6B2-43B0-B304-471FC42803DC} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{0BC14FB1-75C4-400B-9809-C38F7D674CCC} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{0C4FA4A8-14E3-4BA5-89A4-E53F92D99B8D} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{0C56E56C-2EBA-4965-9F80-8FB431615CD7} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{0DA89FD2-546F-47AF-81DB-E83A131E867A} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{0E5596B2-8049-464C-90F6-D164B20EB108} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{0E5D1740-8786-4AE9-AEAD-C5B43F1654F0} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{0E809533-D9C6-46E8-8585-6152FEBB79E6} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{0F000CC1-97CA-4BB7-A96F-E35EED92A542} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{0F3CC868-AC1C-4FA0-89A7-1DFBDD475B83} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{0FAEAFAF-338F-43E2-B715-3924A52F1AFD} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{0FEABF81-E64C-407A-80F5-1E53E8D862F1} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{1017F3DB-194C-4029-A49D-DBFA012D7982} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{103EAF83-571E-4E02-9EF3-5227358A5D04} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{10BD5DF7-AE32-4550-B1FE-4DD3137B07FD} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{10E7BD1A-E8D9-4671-A386-A3677837BCA8} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{1222A7E2-38FC-49F8-95AF-9D08F9DFAB5A} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{12AD8AF1-AF1D-471A-82DA-65E4FCA21289} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{12B09877-58F0-4CB8-9570-E6640B7C5A62} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{12C106C7-B6CA-4FE7-8FC6-82286A5D6574} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{12D26B31-11CE-43C4-8411-EB02156BFAFF} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{12F81E1B-13D2-4A7B-9082-7FF9FF68967E} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{131774AE-D18F-401A-BB68-4E9FE5D50926} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{13399227-09D8-4161-AB30-F71E56E2563D} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{13E3FCD7-647F-4011-BCA6-FE1B85BC25A5} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{14A0A9FE-2283-4631-BF9E-28EF0C310FA1} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{14BFAE9C-0C06-40FC-8049-89992E79381F} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{152561ED-D817-48D7-B619-8372D040C1EB} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{15310799-DED4-4472-AEDD-E802B50651DA} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{153D7DCF-E948-4084-A29A-31D5707E9ABD} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{16756CAC-7E06-429F-82EB-27040CBF6B4E} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{16CA5D78-7576-4EBD-B1B6-DACE01902878} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{173A1937-0F35-4B2D-B001-3F1CA12C86C0} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{175093AF-7A94-424C-AEB5-8B507BEBB552} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{1835FB8A-7192-4062-A83A-6F502C868A00} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{1894E6D7-9F6A-4ED3-B3DD-E5BC9C484326} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{18A7631D-230F-4CC3-AA12-626413E3A199} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{1900CD0B-D0A1-4922-AE24-D1461A4324DE} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{195D070D-D8EC-4643-899E-CFFC060C095F} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{19D83A84-8617-4425-9C29-926EBFEF6E43} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{19F472D5-EA66-431B-BA4C-E73452CC162A} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{1A3B32D5-AC71-4258-A623-C9B034B3708C} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{1B2234ED-DB52-4283-AD29-F71FE4BE2E2A} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{1B6BC3DD-6716-4904-9CBF-95311A8402FF} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{1BB70F6D-7357-4EAE-A27F-E8748C61E473} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{1BB9EE3D-1DBF-4FC3-928D-904587482DC6} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{1C272ECE-E365-4441-ADCC-D6CAD54A5B38} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{1D3D76C0-7341-4884-8A7D-8069DFEAF0AA} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{1DA6BFBA-F930-4676-8B89-CCB9DD47E0B0} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{1E528FD0-DAA5-4C9E-97DA-ED531C068F3B} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{1E67D1DB-CF8E-4004-BF75-585565D9105D} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{1E8FD6F5-459D-4659-AEF1-3561AA937E16} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{1EA108AD-F2AB-4EE8-A1C7-F78C0D223877} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{1EF18748-300A-40B3-BB7F-CBCCBB819DAF} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{1F098445-F096-41DD-8156-7D324013A72B} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{1FA1FACC-49FF-4154-BB9E-402D4E0F042A} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{20FB457E-8521-4074-8818-984856086D07} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{21BDD80B-31BD-4CCF-BE8B-41DFCC1A888D} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{21C26613-67BE-48D6-852B-4653AE9FAA88} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{21D7FD0D-AC7D-4DCF-84EB-5E63D65FC9C8} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{221DBD43-8DD0-43C5-8E77-3E0546FA375D} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{2252FDAF-47BF-4FA2-B1EE-8015D9D2C23D} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{2324B606-3260-4C09-934D-98DBA12FD744} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{241951E5-7FE7-4E75-9309-1898074925E4} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{24B1FC22-8753-4E3C-A56E-F17096217062} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{24E3E63C-8203-4AAB-8C94-C806998A8184} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{24E71A24-20F7-4F78-904D-19B22E07D792} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{25B14C9E-9128-48F2-95EC-E490F9556E22} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{268B5ECE-3CB8-47C8-A948-E2DB673FBE57} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{26E10FB5-142B-4DE1-9AEA-2F37E4F052B3} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{2816B5E5-0A84-43F3-8A50-6E531E1510AE} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{291FDF6B-6F6F-44F3-BBA1-C8278D60F876} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{293717FA-BC3E-4C5F-9649-2A1D32ECC7C2} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{294AFAE0-E7F4-4F2C-9E0A-3B63B45CCB39} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{2A25F633-91C7-4F99-AE73-5B5C43C5A70F} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{2A35A383-2358-46D4-B891-BA2F1BA22659} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{2A6C752A-CE0E-4306-9264-C754A1DD7C81} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{2AC1AE09-FE67-4315-BEF9-B0CCAC9C8D33} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{2AEA30DB-8064-40FB-9FB9-C78DBE1733F0} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{2AF0B470-F884-44B7-99FB-D5FA5048D08C} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{2B441FCB-77E8-43D8-BA0E-FFE1D067ACE1} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{2B5E8BD8-AB66-4D57-80EF-15568291B28E} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{2B6252AE-B98C-40ED-A76F-DBF0BF73974D} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{2C396B7D-9D6E-4A68-958A-49826A2D4774} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{2C472386-522B-4FB3-892A-760775CC248A} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{2C7F2C7D-368D-42DE-B87E-C0101A9B097B} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{2CBAE930-7A75-45EB-A864-4D949E603AD8} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{2CCC121F-6A54-45EB-AD7D-DE98E7EAE01A} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{2CE590CE-CAEC-4003-9C49-D3A668F4B577} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{2D6B7144-2A37-4348-9F8D-069F75CE17FB} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{2D72FB89-619F-4940-8423-438CFE50BAF1} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{2D89389C-F573-4632-9933-D7B85AC876FF} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{2DAC932A-69CA-4E26-8818-36A4FEA6D23C} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{2DD21E20-4457-48E7-8CF8-DDAB05BA0983} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{2DDB2C4B-3FE5-4A70-8C59-174E6DA14E4E} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{2E8184F9-01C4-4EB4-BA01-3E3FD1FE3DEE} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{2E94272B-341C-4C82-9D04-21D645343572} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{2FEB8474-AD16-4F4C-A608-E31935549868} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{3074E609-F467-43EE-93B5-7D8845711FE3} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{30D332D9-8D39-4D3E-B6D7-B5E84BECFA3E} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{31176628-7BC6-496A-9534-9E3807F3069C} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{3129272C-EDCB-4B1B-866F-E91BADFBB14D} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{31F8884B-63BE-4EFD-B45A-5608B852A4EE} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{339B7B19-E7DB-4D84-91DD-9279EA416234} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{33ACE9B5-FD31-40C9-882C-857669F7649F} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{33B35087-526D-44B8-8657-587B765EDAB9} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{341F9276-B20A-49FF-9324-401AFEAC0A9D} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{34514A46-201B-44CA-88EA-C916189C3EAE} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{34CF17D0-4CC0-486E-BFC9-DD62B6ED1AC5} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{35D09F9E-F8F0-40A8-A8CA-7C1EA2BBF6D6} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{360DB9E2-48D6-4107-8A36-688E0AD26D6E} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{361DC174-EEF8-40FE-8525-E198601DEBD8} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{36336746-C1C8-4CF5-A5A5-29F322AF8283} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{36800B54-DA85-4F98-BA4C-5A71C4286024} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{36E2E712-8ACC-485A-A998-974E14653242} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{36F61C39-C94A-4FF1-97DD-39A661C40A9F} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{37E0C6CA-8C9C-43E0-BD8F-83F60ABD5E49} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{3921239B-5DA2-477F-A47F-8B1F2C012358} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{3990B109-BF39-47FA-AE59-3DE5E4D78CE8} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{39A62C06-152E-47FA-B457-64A1D6165857} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{3AE027D8-EE2E-4C45-8ED7-7FB3FDE730C5} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{3AF5483B-C6F5-44E8-AF40-4D0CE35E240A} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{3B4D9CD0-5DBB-46DA-94DD-4F4C73034B95} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{3C29DB56-2FE1-4D4E-8922-B8D253A06388} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{3C7BE02F-F2E9-4FE9-A916-5588A520BF13} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{3CBFD2DA-6679-465A-84A9-67CC4AE73383} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{3DA64079-391E-4203-8E72-ED202EFA0757} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{3DCC29D7-4512-4E0F-829D-99246AF6B355} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{3E26BB37-130D-47EA-8DA3-0589E03B3A02} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{3E777AB2-F982-41A4-8F12-0F8EC1BB86C1} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{3EA96F8F-C6C1-456A-BF8A-3D012DB7AA31} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{3F3D965D-93FE-4359-ABE0-3432772DCAAD} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{3FA58DF9-A50D-492A-A547-512A51892410} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{40386FF6-4236-49D6-8C95-D4634F2CEBBD} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{40D92B6E-3DAD-4E4D-843B-870889A92F3C} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{40FAC11B-EF66-4E66-8750-6F0B60ECAF57} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{410F5020-C8FF-4A3E-A5B2-59487C3CC643} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{41B2014A-547D-40F9-923D-7BFCBEDE09AB} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{42C9E764-8A04-4DFF-8C45-77BD2F6D7099} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{42ED473A-41E2-4A85-A5EA-A8D31A66C21A} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{43F4A432-AEDF-43A9-BFDB-6D8A74D27629} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{440C4B5E-6B07-4536-B731-A53106C3A52E} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{442F48B8-D5D2-4FC4-8B5C-0C23F30CC0AE} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{4446C02B-0D6C-4864-BB52-D951BD4E76AF} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{44B6FE20-3030-4C21-A302-686EA4C61132} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{44CA5287-81D9-4CAE-8FDB-39F0D3D9F603} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{46837424-743A-43D2-A218-20763FD1A134} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{46E9746C-425F-4144-AA2F-AC8CC9FDD669} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{47025369-C3D7-4923-98E6-4ADD754C16AC} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{4733D6E7-74B5-406D-ACD2-4F2FFFC25C28} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{47AD5BCC-03CE-48D1-89AF-BE6FCBD2C74D} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{47FDC957-162A-41FB-AC6F-A05635C55A97} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{488AA41D-D7F0-42F7-97F0-EA014B28FCBF} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{48AED08A-BB6A-4664-BB77-B26CDC0C0603} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{499D6EA5-59B5-4E8E-AAA1-DE51872BC1B4} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{49A7DB20-3B0E-4222-B436-A5F6414F5884} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{49BEE991-1128-47B7-9F49-D653A9A802D6} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{4A4E0A02-663C-466D-946C-58B8A45EF225} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{4AF33197-1BD2-49CE-9D7A-9ABF594AE19A} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{4B7E62E0-EDE4-4C68-BD41-720F255E058F} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{4BD9683D-6C96-47BD-9AFE-D098417EF371} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{4D5CA7DF-6FF9-40EA-9686-9C08413174D1} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{4EAC40F8-5CE3-4FF4-98CF-66D167B1B8BE} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{4F785E95-77E5-4CAC-9EAF-4D64E985D327} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{4F8404FF-5074-42B7-A6A1-B744752317FE} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{503993D8-6CA5-474A-B61E-48D631759DD1} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{507FBC87-20CB-41C3-BAB1-50434A8C2969} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{509F9AB7-FE18-4DAD-A26D-A9A8786BCA9B} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{5146F9B9-D7FE-43B7-8123-6F59E744C448} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{51657C87-DDF4-4AD6-9428-B99F4A3DE98D} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{52F34C65-2F40-4FCE-8709-A805D12CCDE7} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{53EA9785-7B34-4FB8-A180-08DE0A72B11F} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{53FC76A8-13A1-427B-B5E2-B74FA1A18E81} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{547D5E4C-8F00-457C-87BA-B1706321CE0E} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{54CA57FB-C115-4909-84F8-61F39FFB879F} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{550F1737-8AF2-45B7-A5B0-E2DC4CD4BEBF} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{5540461E-E90D-425F-91D3-359ADB722E7D} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{556B68B8-3E80-43A0-85CF-2ED3C9CC8DC2} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{55BAE6E4-0AA1-4375-809C-5FF0BF060272} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{565049E2-2B80-4EFD-9D4C-BD96A858D8F9} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{5660E0A6-48A9-4E04-9306-5A66F2B807A8} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{57938ECB-F4A3-49B1-B209-9694A8FF30A5} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{57DC0289-8C3F-4D82-86E0-141A86B4830F} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{58305039-B597-4C7C-8C43-81291E2A1BB2} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{5848CA82-C0A6-4221-8DC6-A6DF84A9A3F7} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{58B03661-2455-4530-B19E-152840FA0FE5} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{5924BECD-944A-4291-8588-C2B5C7B672B5} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{592BA331-C206-4D8B-87E2-C8E310FEEFC9} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{59601C9B-BECC-4E0D-8461-161D8BF70CF4} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{5A94BF7A-EC82-4229-A630-5F4F5BDF5C87} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{5A9F0055-0D61-4C8F-8EE9-09CBC761641C} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{5AA03E97-5096-4525-A69D-9E0A49D1A78B} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{5B1F14CD-534C-4E0C-9FDE-8E706ABADDEE} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{5D1ECA90-E23B-4053-BA2D-7722343F51AC} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{5D28C670-84AB-4367-955B-7E88A8236D9C} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{5D4A4182-9A70-4640-9B1E-751954BB3E23} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{5D89A7D4-C205-4E09-BCF6-2BF9A7B41813} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{5DEDD3C5-4B04-4DD9-B6F6-E920E9C20C1E} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{5DF9E342-7EAD-4B4C-A563-16E3E1597055} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{5E292109-CD45-41E3-B00B-D99646366092} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{5F0C1737-2BC4-4BDA-A608-B7551542308B} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{605F2432-57C7-4F33-B3C5-3DDAACBD6D23} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{618DEA55-6F70-43AB-9739-75EA4F2990F1} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{61D17CB4-978B-435A-8CF8-E10FA4DF2534} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{627DCCE3-B8DD-4394-B949-F7B81F0C5EFB} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{6325A254-5CE4-4C2C-9266-90494036752E} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{63CBBFA0-74D1-4CA4-890E-ABF049B1FCAB} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{645C20F9-FDAF-4CD5-AAAA-E12EA8FEE630} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{66000F8F-7310-415B-B6AE-FD15BDF3849C} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{66BFC14E-4499-48E3-8335-A7D01AF21A46} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{67EBCBCF-B7E5-4AFA-9EC4-ECB528421849} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{6850B7AD-BD85-47DC-A4B4-2A159106B897} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{687A5224-90C8-4EBE-B9B3-5871FD9BCB52} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{687B8C8C-A5DE-406F-A196-2F1C31ABD92D} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{688A80A2-42F1-4B81-8715-DE3198EEBAA6} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{689240AE-F54B-4EF6-A055-8F8A3636C465} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{68F5D070-2F3A-4B8C-AC23-906AC5A3398B} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{696C8009-C432-42D1-8048-55311C84CF77} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{6A2EE739-5823-4404-AD86-32D9E16A46AD} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{6A35A323-287F-4B14-91FB-B66C7947E956} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{6A4187C6-52E4-4ABA-A633-4151BC4BB65C} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{6A4A79FF-D3A4-4713-A43C-10D3C7162D22} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{6AC99B3D-0172-4677-84BE-243FFEAEEFC3} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{6B4B0111-D3F8-4484-9130-6FA1BA51A5A3} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{6B8EB91E-F724-4BA4-BC05-105CFA44C6DD} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{6BED1A38-9085-4D6B-9236-550DEE7B6486} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{6BF59566-8E27-4540-9DEC-2D9D52F4F972} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{6C05B0E6-B787-423F-ABD0-E6B214F84C51} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{6C827E77-2032-4EA9-9B68-34E316DE814D} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{6CEBC5C4-2221-43E0-8BAB-3F5E154C4705} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{6D066A26-1CD0-460F-9B25-D58317FC3E32} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{6D2642E6-2330-4920-806D-A01F95D1834F} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{6E032BB0-798F-4165-9235-A883C597CA29} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{6E0897AB-AD39-4440-955A-84181B420DC6} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{6E3F7114-F7ED-4936-A985-11E7D43AC9F0} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{6ECE61BF-6BD7-4AE9-80FC-2A7DA74D8A61} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{6F032436-12FC-4C3F-B185-E6B6C08E0CCB} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{6F2DC4FB-3F24-478E-B569-36DF8A45BB87} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{6F5A056B-A48E-4720-989D-2EB428EE5573} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{6FAA8BF6-122E-491D-9035-B818D9257D67} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{6FF549CD-AD80-461E-970D-552E064E72A3} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{7042DC50-ED60-45A2-8783-B8D811A05B46} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{705A3876-302B-4001-98CE-066767BE414A} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{709829C0-2573-4BAE-A2A1-5E518F570E98} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{712B851D-F3E8-4D91-ADB6-84F067A1A0A3} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{720DE636-A5B7-47AE-A801-E9166F170496} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{7253AB27-877E-4959-B639-F9E46029E75C} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{730DA413-E106-4947-A247-D46C5205BE24} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{73A53FCD-225D-4E9A-9854-EC8EED6F541B} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{73D9C0E2-A34D-46AC-B1EB-639B721646DC} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{74B6DBB3-0C1B-4AFD-AEA7-C92F2D2806DC} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{74EAB256-0617-4DAB-8E43-E8B56128BC13} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{7559A556-BAE2-49E4-9E88-65AE2F98D369} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{756CF7E2-51F8-43A9-AB2D-845FBFEF54F4} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{760159FC-4909-48BA-8632-5CAE65B27468} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{7776C045-5ECB-492D-9039-4271523C904F} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{779E6812-B509-4DC1-AC84-20AD460AC291} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{7802D99E-0463-4C05-AB24-DB9E338847EC} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{78175660-61ED-4981-B1F1-72AF1028D0BE} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{78D4FDB9-8FB7-448B-B390-90C6D6080EC1} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{7999CE18-83DA-412F-A687-D7CFB6EF1D83} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{7AEDA31E-E794-41C9-AD6D-EB734E7A00A5} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{7BAFDD30-0FB5-491D-816C-349A982EBC88} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{7BF85085-C29B-45C6-B190-23C56B8B826A} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{7C86E66D-ECA1-4728-9347-6CAE1F785849} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{7CCEF66E-A429-4D5D-84F6-E3704AF36E35} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{7CF47EC1-47F9-410D-A827-DAD99C620239} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{7D73BE6B-374C-4A37-8C48-CCFF5A465AA6} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{7DFD514B-938C-4AFF-A352-3D44D3251FCD} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{8005476A-DE14-4638-B2B1-9E78302A498D} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{8029396A-9C45-4AA1-8FF3-3434258A4E18} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{804440CD-86D9-4B23-882E-1EFE5977AFBC} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{805EC530-ED98-41FA-A93F-2E5D1CA06509} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{8096B976-8675-424F-9C3B-39714E288EC7} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{80EA6582-8885-4B46-9190-1D6396A493A6} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{81366442-8F53-423A-A115-2524E59E928B} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{8164C800-F8EE-4768-B732-D8BF6F6C9983} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{81712907-01CA-4217-9F1F-B21BC9D124D5} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{8278B92C-C5F6-4457-9D5D-9BCE027F1BB2} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{82CA3D9A-4939-4416-B731-CF8D8488DDD7} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{833432B6-641D-48E4-A6A9-E247200FB743} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{835B5C22-1EDE-4954-AD7F-383603C35FE6} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{838AE46F-3D39-4FFA-BD56-D545184DAD36} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{84B1345B-6657-459F-959D-3AADB6641106} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{84E6241F-7CE1-4ECA-935C-28708C7084D0} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{85D2D03C-8824-4E1C-970B-10202B38D2A0} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{863623E0-8303-4B17-8355-62F0384060C7} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{86A117A4-9913-432B-AE3D-61CC05228835} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{87260A5C-782C-454A-8117-86997B276D2B} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{873885BA-A361-4FA1-AEAB-53A88D816899} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{874692E1-76E4-4C67-B095-961AE99560B6} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{876CFA75-08A0-43A0-B530-6CE19DAE9BFA} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{87802C83-3E65-4E05-BE1B-E93B54710D4A} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{8990B11A-01B6-4C2C-8884-0A99C0DE8FC4} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{89F9D0FD-E904-4EE5-9A39-DBCCE084A9A3} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{8AA495C5-80AE-4C3E-BDA5-FACF6370075E} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{8AD33962-59D9-43B2-8BD0-D6602DBDDC24} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{8BECA055-6379-4669-989F-4B15667E7991} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{8C043A29-AEAA-4ECD-91BE-C5449F0AC194} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{8C731EC5-00BF-4822-89F1-A46DC3FB054A} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{8CBDF212-442F-4F76-BBEA-390243E07216} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{8CCA01EA-5BF1-46DC-956D-F3D97C5CDB15} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{8D3CA825-8DC9-4821-B25B-4F7388FF2ACE} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{8DC92A60-3797-4471-9D13-B7501F973058} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{8DF95DC6-BE3E-4142-A4CB-32E78C11FF42} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{8E48FB26-002C-4408-9537-9E4A724447B9} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{8E6DF64A-2764-497E-9332-991DA4ED5F2E} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{8EE03226-D6C0-4BCF-B8A3-D03F9F9CED7B} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{8FA9E23D-78E4-40C8-B798-9CC64AC47CAD} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{9018C1D9-97BC-4326-99A0-9EA31DD5F21E} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{902EC1CC-4B98-41CE-A4ED-030358F2546F} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{91D81659-A7B5-4AE1-A3E6-108A0D3DE023} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{92D75407-7876-48BE-8349-0042C51B682C} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{92F68096-F47E-4731-8CC4-94EB6B98752C} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{935EC4ED-30A0-464D-B20F-EFA8F01A53DC} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{939BAD0F-9A6B-4EE5-B2EB-04FA7DC34C38} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{93A75B72-A68E-40F1-941A-5E07A8ACEE2D} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{94316312-ADE5-45EB-BF56-5A1F7EDF9037} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{9449C38E-2C05-4D2A-9594-876D736C6C93} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{947713C1-3011-4876-B0FF-517B213CF288} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{94BF3516-700C-4F57-9938-BF0398420A3C} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{94DBBE95-B261-46E3-BA73-6FF4A7B15D88} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{95CB8AA0-2B35-43D6-9142-EF36382295D4} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{95E41B25-6271-48D9-AFBF-B8A2DBCA6AE0} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{96D45324-F2D5-43BB-9E59-916DD5729021} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{9712618F-7A01-440B-B932-5336B16AB09E} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{97720215-23CA-45AE-A5FC-9E2757F654E9} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{980B4E11-C751-48EA-8CD3-86D3D00A7AA5} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{98727175-E41E-429F-A30F-FB315099BC00} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{98C5E759-2BE9-4ADD-BCAC-2527B8FE753C} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{9A6865F9-CA26-42B9-A91E-14B6A1BBF13F} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{9B25875B-1CE1-4CF7-9C22-FE1A9F896812} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{9B9D9350-6A34-4032-AFE3-F47A8DF80F3E} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{9BD68642-9E74-4379-8430-234C06AB8189} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{9C57B8EA-1D85-4AA3-BDDB-102DBD204F86} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{9C697EE5-292E-424B-B4BB-9D86ADEC8BF3} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{9C8BA38A-E84A-4746-AE7B-72F5162DEBC7} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{9D690BDB-E8BC-4BF5-8570-744B822F5652} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{9D6DA39C-E83D-4860-92F7-BBEBF3F41751} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{9DEFE148-74E3-446D-8E43-1451D7F3BF03} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{9E12C6F3-CE68-4941-9D8B-2DC73F120E54} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{9E6609DB-C486-42CF-B1FA-D251AF81C4F5} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{9EE0BA2F-2656-4095-8CB9-FFBAFE972F38} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{9EE5A2B8-8EAE-40DB-A623-1A266ADABB1C} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{9F5FA8DD-DD89-4D79-A104-2F5E99D0C800} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{A123D67A-0A2B-465C-AF7B-4F9633DC551D} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{A1EE567A-3A73-4A04-9BA5-52E0673900EA} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{A1F61D2C-5DC1-4A62-8EBA-94C8D9898702} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{A24942D3-358A-48FE-BF4F-834A0A15C3B8} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{A2620EC3-5843-4FEE-851F-114A32AED39B} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{A26B22C7-CF4A-41B7-B9A0-92BF3BF15771} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{A2C5933A-72EE-4E7E-A139-FCDFE75B96B5} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{A30D9183-30C9-47D3-A5C2-4CED9EA65582} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{A334AFF5-B250-4A8B-A60A-9D6A165BA58A} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{A3FAC161-E15E-4C4F-BF77-A0357F3656C7} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{A4927A4B-7F7C-4BEE-A316-FCF1D9110E08} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{A57B199A-4EE0-486A-9088-824536B1A4B9} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{A605538E-38E7-411A-8BFB-89C2DE7FCEC6} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{A669C519-F80F-4E99-86DB-5979ACEC7C97} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{A68C98FF-E1D5-4610-9575-A676095671DD} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{A6C231DE-460C-456F-9DB2-706192DAF77E} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{A7384082-CB61-49AD-B069-4962788A8E12} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{A7B97E8A-27D3-4B35-AC8E-8B50E2D63708} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{A7DF833F-0B7E-440D-A8D6-0CE49255E041} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{A7E4521E-6D8E-4B22-B378-A31E6BE4A521} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{A82335B7-F49F-4C6C-A4D7-EEF2EFA56F2C} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{A88C86A6-89A6-416A-8A48-FB943B3F2CA4} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{A89F3DEC-2C99-4BF6-A506-017CFF84F102} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{A8D95653-AEA7-4F9B-9926-4A09C496F24B} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{A99C3B3B-C694-4D0A-A0F7-1F8FA7E13EBA} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{AA13AF69-3754-4812-8B1E-E89AB0AB2643} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{AAAE062A-0BD6-4360-9A62-648A35F579CD} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{AAB0AC27-118F-4294-8EAF-3DA34E48B05C} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{AAB8C46F-931A-4CDA-8B5E-E531553C8B86} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{AAB95A91-66BA-4B6E-9400-EF1206064567} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{AB20EB37-D3A7-41D9-B1E8-1D3AB6C8B9F4} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{AB2CCD66-9FDC-4F43-B059-1D5444E25E50} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{AC361716-DDCC-40AB-9BFA-EA40CCE136CE} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{AC44331C-CB41-4354-8810-EBD8181DE45E} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{AC4FCF91-30CE-4958-8049-CD86E8F33D8C} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{AC5551E1-F33A-40AA-B139-D04C70E38307} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{ACAC4960-B7D4-4989-AF05-CF50566B2823} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{AD441816-88E9-48A7-8B86-EE266CB2D0E7} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{AD54B7A4-561D-4C42-91A5-A0C91A5DC66E} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{AE861268-096E-40B6-B7F7-BE9B9A2CFA3A} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{AECDA8DF-4879-4BB9-96FA-9BBFEE77CEE8} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{AF42EF2E-B1C2-46B2-A279-5F9065107BAE} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{AF9CDEFC-F003-440D-876E-6CD99A86CFCF} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{AFC79CA6-4DA2-4C54-93ED-C962DDB646F5} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B082C2AD-4B7E-40C8-8927-61A9379D245E} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B0D1E7A0-EC9B-448B-B785-2083171535C2} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B108942A-C537-4278-B94D-17CB52ECCDEE} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B19A8F15-658C-4E1A-B621-EFBAFF8AA9D3} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B1CAF1B3-DD42-40F5-8629-13821F516540} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B2F17A92-0C2A-47DD-A74B-9F89D8D6159D} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B3309A80-D8E2-40F9-BA2A-722502D3DF90} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B3626600-5B21-407D-AA00-1942074A4B11} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B39CC38A-549A-4E43-9D1C-50F0E2499A6F} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B3FE9ED5-A8B3-4657-BC31-FDA456D0175B} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B4EFF298-D6B5-4FBE-874F-30A9DD47BF4D} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B510459A-19DB-4E7D-856F-4F0DB2A1B8B1} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B5548379-3F90-4CFA-89F8-DB7DE152CF90} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B5779D08-BA53-4093-9686-C87B1C15CF00} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B5BF450E-00B2-43DC-B6F5-AFC49B618796} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B5C555DC-E6A5-423B-B407-E0B88E31ACF7} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B5D67E53-28D2-4879-A530-EBB68435DE5C} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B5DCF6D2-546B-4D70-9810-228D124E940D} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B5E4C5B0-B686-4D6F-AD86-060AA875B1A7} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B6166F50-95F5-4AC2-ACF9-49B51524CD78} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B627287E-F35F-4DD1-B49F-A149E11363E7} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B62C8CC0-5993-4260-9B1F-5215844ED82A} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B690E89C-3A05-4EBF-8DA2-8DE133133128} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B6F63A41-6C76-47F6-AA63-6C921FC67190} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B72AD58D-5C8D-4FC7-A6C5-B51421A088E9} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B72C6949-AF89-4F86-B867-A081C58B4403} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B78F5692-02DA-4813-832E-FCF22B52B556} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B7E6D5F6-F66F-4B0B-845F-87EB4DBB5CFD} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B7F7E545-0D56-4B1A-AF78-394B17B32304} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B809EBC8-E40A-4233-9673-AA3C66D95F28} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B9146483-E669-4C42-A693-37DE136CC911} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B951234A-8B1F-4E14-8444-B4E21D65FB50} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{B97B1B9D-1C0A-4243-A3B6-F625B34DA880} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{BDBD5680-A6E6-4363-A5C0-42BB58F643C9} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{BE3FAAEB-B560-4F0D-82BF-1F127C87B707} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{BE40953B-4F76-4123-8524-5D3BD718CA50} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{BF2DCAAA-F0C5-459E-85ED-B076D63D96BA} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{BFA7E704-E816-4D90-8E36-CB13A26D8DE3} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{C055ECF7-05D8-4F9C-868E-1A4C04137A4D} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{C162266D-7818-4706-B05A-61D751F2165D} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{C1945979-01FD-4CDA-9EB7-CDE3042828A7} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{C1C230C4-6259-4195-BE92-EBA7878AA238} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{C21A8D61-D880-4825-AE10-317247E8D316} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{C27B5265-B529-4872-BFDB-E23EF03AADD6} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{C2CEE6F8-496D-4429-B228-2757C3EC6B4A} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{C3411951-172E-41C6-B57E-D50C5E9E2721} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{C3916390-6A33-487F-AFF2-0D221D6485BC} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{C46D5CEC-22FD-40D2-95FF-D0D93C4CAAE2} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{C48958B5-E8D3-4557-AB00-4C30ED89C79E} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{C59AF573-5431-4A1A-8AF4-F2C4DE495D1C} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{C600B42E-6892-42C2-A390-CAD6A5753F57} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{C60371DE-963B-4A70-A274-73B164C090FE} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{C6502ECF-588C-422B-9D57-124D29C571E0} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{C66B56D8-C2A4-44EB-93EF-F6EC3EA3CB14} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{C6EEA884-1D3C-441C-9542-F3634B00F109} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{C7CDE765-FBF7-4156-A96C-6F32EBF3AB96} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{C94E8A88-1254-4DA8-90C0-F34E379FF145} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{CA1A666B-8295-4A9C-8F89-C8641C602A49} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{CA7B5ACF-2E0B-43D7-BC48-0272B8378140} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{CB08AE87-9B37-4D72-BF6E-33AEC54FB4D4} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{CC05A2A4-65B5-4703-BB75-AAB0B1699825} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{CC398C70-50BF-42FC-BC16-D16640E583A4} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{CC913FD6-CCFB-431F-A7AA-435C40D1CAC5} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{CCE77E90-1399-49DA-8A45-540C248D450C} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{CD79C275-B8FD-4698-9B7E-EF3EA171E3FB} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{CD90BB5A-AABB-4593-ADC2-4CA2A73B8126} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{CE8BE938-181B-497F-9F32-342F13FC42AB} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{CEE09924-F5DF-4321-AB59-14C0C8AE88B4} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D055B0CD-01EC-4C65-81B6-898CC80C4319} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D15AB755-3CBD-4376-95F1-AC636F3C1D9F} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D23B8541-0A39-45A9-BDDF-0BC3675DA487} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D24F4F10-58CB-4107-AEBB-24242692A44E} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D25BC736-8402-46E1-9238-7A51FD41EAE2} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D28EA934-4F03-4A36-86F2-5FE7702E9300} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D2FCE89B-FFC3-4486-91F8-F7E65872D406} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D3689904-3629-455F-8DC8-55CF25015DF0} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D3D3EB86-AAD0-4E03-8EC9-71BA95836A80} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D3D5B89E-EA0C-4950-AA9A-FD1A01830EB3} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D3D7EDD5-C198-4D63-8B99-FE341E49DC84} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D4376F6E-8F0F-4094-9F9F-371A8B813E01} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D44A60EC-0527-44B3-9CC8-863D3E59A0F5} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D5231E2C-7415-4986-9CD1-79F0CEC42CA2} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D5834C19-9968-423F-ADCA-0764E420FE09} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D58EC76A-D705-48E2-BCE7-32736015D3CC} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D5FCA02A-E470-457B-BE1C-623CFC9E21F6} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D68A1731-D954-4885-8C94-D13A309DF041} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D6DBFE9A-59CE-4D87-BC7D-A75F7BE8BCAB} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D703CAB7-F7C1-44B9-B4BE-B561901AE434} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D73A290E-5A78-4776-AD62-BC7053A2FACB} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D76F5C7D-C38C-4283-9B26-203FB3526BFB} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D7AE97B9-F59E-4489-A49F-1E907ECCA85A} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D81CDF16-CBA0-4612-9A4D-42A87D851AA2} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D81FCE2B-3B0B-4D0B-9D02-6A83D1ECD006} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D82BED87-A667-492C-B1B4-8C5590AE543F} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D8A5EFC2-E470-4F92-88F7-D99329528A47} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D9432856-51B2-44EC-8AE3-1D900B2E7535} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{D94A3751-DBAE-4FFF-9375-D3D0BFB05A95} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{DA9D2E9E-DE74-487A-8ED1-18E867D1D6BA} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{DAB16E99-5D22-4F88-98CA-F380E985FC1E} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{DBC2FFF2-3439-4439-AB25-E0A7AE4C8345} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{DBFAED11-5E89-49BA-A46A-2114BF6DA92E} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{DC217F54-7BF3-46CA-959F-4C45E6C4F349} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{DCB8B858-8045-4DD0-A2AA-6E518E08F251} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{DCFBC189-C3F5-40CE-AF1B-67E6533B63FD} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{DD922976-EE82-4D30-80B3-0FEE3AC17B2C} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{DF692B7D-AA28-4BDC-AE23-C586D026171B} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{DFD75305-43DF-4965-BD2B-4DDEB53DD8BF} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{E02C0F59-1785-4F5A-954E-6A2E747516FF} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{E0858CDF-4EBB-4A6F-9D2D-45F33AC3BFDA} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{E0874464-48E7-4177-B1C0-18E6386B4040} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{E08AD604-C653-4682-B8A7-994DABC971C7} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{E0ED0D11-4C2E-44B6-8037-667E08A98AAF} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{E1511E29-607C-4548-A354-7B44456A418A} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{E1A89F20-59AA-4E7D-B32A-A64F1059C380} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{E267BBF3-6B37-4C75-9155-CA33E5B93F04} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{E35E900E-4731-4735-8E15-E5050B266BF6} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{E422467B-ED25-418C-9620-CF45708F01D2} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{E463487B-23B3-4D27-B919-93BE7A683EC5} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{E48B23AE-DDB3-4010-B7E2-3EA7624FBA26} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{E48E017D-19E3-43BA-80F7-1BCDE84D4069} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{E4B85FC7-B04B-4F83-966D-152690180FDE} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{E4D6609E-0F83-48CE-A0CB-F3491C45C954} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{E51E9B85-ED92-4B44-97D6-E6CBB68605BB} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{E5F95FAC-69C5-466E-B089-BCF0FA0DC10E} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{E68C8199-F4F4-45B6-8EE4-32DE50299FB6} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{E7742D6E-E594-4EB2-AB65-8F4A66E8FE93} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{E7842225-137A-40E7-A4BE-AC6B8909FCE5} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{E8038F60-BB29-4B33-B730-E737198F9C44} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{E80DA487-CE85-498A-96B1-4B62A3861523} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{E884B313-EA0C-4356-85E7-4ED9EE10ED1D} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{E916C651-89D5-4AFC-BCF9-6DE7AE7E46F1} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{E956E107-3714-43A9-AE21-1E300DAB5924} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{E98B7375-79D7-441C-85D6-7A8DA36FB723} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{E9DA5BFE-7C0B-4B9D-ACE7-BFB4ADC6D0AB} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{E9FC791E-182D-49A6-83BE-5C99532A68DF} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{EA9B46B4-D2DA-44F0-9D0B-BA9310E7BE55} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{EAA31C54-B0A7-4A1A-A81F-77BA25F17E58} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{EB394A7A-EBBD-43CB-A59E-76AA11994623} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{EB8ACECF-E8BA-45E2-B023-CFF88F6ABAF9} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{EB8D8E79-3127-402D-882C-5154E9A5B340} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{EBDAED30-3F62-4E6F-A636-5626C7E6FF78} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{EBDD92B9-2541-4BB5-93B0-71AA15D64913} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{EC6D9310-A953-4767-80A2-6E59691F4BC9} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{ECBD5D5A-14CA-481A-A4E0-8D1C21332C5F} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{ECC6286B-F6C2-4E40-84C8-6EF8183DC40A} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{ED26C004-C871-4FC0-BE5B-57758AF59182} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{EDB80C6F-7E78-47D5-B071-73E4AF6913AD} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{EEF23EB0-3931-4A27-9073-EA4EC9908060} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{EFFAF764-1A84-4371-93EA-0F82F926045C} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{F083C34E-33AB-4F9F-9205-88A0254C8EB3} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{F0949D69-FF4D-4A42-9C8C-C580E3B61235} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{F0F79E8E-F4F5-4B02-A56F-1F5C3BBDBF1A} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{F16AF607-5312-4F02-92EF-0E3F24B4CEDF} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{F1999BDD-EFE9-459F-AF12-7C9784E14D64} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{F268DB9F-7028-491C-808D-5F27F04E2967} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{F433B45E-1252-4A84-841E-B15CA95D3265} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{F4F1EE90-B70E-4377-8B9A-652112B1B098} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{F4F427B2-0CC5-4156-8305-8468E5ACE4C3} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{F5179F59-8D2A-4A03-A6FC-641F3D861034} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{F51E123A-EA9B-4704-966C-D1E1D71BCF27} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{F57C8829-36E7-4627-B71E-1C779FA9F6B7} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{F5CD27DA-0828-42A3-9B98-2D41EC39CB76} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{F6F4A537-AF0F-4FC4-AB9C-69CF5DBF7483} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{F72F2AC6-6B22-49C6-8AFF-C27245EBCB82} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{F8E5964E-0429-4359-BECD-721F0491F703} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{F9478EE0-AC0E-4287-B0E6-04B79A4E398F} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{F97D292F-DC86-45DB-9A4E-4F98848743A7} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{F986404B-0234-477B-9A5C-1F9A2586064A} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{F9A5A38E-52C4-4CEE-AEB0-DE4872C0F025} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{F9FDF862-81B7-4C2C-AFED-30B4D8903175} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{FA7EA029-A24B-44CD-9468-EBBBB6C003E0} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{FAEEAF4D-8DD1-4AAF-896F-0A16188B8574} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{FB885C5A-AFA8-4BE4-BB55-B1E240B4601E} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{FB92844E-2679-4D7A-BADC-3B56D4DBA17D} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{FBA0E453-5F7C-44D8-9116-31ADED1BB3E7} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{FBDAFE28-421D-410B-A824-720E34EE4F40} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{FBF94AAF-48E1-4D65-BE3F-59EFA2B13309} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{FC39CC1F-94B6-4E1A-A549-A90AE6142238} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{FCE314FF-E5A3-448E-9BA1-35011F677DF9} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{FE902E1C-891E-4128-9227-CDFF039CDA6E} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{FEA39408-AC99-4E6F-85DA-5BB7B434E439} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{FF330F2B-D2F3-47C6-BEE6-B80E4AADF8C3} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{FF45B0BD-AA2E-4A05-8246-E67893717162} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\{FFAE1669-4170-4466-B8F3-2AF1F456FBB2} (Empty Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0EEIUER3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NUEAF5O (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1RPKU44S (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1WGEB91S (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T0RTTNQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4TY5Y9UV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\61WC0OX9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73PJ431P (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73T0ZLGF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8HVF4CIA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9YESB524 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AA7W6YVF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BP1CNX6O (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVJDBKVY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLZKZL2E (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNKJ3O6V (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPWP4OGW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXP6KHPM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3841CI9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3NZ7P72 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FF8937B3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZ0I6DUI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G2DAES01 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4T1UPT4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4VI1FH6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G7BNM8VQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IERPF7J8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IPBKOVQL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JG0YMNIS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZ225GE8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PA9OII2Y (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QFDBZCJS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R1DBLMZT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XS6KJI2W (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YAD9K7QI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0EEIUER3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NUEAF5O (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1RPKU44S (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1WGEB91S (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T0RTTNQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4TY5Y9UV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\61WC0OX9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73PJ431P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73T0ZLGF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8HVF4CIA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9YESB524 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AA7W6YVF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BP1CNX6O (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVJDBKVY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLZKZL2E (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNKJ3O6V (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPWP4OGW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXP6KHPM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3841CI9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3NZ7P72 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FF8937B3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZ0I6DUI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G2DAES01 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4T1UPT4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4VI1FH6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G7BNM8VQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IERPF7J8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IPBKOVQL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JG0YMNIS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZ225GE8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PA9OII2Y (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QFDBZCJS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R1DBLMZT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XS6KJI2W (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YAD9K7QI (Temporary Internet Files Folder)



Registry: 13

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8175E372-1FF1-4288-8E6E-ADDEBD415D47} (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BA0F500-9CAB-4921-A971-96BB46F4CE99} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AC3F49B1-2912-4F76-81AB-624EA7E8F491} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AC3F49B1-2912-4F76-81AB-624EA7E8F491} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4cbfd6a0-f21b-4d52-bf56-c57a37625141} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ca6701f-b8e8-43b9-b206-b2a9ee3216cf} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b81eac74-1eda-4e15-994e-76c38c1dee91} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4cbfd6a0-f21b-4d52-bf56-c57a37625141} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ca6701f-b8e8-43b9-b206-b2a9ee3216cf} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b81eac74-1eda-4e15-994e-76c38c1dee91} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/03/2016 at 13:59:04.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by myRiad_spartans, 23 March 2016 - 09:16 AM.


#8 myRiad_spartans

myRiad_spartans
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Midlands, United Kingdom
  • Local time:10:23 AM

Posted 23 March 2016 - 09:28 AM

Windows 7 FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Marlene (administrator) on MARLENE-PC (23-03-2016 14:17:56)
Running from C:\Users\Marlene\Desktop
Loaded Profiles: Marlene (Available Profiles: Marlene & Kevin & Xbox Live Player & Mcx1-MARLENE-PC & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
() C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft SDKs\Kinect\v1.0 Beta2\Service\KinectManagementService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-12-18] (IDT, Inc.)
HKLM\...\Run: [EPSON Stylus DX4800 Series (Copy 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIADE.EXE [98304 2005-02-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-18] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-13] (Symantec Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [612872 2014-01-03] (EasyBits Software AS)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [QPService] => C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2009-09-08] (CyberLink Corp.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [1858152 2012-03-30] (Microsoft Corp.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-19] (AVAST Software)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\EpmNews.exe [2089056 2015-04-14] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM-x32\...\Run: [EaseUS TB Tray Agent] => C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2014-12-15] ()
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25577864 2016-03-12] (Dropbox, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\Run: [Facebook Update] => C:\Users\Marlene\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1566016 2015-07-27] (Samsung)
HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-03-20] (Samsung Electronics)
HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\Run: [Octoshape Streaming Services] => C:\Users\Marlene\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-04-30] (TomTom)
HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6274184 2015-08-23] (Plex, Inc.)
HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\MountPoints2: {59270df1-9623-11e3-bdc8-00269e8ee64a} - F:\iStudio.exe
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2
ShellExecuteHooks: - {E54729E8-643D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook64.dll [773192 2014-06-01] ()
ShellExecuteHooks-x32: - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook32.dll [484936 2014-06-01] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-03-04] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2013-03-10]
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Marlene\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 217.12.218.15 8.8.8.8
Tcpip\..\Interfaces\{0985480C-B9DE-442A-B6E8-415D3C5ED732}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3C990A9B-BB12-424C-B447-CC5ADF365E53}: [DhcpNameServer] 217.12.218.15 8.8.8.8
Tcpip\..\Interfaces\{4F281B08-AA12-4757-A18B-18345AAFA36F}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3688857076-792490274-234704465-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://uk.yahoo.com/
URLSearchHook: HKU\S-1-5-21-3688857076-792490274-234704465-1001 - (No Name) - {f864ba3f-9878-458a-ba2b-dad32bcbc472} - No File
URLSearchHook: HKU\S-1-5-21-3688857076-792490274-234704465-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-3688857076-792490274-234704465-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {AC3F49B1-2912-4F76-81AB-624EA7E8F491} URL = hxxp://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
SearchScopes: HKLM -> {F9FC1670-8AD8-4BDC-8E58-56EB224739CA} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {F9FC1670-8AD8-4BDC-8E58-56EB224739CA} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\.DEFAULT -> DefaultScope {3F243AB0-5236-4FF5-8D2D-E67022440788} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\.DEFAULT -> {3F243AB0-5236-4FF5-8D2D-E67022440788} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> DefaultScope {98DA51C4-65D6-44F5-9ECE-F5B117EECDF2} URL = hxxps://www.google.co.uk/#q={searchTerms}
SearchScopes: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> {05664F42-5FBE-44D7-ADFA-F792611BFA68} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C014GB499D20151204&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> {95981329-F311-48AD-B02D-7540FB6F3276} URL = hxxp://www.youtube.com/results?search_query={searchTerms}&page={startPage?}&utm_source=opensearch
SearchScopes: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> {98DA51C4-65D6-44F5-9ECE-F5B117EECDF2} URL = hxxps://www.google.co.uk/#q={searchTerms}
SearchScopes: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> {F9FC1670-8AD8-4BDC-8E58-56EB224739CA} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL => No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-03-04] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-16] (Oracle Corporation)
BHO-x32: No Name -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-04] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-16] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
Toolbar: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
Toolbar: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-03-21] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-03-21] (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-03-21] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-03-21] (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\11\NP_wtapp.dll [2015-01-17] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3688857076-792490274-234704465-1001: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Marlene\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll [2013-12-18] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-3688857076-792490274-234704465-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Marlene\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3688857076-792490274-234704465-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marlene\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-05] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3688857076-792490274-234704465-1001: vates.com/ppo -> C:\Users\Marlene\AppData\Roaming\Mcafee Social Protection Beta\npppo.dll [2013-06-28] (McAfee)
FF Plugin ProgramFiles/Appdata: C:\Users\Marlene\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2014-05-11] (Octoshape ApS)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-04]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-04]

Chrome:
=======
CHR StartupUrls: Profile 1 -> "hxxp://uk.yahoo.com/"
CHR Profile: C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Cast) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-19]
CHR Extension: (Avast SafePrice) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-02-23]
CHR Extension: (Avast Online Security) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-26]
CHR Extension: (Skype) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-22]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-22]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-03-04]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-04] (AVAST Software)
S4 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [151656 2012-03-30] (Microsoft Corp.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-25] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-25] (Dropbox, Inc.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37416 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]
R2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
R2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-02-10] (WildTangent)
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-09] (Hewlett-Packard) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 KinectManagement; C:\Program Files\Microsoft SDKs\Kinect\v1.0 Beta2\Service\KinectManagementService.exe [131584 2011-09-24] (Microsoft Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-03-21] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-03-04] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-03-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-03-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-03-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-03-04] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-03-09] (Symantec Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2014-11-18] ()
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-14] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
S3 KinectCamera; C:\Windows\System32\Drivers\kinectcamera.sys [42880 2011-09-24] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [36968 2016-01-19] (McAfee, Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
U4 eabfiltr; no ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-23 13:59 - 2016-03-23 13:59 - 00081119 _____ C:\Users\Marlene\Desktop\JRT.txt
2016-03-22 16:06 - 2016-03-22 16:06 - 01610352 _____ (Malwarebytes) C:\Users\Marlene\Desktop\JRT.exe
2016-03-22 15:04 - 2016-03-22 15:04 - 00003058 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458659006
2016-03-22 15:03 - 2016-03-22 15:34 - 00000000 ____D C:\AdwCleaner
2016-03-22 15:03 - 2016-03-22 15:03 - 00001037 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-03-22 15:03 - 2016-03-22 15:03 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-03-22 15:03 - 2016-03-22 14:54 - 01530368 _____ C:\Users\Marlene\Desktop\adwcleaner_5.105.exe
2016-03-22 15:02 - 2016-03-22 15:01 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-03-22 00:26 - 2016-03-22 00:29 - 00000000 ____D C:\Users\Kevin\Desktop\New folder (4)
2016-03-21 11:38 - 2016-03-21 11:41 - 00065195 _____ C:\Users\Marlene\Desktop\Addition.txt
2016-03-21 11:34 - 2016-03-23 14:20 - 00034381 _____ C:\Users\Marlene\Desktop\FRST.txt
2016-03-21 11:34 - 2016-03-23 14:17 - 00000000 ____D C:\FRST
2016-03-21 11:33 - 2016-03-21 11:34 - 02374144 _____ (Farbar) C:\Users\Marlene\Desktop\FRST64.exe
2016-03-21 10:43 - 2016-03-21 10:53 - 00002124 _____ C:\Users\Marlene\Desktop\Rkill.txt
2016-03-21 10:43 - 2016-03-21 10:43 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Marlene\Desktop\rkill.exe
2016-03-20 19:51 - 2016-03-20 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-20 17:20 - 2016-03-20 19:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-03-20 17:18 - 2016-03-20 19:56 - 00000000 ____D C:\Users\Marlene\Desktop\mbar
2016-03-20 17:16 - 2016-03-20 17:17 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Marlene\Desktop\mbar-1.09.3.1001.exe
2016-03-20 15:05 - 2016-03-20 15:06 - 00039084 _____ C:\Users\Marlene\Desktop\MTB.txt
2016-03-20 15:04 - 2016-03-20 15:04 - 00891392 _____ (Farbar) C:\Users\Marlene\Desktop\MiniToolBox.exe
2016-03-20 14:49 - 2016-03-20 14:49 - 00002517 _____ C:\Users\Marlene\Desktop\FSS.txt
2016-03-20 14:47 - 2016-03-20 14:48 - 00899584 _____ (Farbar) C:\Users\Marlene\Desktop\FSS.exe
2016-03-20 13:54 - 2016-03-20 13:55 - 00852798 _____ C:\Users\Marlene\Desktop\SecurityCheck.exe
2016-03-17 23:00 - 2016-03-17 23:03 - 36413909 _____ C:\Users\Kevin\v57_eng_d8hd.pdf
2016-03-17 22:57 - 2016-03-17 23:00 - 41843476 _____ C:\Users\Kevin\Downloads\v57_eng_asj9.zip
2016-03-15 22:33 - 2016-03-15 22:34 - 00000000 ____D C:\Users\Kevin\Desktop\New folder (3)
2016-03-15 17:08 - 2016-03-15 17:08 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\WordPress.com
2016-03-14 22:30 - 2016-03-14 22:39 - 17895341 _____ C:\Users\Kevin\Downloads\maksamaksa_am_207_44.rar
2016-03-14 20:27 - 2016-03-14 20:31 - 05861852 _____ C:\Users\Kevin\Downloads\DilBobJo2.zip
2016-03-14 14:08 - 2016-03-14 14:09 - 03073668 _____ C:\Users\Kevin\Downloads\Kirsty.zip
2016-03-14 12:30 - 2016-03-14 12:30 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\OpenOffice
2016-03-13 00:35 - 2016-03-13 00:38 - 08865365 _____ C:\Users\Kevin\Downloads\MelMad1.zip
2016-03-12 00:05 - 2016-03-12 00:08 - 07577309 _____ C:\Users\Kevin\Downloads\mtr4-982.zip
2016-03-11 19:17 - 2016-03-11 19:18 - 09567482 ____T C:\Users\Kevin\Documents\Order_233976-Priority_Entry_Weekend_Birmingham_CC_March_2016-2.prn
2016-03-11 19:14 - 2016-03-11 19:15 - 09571859 ____T C:\Users\Kevin\Documents\Order_233976-Priority_Entry_Weekend_Birmingham_CC_March_2016-1.prn
2016-03-10 22:05 - 2016-03-10 22:11 - 08153027 _____ C:\Users\Kevin\Downloads\mtr4-1025.zip
2016-03-10 19:41 - 2016-03-10 19:46 - 57382897 _____ C:\Users\Kevin\Downloads\SB Episode 62.zip
2016-03-10 19:07 - 2016-03-10 19:09 - 03633345 _____ C:\Users\Kevin\Downloads\mtr5-523.zip
2016-03-10 19:05 - 2016-03-11 01:47 - 00000000 ____D C:\Users\Marlene\AppData\Roaming\WordPress.com
2016-03-10 19:03 - 2016-03-10 19:03 - 00001031 _____ C:\Users\Public\Desktop\WordPress.com.lnk
2016-03-10 19:03 - 2016-03-10 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordPress.com
2016-03-10 19:01 - 2016-03-10 19:03 - 00000000 ____D C:\Program Files (x86)\WordPress.com
2016-03-10 18:55 - 2016-03-10 18:59 - 48906240 _____ C:\Users\Kevin\Downloads\wordpress-com-1-3-0-setup.exe
2016-03-10 17:32 - 2016-03-10 17:58 - 181649778 _____ C:\Users\Kevin\Downloads\MILF Carina.rar
2016-03-10 02:46 - 2015-10-04 21:15 - 275675198 ____N C:\Users\Kevin\Downloads\53.862-Chiakis_70_sticky_bukkake_from_hell_again.mp4
2016-03-10 00:56 - 2016-03-10 02:42 - 274668108 _____ C:\Users\Kevin\Downloads\53.862-Chiakis_70_sticky_bukkake_from_hell_again.rar
2016-03-09 18:11 - 2016-03-09 18:13 - 04498807 _____ C:\Users\Kevin\Downloads\GFTURE-378.zip
2016-03-09 00:38 - 2016-03-09 00:48 - 11545205 _____ C:\Users\Kevin\Downloads\GDTURE-960.zip
2016-03-08 20:48 - 2016-03-08 20:48 - 00519752 _____ C:\Users\Kevin\Downloads\MCM Expo Store - Order fulfilment #233976.zip
2016-03-08 16:59 - 2016-03-08 17:07 - 12174112 _____ C:\Users\Kevin\Downloads\GDTURE-1070.zip
2016-03-08 13:56 - 2016-03-08 14:02 - 12580104 _____ C:\Users\Kevin\Downloads\Jay1.zip
2016-03-07 22:42 - 2016-03-07 22:50 - 08992564 _____ C:\Users\Kevin\Downloads\Pearl1.zip
2016-03-07 16:31 - 2016-03-07 16:39 - 13615676 _____ C:\Users\Kevin\Downloads\GDTURE-990.zip
2016-03-07 13:46 - 2016-03-07 13:50 - 10320240 _____ C:\Users\Kevin\Downloads\young indian wife shama.wmv
2016-03-06 00:05 - 2016-03-06 00:09 - 10679247 _____ C:\Users\Kevin\Downloads\GDTURE-1035.zip
2016-03-05 22:57 - 2016-03-05 23:03 - 41924540 _____ C:\Users\Kevin\Downloads\KateDor2.zip
2016-03-04 17:17 - 2016-03-04 17:16 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-03-04 17:15 - 2016-03-04 17:15 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-03-03 15:05 - 2016-03-03 15:11 - 11214483 _____ C:\Users\Kevin\Downloads\Francesca2.zip
2016-03-03 13:58 - 2016-03-03 13:58 - 00000045 _____ C:\Users\Kevin\Documents\always remember, #gamergate is here forever!.txt
2016-03-03 13:24 - 2016-03-03 13:29 - 45410540 _____ C:\Users\Kevin\Downloads\Tamil call center bleeped by boss.mp4
2016-03-03 13:01 - 2016-03-03 13:03 - 10358977 _____ C:\Users\Kevin\Downloads\Alex2.zip
2016-03-03 12:54 - 2016-03-03 13:00 - 63080063 _____ C:\Users\Kevin\Downloads\Desi girl bleeped by foreigner.mp4
2016-03-02 23:58 - 2016-03-01 15:44 - 00000000 ____D C:\Users\Kevin\Downloads\maksamaksa_am_206_63
2016-03-02 23:48 - 2016-03-02 23:57 - 67353854 _____ C:\Users\Kevin\Downloads\maksamaksa_am_206_63.rar
2016-03-02 14:25 - 2016-03-02 15:22 - 569802129 _____ C:\Users\Kevin\Downloads\IndianHoreHouse.mp4
2016-03-01 16:48 - 2016-03-01 16:53 - 49679108 _____ C:\Users\Kevin\Downloads\02-27-2016 [9159].zip
2016-03-01 16:46 - 2016-03-01 16:50 - 37144362 _____ C:\Users\Kevin\Downloads\02-28-2016 [9162].zip
2016-03-01 13:43 - 2016-03-01 13:46 - 17143653 _____ C:\Users\Kevin\Downloads\Hillary6.zip
2016-02-29 21:18 - 2016-02-29 21:22 - 30248362 _____ C:\Users\Kevin\Downloads\original (1).mp4
2016-02-29 21:10 - 2016-02-29 21:15 - 33307406 _____ C:\Users\Kevin\Downloads\original.mp4
2016-02-29 20:48 - 2016-02-29 20:53 - 00000000 ____D C:\Users\Kevin\Desktop\Put in a dvd
2016-02-28 00:29 - 2016-02-28 00:33 - 14548652 _____ C:\Users\Kevin\Downloads\GDTURE-866.zip
2016-02-26 01:31 - 2016-02-26 01:31 - 06650416 _____ C:\Users\Kevin\Savita Bhabhi Episode 62.pdf
2016-02-26 01:19 - 2016-02-26 01:20 - 06417867 _____ C:\Users\Kevin\Savita Bhabhi Episode 61.pdf
2016-02-26 01:15 - 2016-02-26 01:15 - 06223778 _____ C:\Users\Kevin\Downloads\GETURE-920.zip
2016-02-25 11:55 - 2016-02-25 11:55 - 00000000 ____D C:\Users\Kevin\AppData\Local\{E6AB5F26-B5D2-4642-9A96-E167F8C8F4D4}
2016-02-25 00:59 - 2016-02-25 00:59 - 05168235 _____ C:\Users\Kevin\Downloads\02-24-2016 [9149].zip
2016-02-24 14:47 - 2016-02-24 14:53 - 35373291 _____ C:\Users\Kevin\Downloads\GDTURE-803.zip
2016-02-23 22:03 - 2016-02-23 22:05 - 11092351 _____ C:\Users\Kevin\Downloads\GDTURE-948.zip
2016-02-23 19:40 - 2016-02-23 19:43 - 12264506 _____ C:\Users\Kevin\Downloads\GDTURE-995.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-23 14:14 - 2010-01-12 19:23 - 00000000 ____D C:\Users\Marlene\AppData\Roaming\Skype
2016-03-23 14:13 - 2015-10-25 18:08 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-03-23 14:12 - 2016-01-23 00:32 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3688857076-792490274-234704465-1004UA.job
2016-03-23 14:06 - 2015-07-16 13:13 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-23 13:46 - 2011-07-07 21:54 - 00000934 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3688857076-792490274-234704465-1001UA.job
2016-03-23 13:33 - 2010-01-12 17:58 - 00000270 _____ C:\ProgramData\HPWALog.txt
2016-03-23 13:23 - 2012-04-06 23:01 - 00000926 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3688857076-792490274-234704465-1004UA.job
2016-03-23 13:23 - 2012-03-30 01:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-23 13:23 - 2009-07-14 04:45 - 00023568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-23 13:23 - 2009-07-14 04:45 - 00023568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-23 13:14 - 2015-10-25 18:19 - 00000000 ___RD C:\Users\Marlene\Dropbox
2016-03-23 13:14 - 2015-10-25 18:07 - 00000000 ____D C:\Users\Marlene\AppData\Local\Dropbox
2016-03-23 13:13 - 2015-02-19 16:08 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-03-23 13:12 - 2009-09-25 08:46 - 00000292 _____ C:\ProgramData\hpqp.ini
2016-03-23 13:08 - 2015-10-25 18:08 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-03-23 13:08 - 2011-01-28 23:03 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-23 13:07 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-22 23:12 - 2016-01-23 00:32 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3688857076-792490274-234704465-1004Core.job
2016-03-22 22:18 - 2015-10-10 17:08 - 00000000 ___RD C:\Users\Kevin\OneDrive
2016-03-22 22:16 - 2010-04-23 18:09 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Skype
2016-03-22 16:46 - 2011-07-07 21:54 - 00000912 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3688857076-792490274-234704465-1001Core.job
2016-03-22 16:23 - 2012-04-06 23:01 - 00000904 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3688857076-792490274-234704465-1004Core.job
2016-03-22 15:03 - 2009-07-14 05:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-22 15:03 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2016-03-22 15:01 - 2015-02-19 16:01 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-22 15:01 - 2015-02-19 15:59 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-21 00:45 - 2010-01-13 16:35 - 00000021 _____ C:\ProgramData\hpqp.txt
2016-03-21 00:03 - 2014-09-04 22:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-20 19:52 - 2015-10-25 18:07 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-03-20 17:20 - 2014-09-04 22:19 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-20 17:18 - 2014-09-04 22:19 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-20 15:38 - 2014-09-04 22:19 - 00001062 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-20 15:38 - 2014-09-04 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-19 19:43 - 2010-01-12 19:23 - 00000000 ____D C:\ProgramData\Skype
2016-03-19 12:43 - 2012-07-14 14:59 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMarlene
2016-03-19 12:43 - 2012-07-14 14:59 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForMarlene.job
2016-03-17 23:03 - 2010-01-16 20:26 - 00000000 ____D C:\Users\Kevin
2016-03-15 00:19 - 2012-12-25 18:49 - 00002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-14 00:15 - 2012-01-30 12:17 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Firefighter 2
2016-03-11 20:20 - 2012-10-06 15:58 - 00000000 ____D C:\Users\Kevin\Kirtu
2016-03-10 23:52 - 2014-02-21 00:17 - 00002158 _____ C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-03-10 19:24 - 2012-03-30 01:41 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-10 19:24 - 2012-03-30 01:41 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-10 19:24 - 2011-06-05 23:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-10 18:45 - 2015-10-31 01:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-10 18:06 - 2013-07-25 22:58 - 00000000 ____D C:\Windows\system32\MRT
2016-03-10 17:02 - 2010-01-12 18:13 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-09 17:53 - 2015-02-19 16:08 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-03-09 17:53 - 2015-02-19 16:08 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-03-09 00:51 - 2015-10-20 14:26 - 00000000 ____D C:\Users\Kevin\New folder
2016-03-04 17:21 - 2015-02-19 16:08 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-03-04 17:20 - 2015-02-19 16:08 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-03-04 17:16 - 2015-02-19 16:08 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-03-04 17:16 - 2015-02-19 16:08 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-03-04 17:16 - 2015-02-19 16:08 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-03-04 17:16 - 2015-02-19 16:08 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-02-29 21:10 - 2015-12-07 15:29 - 00000000 ____D C:\Users\Kevin\Downloads\Nandini
2016-02-29 20:44 - 2010-01-19 17:01 - 00000000 ____D C:\Users\Xbox Live Player\AppData\Roaming\Skype
2016-02-28 22:47 - 2016-01-09 20:17 - 00000000 ____D C:\Users\Kevin\Downloads\Vika C
2016-02-23 12:47 - 2009-07-14 05:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2011-03-06 21:18 - 2011-06-19 20:30 - 0001854 _____ () C:\Users\Marlene\AppData\Roaming\GhostObjGAFix.xml
2010-03-14 13:45 - 2015-07-26 16:31 - 0019486 _____ () C:\Users\Marlene\AppData\Roaming\wklnhst.dat
2010-01-12 17:58 - 2010-01-12 17:58 - 0000000 _____ () C:\Users\Marlene\AppData\Local\AtStart.txt
2010-12-06 21:51 - 2015-06-29 16:42 - 0041472 _____ () C:\Users\Marlene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-01-12 17:58 - 2010-01-12 17:58 - 0000000 _____ () C:\Users\Marlene\AppData\Local\DSwitch.txt
2010-01-12 17:58 - 2010-01-12 17:58 - 0000000 _____ () C:\Users\Marlene\AppData\Local\QSwitch.txt
2010-11-01 16:20 - 2010-11-01 16:20 - 0000017 _____ () C:\Users\Marlene\AppData\Local\resmon.resmoncfg
2009-09-25 08:46 - 2016-03-23 13:12 - 0000292 _____ () C:\ProgramData\hpqp.ini
2010-01-13 16:35 - 2016-03-21 00:45 - 0000021 _____ () C:\ProgramData\hpqp.txt
2010-01-12 17:58 - 2016-03-23 13:33 - 0000270 _____ () C:\ProgramData\HPWALog.txt
2009-09-25 08:48 - 2009-09-25 08:48 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-08-14 20:16 - 2009-08-14 20:16 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-09-25 08:47 - 2009-09-25 08:47 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-08-14 20:10 - 2009-08-14 20:12 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-09-25 08:46 - 2009-09-25 08:46 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-09-25 08:47 - 2009-09-25 08:47 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-08-14 20:10 - 2009-08-14 20:10 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-08-14 20:12 - 2009-08-14 20:16 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-09-25 08:48 - 2009-09-25 08:48 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Some files in TEMP:
====================
C:\Users\Kevin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8jidyr.dll
C:\Users\Kevin\AppData\Local\Temp\GURC9EF.exe
C:\Users\Kevin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kevin\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Marlene\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-27 23:55

==================== End of FRST.txt ============================

#9 satchfan

satchfan

  • Malware Response Team
  • 2,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:23 AM

Posted 23 March 2016 - 10:20 AM

Please also post Addition.txt which should also be on your desktop.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#10 myRiad_spartans

myRiad_spartans
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Midlands, United Kingdom
  • Local time:10:23 AM

Posted 23 March 2016 - 11:23 AM

The forum isn't letting me attach the additional log so I will post the contents here.

Windows 7 Additional

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Marlene (2016-03-23 14:21:45)
Running from C:\Users\Marlene\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-01-12 17:48:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3688857076-792490274-234704465-500 - Administrator - Disabled)
Guest (S-1-5-21-3688857076-792490274-234704465-501 - Limited - Enabled) => C:\Users\Guest
Kevin (S-1-5-21-3688857076-792490274-234704465-1004 - Limited - Enabled) => C:\Users\Kevin
Marlene (S-1-5-21-3688857076-792490274-234704465-1001 - Administrator - Enabled) => C:\Users\Marlene
Mcx1-MARLENE-PC (S-1-5-21-3688857076-792490274-234704465-1012 - Limited - Enabled) => C:\Users\Mcx1-MARLENE-PC
Xbox Live Player (S-1-5-21-3688857076-792490274-234704465-1005 - Administrator - Enabled) => C:\Users\Xbox Live Player

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3ivx MPEG-4 5.0.3 (remove only) (HKLM-x32\...\3ivx MPEG-4 5.0.3) (Version: 5.0.3 - 3ivx Technologies, Pty. Ltd.)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated)
AOL Toolbar 5.0 (HKLM-x32\...\AOL Toolbar) (Version: 5.2.78.2 - AOL LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.0.45.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3115 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
Driving Test Success - All Tests 2011 Edition (Update 3) (HKLM-x32\...\Driving Test Success - All Tests_is1) (Version: 15.0 - Imagitech Ltd.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
EaseUS Partition Master 10.5 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
EaseUS Todo Backup Free 8.2 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 8.2 - CHENGDU YIWO Tech Development Co., Ltd)
EDELWEISS (HKLM-x32\...\EDELWEISS) (Version: - MANGA GAMER)
EDELWEISS Eiden Fantasia (HKLM-x32\...\EDELWEISS Eiden Fantasia) (Version: - MANGA GAMER)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Eroge! ~Sex and Games Make Sexy Games~ (HKLM-x32\...\Eroge! ~Sex and Games Make Sexy Games~_is1) (Version: 1.0 - MangaGamer)
ESDX4800_4200 User's Guide (HKLM-x32\...\ESDX4800_4200 User's Guide) (Version: - )
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Facebook Video Calling 1.0.0.7153 (HKLM-x32\...\{8C61886F-D069-46EF-A58A-76B17415D0B0}) (Version: 1.0.7153 - Skype Limited)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
ffdshow [rev 3119] [2009-10-27] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FlipShare (HKLM-x32\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Harem Party (HKLM-x32\...\{71A06EF1-7911-491C-ADC6-A245BA24651B}) (Version: 1.00.0000 - NEXTON)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.2.6908 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.13.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP User Guides 0148 (HKLM-x32\...\{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}) (Version: 1.01.0005 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.1.0 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6284.0 - IDT)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2021 - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodi (HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\Kodi) (Version: - XBMC-Foundation)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1913 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 8.2 - EasyBits Software AS)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.292.3 - McAfee, Inc.)
McAfee Social Protection Beta (HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\McafeeSocialProtectionBeta) (Version: 1.4.0.225 - McAfee Social Protection Beta Installer)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.183 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Kinect 1.0 Beta2 SDK (HKLM\...\{BB8DB4E0-F448-4637-9D87-9FD57D1288D2}) (Version: 1.0.0.45 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM-x32\...\{DE626616-D7C4-4F00-7E0B-EAF26FA65749}) (Version: 7.0.43.12698 - muvee Technologies Pte Ltd)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
Octoshape Streaming Services (HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\Octoshape Streaming Services) (Version: - Octoshape ApS)
OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
Plex Media Server (HKLM-x32\...\{ca5910de-4c30-4f28-b6bd-5dd8edff922d}) (Version: 0.9.1211 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1211 - Plex, Inc.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shockwave (HKLM-x32\...\Shockwave) (Version: - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
SkyPlayer for Windows Media Center (HKLM-x32\...\{D7B31233-EE2B-4911-AA3F-2A8C28843D3B}) (Version: 3.4.3.0 - Microsoft Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TomTom HOME (HKLM-x32\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - TomTom)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Unity Web Player (HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebEx (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.5.30 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.14 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WordPress.com (HKLM-x32\...\WordPress.com) (Version: - Automattic, Inc.)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A2EB9E9-957B-4831-8BC0-F5F51720C5AA} - System32\Tasks\{F6339ED3-47DB-4B5A-9BC9-73B5F6A17651} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-02-10] (Skype Technologies S.A.)
Task: {0C32DC80-53D1-47AB-B674-7551107F0C47} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {0F04C7FA-20B2-4599-9F8B-43BDC99BF841} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-03-04] (AVAST Software)
Task: {0F977A4F-F4D2-4FB9-85E0-447DFB18D1DD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-10] (Adobe Systems Incorporated)
Task: {102F7494-5696-4A79-9A52-0DE71441D4E4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-04] (AVAST Software)
Task: {2B12D089-C960-456E-A680-8401B1F79A2B} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3688857076-792490274-234704465-1001
Task: {30B137C3-62DD-45DD-85EC-974C36CC2624} - System32\Tasks\{2684C8DF-20C2-4ECA-8EC0-5331212EAD72} => pcalua.exe -a E:\2085工具(Tool)\ENGLISH\Repair\DRIVER\MDiskSetUNI.exe -d E:\2085工具(Tool)\ENGLISH\Repair\DRIVER
Task: {360A6B6F-DCF7-4B07-9B85-6C58D23C5E75} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-12-16] (Microsoft)
Task: {387BC281-A804-43BD-8EE9-EDC03C7A4C38} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3E5FC994-DC6E-4DC4-B372-E52E29557A07} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {3E898D49-E527-4E8C-9B04-62B5D4D32EEB} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-MARLENE-PC => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)
Task: {4ABF881D-1B82-463E-9ABF-48A1BEE3EC27} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3688857076-792490274-234704465-1004UA => C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-23] (Google Inc.)
Task: {6C84FD16-02EE-4DE8-B3FE-1C3FF5530F07} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3688857076-792490274-234704465-1004Core => C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-23] (Google Inc.)
Task: {6CF98D01-38D0-4101-A035-2DEF5D2F542E} - System32\Tasks\{138C4E6B-E80A-465B-8997-1994A286CA75} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {70CA950E-F381-4BC6-8DB4-D7A5B3586235} - System32\Tasks\SafeZone scheduled Autoupdate 1458659006 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {8B97F346-D8BF-4F56-89B7-96FDC67EBE5A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {9142A605-6E75-4712-AEB4-FD9C66432FF8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3688857076-792490274-234704465-1001UA => C:\Users\Marlene\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {B57196F0-01D2-4C7A-A13E-4F11F6CA093F} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3688857076-792490274-234704465-1004
Task: {BBE507D5-47A6-4A9E-AA53-4AF60A951657} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2014-12-16] (Microsoft)
Task: {BD07BFFC-D234-466F-9DA5-95F2AB2183A9} - System32\Tasks\Norton Security Scan for Marlene => C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-01-27] (Symantec Corporation)
Task: {BD773220-AF96-453A-9A05-721E8F6BF811} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3688857076-792490274-234704465-1004Core => C:\Users\Kevin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {CC085C17-93D8-49CF-B22D-02431E10D8DB} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-25] (Dropbox, Inc.)
Task: {D846DEF5-7949-4848-B12A-CDFD393C9F58} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-25] (Dropbox, Inc.)
Task: {DBDF7A9A-3FEA-4415-94EB-D03673B72FB8} - System32\Tasks\HPCeeScheduleForMarlene => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {DFEA927D-4A13-45E6-A691-174B8CD20662} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3688857076-792490274-234704465-1001Core => C:\Users\Marlene\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {FEE7DD22-618B-4EB7-B1A8-EDB2939FCB32} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3688857076-792490274-234704465-1004UA => C:\Users\Kevin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3688857076-792490274-234704465-1001Core.job => C:\Users\Marlene\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3688857076-792490274-234704465-1001UA.job => C:\Users\Marlene\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3688857076-792490274-234704465-1004Core.job => C:\Users\Kevin\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3688857076-792490274-234704465-1004UA.job => C:\Users\Kevin\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3688857076-792490274-234704465-1004Core.job => C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3688857076-792490274-234704465-1004UA.job => C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMarlene.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Norton Security Scan for Marlene.job => C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-01 12:32 - 2014-06-01 12:32 - 00773192 _____ () C:\Windows\SysWOW64\ezUPBHook64.dll
2011-05-06 12:07 - 2011-05-06 12:07 - 00460144 _____ () C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
2011-05-06 11:58 - 2011-05-06 11:58 - 01085440 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
2009-08-14 20:16 - 2009-01-21 18:47 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-03-04 17:15 - 2016-03-04 17:15 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-03-04 17:15 - 2016-03-04 17:15 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-22 22:15 - 2016-03-22 22:15 - 02857472 _____ () C:\Program Files\AVAST Software\Avast\defs\16032201\algo.dll
2016-03-04 17:15 - 2016-03-04 17:15 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-03-23 13:10 - 2016-03-23 13:10 - 02857472 _____ () C:\Program Files\AVAST Software\Avast\defs\16032301\algo.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00098856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 01296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2015-05-12 08:51 - 2015-03-14 10:53 - 00107560 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00030248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2015-05-12 08:51 - 2015-03-14 10:54 - 00281128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2015-05-12 08:51 - 2015-03-14 10:54 - 00072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00037416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2015-05-12 08:51 - 2015-03-14 10:54 - 00759848 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00407080 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00022568 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00115752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00194088 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00037928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00135720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2015-05-12 08:51 - 2014-12-14 23:53 - 00096808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
2010-10-25 23:06 - 2010-10-25 23:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtCore4.dll
2011-05-06 12:07 - 2011-05-06 12:07 - 04317184 _____ () C:\Program Files (x86)\Flip Video\FlipShare\Core.dll
2011-05-06 12:02 - 2011-05-06 12:02 - 00737280 _____ () C:\Program Files (x86)\Flip Video\FlipShare\qca2.dll
2010-10-25 23:23 - 2010-10-25 23:23 - 08351744 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtGui4.dll
2010-10-25 23:08 - 2010-10-25 23:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtNetwork4.dll
2010-10-25 23:23 - 2010-10-25 23:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtSql4.dll
2010-10-25 23:06 - 2010-10-25 23:06 - 00364544 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtXml4.dll
2010-10-26 07:34 - 2010-10-26 07:34 - 11853824 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtWebKit4.dll
2010-10-25 23:37 - 2010-10-25 23:37 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\phonon4.dll
2010-05-20 12:49 - 2010-05-20 12:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoFoundation.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoNet.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoXML.dll
2010-10-25 23:06 - 2010-10-25 23:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtCore4.dll
2010-10-25 23:08 - 2010-10-25 23:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtNetwork4.dll
2010-10-25 23:23 - 2010-10-25 23:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtSql4.dll
2010-05-20 12:49 - 2010-05-20 12:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoFoundation.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNet.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00175616 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNetSSL.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00291840 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoUtil.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoXML.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00110592 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoCrypto.dll
2016-01-11 10:36 - 2016-01-11 10:36 - 00932032 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2016-01-03 17:12 - 2016-01-03 17:12 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:1CBD84AA [144]
AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [143]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\bestpathsecurity.com -> bestpathsecurity.com
IE restricted site: HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\uni.me -> hxxp://www92.ethnicdish.uni.me

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2016-02-16 14:30 - 00000862 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3688857076-792490274-234704465-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marlene\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 217.12.218.15 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BBSvc => 3
MSCONFIG\Services: BingDesktopUpdate => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{085AD488-486F-45D5-9836-C0E4B1EA1B05}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{CF80FD19-A7EF-48B6-A1BD-E46161906188}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MNA\McNaSvc.exe
FirewallRules: [{48CD275D-D82D-472E-B5FB-C8266DFEFF80}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{27B159D3-AA57-4AF2-819B-0509247200AA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3256B919-9E3E-42F7-B3A0-C13E23253428}] => (Allow) svchost.exe
FirewallRules: [{EBB91CE5-5E5C-46FB-8735-8C6A9539188E}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{828B4EEF-7F6C-405B-976A-3AF38809EE19}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C405E389-592E-4CBE-9769-B01BCC3AC38B}] => (Allow) LPort=2869
FirewallRules: [{FF441129-39D1-4476-BB29-8FC7B0812DF0}] => (Allow) LPort=1900
FirewallRules: [{9C9D0C31-881F-4B27-907A-D0F0EC6052B8}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{3EE78325-2CCC-4A77-9410-C4479C558A10}] => (Allow) C:\Users\Marlene\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{8719B7E9-3681-4A4B-A28E-F9CBD5158D82}] => (Allow) LPort=24726
FirewallRules: [{BEE687B2-187D-4468-AC7C-E1D15E41BFB8}] => (Allow) LPort=24727
FirewallRules: [{366F4012-84B7-49E2-A047-3C0C76655075}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QP.exe
FirewallRules: [{053CD9DF-5C20-489D-8839-18E66DDC46B6}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
FirewallRules: [TCP Query User{8FE5A9A0-D424-4E0C-B366-EFB6329E3E65}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{3B308D51-3CE5-49C7-B192-EA1501D160C9}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{05384A00-45E4-408A-81C0-1CF490B9FE32}] => (Allow) C:\Users\Xbox Live Player\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{EFD4CE37-5848-4B8F-8A4D-8B9DFE596A99}] => (Allow) C:\Users\Xbox Live Player\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{F69A6D59-C1B0-4F7B-8E0B-450C16751F3F}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{F5E8A97F-96AD-439C-B400-5BA37E0297C3}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{A94AB10F-05D5-49CA-A39B-549F6C54E844}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{796651F9-6D4A-4A47-A5DB-9E445A283BF9}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{3FFC5FEF-FF5C-41E5-BBF2-E210691AFB29}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{E231D03B-3D39-443E-A64C-EAEA23D49721}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{C43D4310-6009-4BA6-9191-B4D80B67E691}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{B8F1CC98-49BE-457D-887E-A4A94C80EE84}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{298BB893-5279-4F8E-A0CA-C67117976D24}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{F15E5FBF-D96A-489A-B3F1-019B020878D3}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{D9642B97-B68E-4788-873B-BA05A61FB501}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{212368B8-B604-4C5C-80FA-752AAA9EE875}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{75BF6618-2E30-4C4A-9C84-DC5E576AFD59}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{76F5DB0F-DD04-4686-A651-B38B2C272980}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{3B9C4AD0-E9B1-4D40-8725-7414FB2BEB78}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [{B5DA3E4F-E4DB-497E-9893-16678E5F61B5}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{29D9D868-B9FA-4EBE-9305-81FEA5BDF7AF}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{01096E7F-163A-449C-AC28-91342A3B790D}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [TCP Query User{75438FE6-D6F5-4F34-921D-238F2AFFB73B}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{FB6017FD-9EF5-4FE7-B7D7-FED94534A85F}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{0AC493CD-4124-4715-873A-F61D334AB3DA}C:\users\kevin\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Block) C:\users\kevin\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [UDP Query User{26944CED-767F-4E9C-99FE-82371AC8C771}C:\users\kevin\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Block) C:\users\kevin\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [{67ADEF9D-4074-450E-92A1-0900FDE8CF85}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B85F3080-1863-4A38-B0D6-04ECA080E1B1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E0B364F0-732D-44FD-B6A1-68AC7A2FEF29}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8C336FE8-347E-473E-B380-E8FCB27EE5AE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BDC4C91B-B121-403C-A5AC-43C59B8AF961}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BDE7F5D7-03A4-4C90-8EF4-38A6F6658DB1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BA1FE29F-CA50-44D4-84D2-DF9FC27B6438}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

22-03-2016 15:10:42 Windows Update
23-03-2016 13:22:29 Windows Update
23-03-2016 13:52:28 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/23/2016 01:52:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {03e0c37f-60ec-4b75-981a-2bfce83c63cb}

Error: (03/23/2016 01:22:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {f9977ef7-52c4-4287-bb06-d8fc4ffc1ceb}

Error: (03/23/2016 01:13:16 PM) (Source: ESENT) (EventID: 439) (User: )
Description: Windows (5012) Windows: Unable to write a shadowed header for file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk. Error -1032.

Error: (03/23/2016 01:13:16 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows (5012) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (03/22/2016 06:32:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4119

Error: (03/22/2016 06:32:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4119

Error: (03/22/2016 06:32:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/22/2016 06:32:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3089

Error: (03/22/2016 06:32:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3089

Error: (03/22/2016 06:32:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (03/23/2016 01:19:16 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/23/2016 01:19:16 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/23/2016 01:16:02 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (03/23/2016 01:11:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The FlipShare Service service hung on starting.

Error: (03/23/2016 01:10:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FlipShare Service service.

Error: (03/23/2016 01:10:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FlipShare Service service.

Error: (03/23/2016 01:08:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%1053

Error: (03/23/2016 01:08:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.

Error: (03/22/2016 03:47:01 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (03/22/2016 03:41:46 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004


CodeIntegrity:
===================================
Date: 2015-02-19 15:35:59.911
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSCCCB9.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-19 15:35:59.908
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSCCCB9.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-19 15:35:59.837
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSCCCB9.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-19 15:35:58.513
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSCCCB9.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-01 13:43:09.193
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSC531E.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-01 13:43:09.150
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSC531E.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-01 13:43:09.072
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSC531E.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-01 13:43:08.986
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSC531E.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-27 16:08:54.154
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSC4CB8.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-27 16:08:54.085
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSC4CB8.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 70%
Total physical RAM: 3998.93 MB
Available physical RAM: 1178.13 MB
Total Virtual: 7996.04 MB
Available Virtual: 4269.59 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.3 GB) (Free:53.76 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.59 GB) (Free:2.09 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: DF91873D)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#11 satchfan

satchfan

  • Malware Response Team
  • 2,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:23 AM

Posted 23 March 2016 - 12:07 PM

There has been a LOT of junk dealt with so let’s clean up a bit more.


Reset the Router

Let’s try to reset the router to its default configuration.

  • this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labelled "reset" located on the back of the router.
  • press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • if you don’t know the router's default password, you can look it up. here
  • you also need to reconfigure any security settings you had in place prior to the reset.
  • you may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.


ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Marlene\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (No File)
URLSearchHook: HKU\S-1-5-21-3688857076-792490274-234704465-1001 - (No Name) - {f864ba3f-9878-458a-ba2b-dad32bcbc472} - No File
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {AC3F49B1-2912-4F76-81AB-624EA7E8F491} URL = hxxp://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
SearchScopes: HKLM -> {F9FC1670-8AD8-4BDC-8E58-56EB224739CA} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {F9FC1670-8AD8-4BDC-8E58-56EB224739CA} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\.DEFAULT -> DefaultScope {3F243AB0-5236-4FF5-8D2D-E67022440788} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\.DEFAULT -> {3F243AB0-5236-4FF5-8D2D-E67022440788} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> DefaultScope {98DA51C4-65D6-44F5-9ECE-F5B117EECDF2} URL = hxxps://www.google.co.uk/#q={searchTerms}
SearchScopes: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> {05664F42-5FBE-44D7-ADFA-F792611BFA68} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C014GB499D20151204&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> {95981329-F311-48AD-B02D-7540FB6F3276} URL = hxxp://www.youtube.com/results?search_query={searchTerms}&page={startPage?}&utm_source=opensearch
SearchScopes: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> {98DA51C4-65D6-44F5-9ECE-F5B117EECDF2} URL = hxxps://www.google.co.uk/#q={searchTerms}
SearchScopes: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> {F9FC1670-8AD8-4BDC-8E58-56EB224739CA} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL => No File
BHO-x32: No Name -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
U4 eabfiltr; no ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
AlternateDataStreams: C:\ProgramData\Temp:1CBD84AA [144]
AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [143]
IE restricted site: HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\bestpathsecurity.com -> bestpathsecurity.com
IE restricted site: HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\uni.me -> hxxp://www92.ethnicdish.uni.me
C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

================================================

Check the router

  • open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
    @echo off
    >Log1.txt (
    ipconfig /all
    nslookup google.com
    nslookup yahoo.com
    ping -n 2 google.com
    ping -n 2 yahoo.com
    route print
    )
    start Log1.txt
    del %0
    
  • save this as router.bat
  • choose to Save type as - All Files and where to save – Desktop - then close the Notepad file.
  • double-click on router.bat to run it. it will open notepad when done please post back the results.

Logs to include with next post:

router.bat result
Fixlog.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#12 myRiad_spartans

myRiad_spartans
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Midlands, United Kingdom
  • Local time:10:23 AM

Posted 25 March 2016 - 12:16 PM

The fake ads have gone now. Thank you. Here are the logs that you requested:

 

Fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Marlene (2016-03-25 14:35:11) Run:1
Running from C:\Users\Marlene\Desktop
Loaded Profiles: Marlene (Available Profiles: Marlene & Kevin & Xbox Live Player & Mcx1-MARLENE-PC & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Marlene\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (No File)
URLSearchHook: HKU\S-1-5-21-3688857076-792490274-234704465-1001 - (No Name) - {f864ba3f-9878-458a-ba2b-dad32bcbc472} - No File
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {AC3F49B1-2912-4F76-81AB-624EA7E8F491} URL = hxxp://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
SearchScopes: HKLM -> {F9FC1670-8AD8-4BDC-8E58-56EB224739CA} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {F9FC1670-8AD8-4BDC-8E58-56EB224739CA} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\.DEFAULT -> DefaultScope {3F243AB0-5236-4FF5-8D2D-E67022440788} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\.DEFAULT -> {3F243AB0-5236-4FF5-8D2D-E67022440788} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> DefaultScope {98DA51C4-65D6-44F5-9ECE-F5B117EECDF2} URL = hxxps://www.google.co.uk/#q={searchTerms}
SearchScopes: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> {05664F42-5FBE-44D7-ADFA-F792611BFA68} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C014GB499D20151204&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> {95981329-F311-48AD-B02D-7540FB6F3276} URL = hxxp://www.youtube.com/results?search_query={searchTerms}&page={startPage?}&utm_source=opensearch
SearchScopes: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> {98DA51C4-65D6-44F5-9ECE-F5B117EECDF2} URL = hxxps://www.google.co.uk/#q={searchTerms}
SearchScopes: HKU\S-1-5-21-3688857076-792490274-234704465-1001 -> {F9FC1670-8AD8-4BDC-8E58-56EB224739CA} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL => No File
BHO-x32: No Name -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
U4 eabfiltr; no ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
AlternateDataStreams: C:\ProgramData\Temp:1CBD84AA [144]
AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [143]
IE restricted site: HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\bestpathsecurity.com -> bestpathsecurity.com
IE restricted site: HKU\S-1-5-21-3688857076-792490274-234704465-1001\...\uni.me -> hxxp://www92.ethnicdish.uni.me
C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:

*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => key removed successfully
HKCR\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => key removed successfully
HKCR\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
C:\Users\Marlene\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe => not found.
HKU\S-1-5-21-3688857076-792490274-234704465-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f864ba3f-9878-458a-ba2b-dad32bcbc472} => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AC3F49B1-2912-4F76-81AB-624EA7E8F491}" => key removed successfully
HKCR\CLSID\{AC3F49B1-2912-4F76-81AB-624EA7E8F491} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F9FC1670-8AD8-4BDC-8E58-56EB224739CA}" => key removed successfully
HKCR\CLSID\{F9FC1670-8AD8-4BDC-8E58-56EB224739CA} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{F9FC1670-8AD8-4BDC-8E58-56EB224739CA}" => key removed successfully
HKCR\Wow6432Node\CLSID\{F9FC1670-8AD8-4BDC-8E58-56EB224739CA} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3F243AB0-5236-4FF5-8D2D-E67022440788}" => key removed successfully
HKCR\CLSID\{3F243AB0-5236-4FF5-8D2D-E67022440788} => key not found.
HKU\S-1-5-21-3688857076-792490274-234704465-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3688857076-792490274-234704465-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{05664F42-5FBE-44D7-ADFA-F792611BFA68}" => key removed successfully
HKCR\CLSID\{05664F42-5FBE-44D7-ADFA-F792611BFA68} => key not found.
"HKU\S-1-5-21-3688857076-792490274-234704465-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95981329-F311-48AD-B02D-7540FB6F3276}" => key removed successfully
HKCR\CLSID\{95981329-F311-48AD-B02D-7540FB6F3276} => key not found.
"HKU\S-1-5-21-3688857076-792490274-234704465-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{98DA51C4-65D6-44F5-9ECE-F5B117EECDF2}" => key removed successfully
HKCR\CLSID\{98DA51C4-65D6-44F5-9ECE-F5B117EECDF2} => key not found.
"HKU\S-1-5-21-3688857076-792490274-234704465-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F9FC1670-8AD8-4BDC-8E58-56EB224739CA}" => key removed successfully
HKCR\CLSID\{F9FC1670-8AD8-4BDC-8E58-56EB224739CA} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully
"HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}" => key removed successfully
HKCR\Wow6432Node\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} => key not found.
"HKCR\PROTOCOLS\Handler\livecall" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
"HKCR\PROTOCOLS\Handler\msnim" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
eabfiltr => service removed successfully
RtsUIR => service removed successfully
USBCCID => service removed successfully
C:\ProgramData\Temp => ":1CBD84AA" ADS removed successfully.
C:\ProgramData\Temp => ":56E2E879" ADS removed successfully.
"HKU\S-1-5-21-3688857076-792490274-234704465-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bestpathsecurity.com" => key removed successfully
"HKU\S-1-5-21-3688857076-792490274-234704465-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\uni.me" => key removed successfully
C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log => moved successfully
C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log => moved successfully
C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log => moved successfully
C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log => moved successfully
C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log => moved successfully
C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log => moved successfully
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully
C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log => moved successfully
C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log => moved successfully

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

 

Log1

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Marlene-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : dlink.com

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : dlink.com
   Description . . . . . . . . . . . : Qualcomm Atheros AR9285 802.11b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : 90-4C-E5-08-04-EF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1036:1284:b18:6227%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.7(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 25 March 2016 11:57:35 AM
   Lease Expires . . . . . . . . . . : 26 March 2016 03:28:34 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 301999710
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-6E-45-DA-00-00-00-00-00-00
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : dlink.com
   Description . . . . . . . . . . . : Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
   Physical Address. . . . . . . . . : 00-00-00-00-00-00
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 34:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5cf2:8410:106d:30b3:3f57:fef8(Preferred)
   Link-local IPv6 Address . . . . . : fe80::106d:30b3:3f57:fef8%38(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.dlink.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : dlink.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com.dlink.com
Address:  92.242.132.16

Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com.dlink.com
Address:  92.242.132.16

Pinging google.com [216.58.213.110] with 32 bytes of data:
Reply from 216.58.213.110: bytes=32 time=125ms TTL=54
Reply from 216.58.213.110: bytes=32 time=111ms TTL=54

Ping statistics for 216.58.213.110:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 111ms, Maximum = 125ms, Average = 118ms

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=202ms TTL=50
Reply from 98.139.183.24: bytes=32 time=142ms TTL=50

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 142ms, Maximum = 202ms, Average = 172ms
===========================================================================
Interface List
 11...90 4c e5 08 04 ef ......Qualcomm Atheros AR9285 802.11b/g/n WiFi Adapter
 10...00 00 00 00 00 00 ......Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 38...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 40...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.7     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.7    281
      192.168.1.7  255.255.255.255         On-link       192.168.1.7    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.7    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.7    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.7    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 38     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 38     58 2001::/32                On-link
 38    306 2001:0:5cf2:8410:106d:30b3:3f57:fef8/128
                                    On-link
 11    281 fe80::/64                On-link
 38    306 fe80::/64                On-link
 11    281 fe80::1036:1284:b18:6227/128
                                    On-link
 38    306 fe80::106d:30b3:3f57:fef8/128
                                    On-link
  1    306 ff00::/8                 On-link
 38    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None



#13 satchfan

satchfan

  • Malware Response Team
  • 2,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:23 AM

Posted 25 March 2016 - 12:30 PM

That all looks good.

I’d like you to run one more scan and if that is clear and you’re happy that this computer is OK we’ll start on the Windows 10 machine.

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:

  • start Malwarebytes-Anti-Malware and update it, (“Update” tab}
  • once it is updated, click on “Scan” tab, select Threat Scan, then click Scan.
  • when the scan is complete, if no malicious items are found you can close the program
  • if malicious items are found be sure that everything is checked and click Quarantine
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#14 myRiad_spartans

myRiad_spartans
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Midlands, United Kingdom
  • Local time:10:23 AM

Posted 26 March 2016 - 03:02 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 26/03/2016
Scan Time: 05:25 PM
Logfile: mbyteslog16.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.03.26.04
Rootkit Database: v2016.03.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Marlene
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 600047
Time Elapsed: 1 hr, 37 min, 10 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 14
PUP.Optional.MindSpark, HKU\S-1-5-21-3688857076-792490274-234704465-1004\SOFTWARE\APPDATALOW\SOFTWARE\CieoNetUtilities_0e, Quarantined, [16465d2f1b7e3afc223d30f4897b27d9], 
PUP.Optional.MyWebSearch, HKU\S-1-5-21-3688857076-792490274-234704465-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFAB9EC5-7889-45C9-B6FA-5D19CCFEA2D2}, Quarantined, [8dcfef9db0e93402e68a2dfb3ec6837d], 
PUP.Optional.ASK, HKU\S-1-5-21-3688857076-792490274-234704465-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3ED778CD-1535-4C54-9057-08339B99E0D7}, Quarantined, [73e93359bbdee65044be2e64aa5a57a9], 
PUP.Optional.OneSystemCare, HKU\S-1-5-21-3688857076-792490274-234704465-1004\SOFTWARE\ONE SYSTEM CARE, Quarantined, [005cee9eecad270ff618bf6bb54ffb05], 
PUP.Optional.MindSpark, HKU\S-1-5-21-3688857076-792490274-234704465-1005\SOFTWARE\APPDATALOW\SOFTWARE\CieoNetUtilities_0e, Quarantined, [5ffdbbd15f3ae94d2f30df45857ff50b], 
PUP.Optional.MyWebSearch, HKU\S-1-5-21-3688857076-792490274-234704465-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFAB9EC5-7889-45C9-B6FA-5D19CCFEA2D2}, Quarantined, [c19bccc0debb14224f2120087e862dd3], 
PUP.Optional.ASK, HKU\S-1-5-21-3688857076-792490274-234704465-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3ED778CD-1535-4C54-9057-08339B99E0D7}, Quarantined, [d08cfb917227d561a959e0b212f252ae], 
PUP.Optional.OneSystemCare, HKU\S-1-5-21-3688857076-792490274-234704465-1005\SOFTWARE\ONE SYSTEM CARE, Quarantined, [520a8c00b8e1a2948a84c961798b13ed], 
PUP.Optional.MindSpark, HKU\S-1-5-21-3688857076-792490274-234704465-1012\SOFTWARE\APPDATALOW\SOFTWARE\CieoNetUtilities_0e, Quarantined, [88d4d5b710892214e67925ff13f1e31d], 
PUP.Optional.OneSystemCare, HKU\S-1-5-21-3688857076-792490274-234704465-1012\SOFTWARE\ONE SYSTEM CARE, Quarantined, [124a99f3d3c674c2709ef13930d47c84], 
PUP.Optional.MindSpark, HKU\S-1-5-21-3688857076-792490274-234704465-501\SOFTWARE\APPDATALOW\SOFTWARE\CieoNetUtilities_0e, Quarantined, [d08c94f8b4e5bd797be46bb99b6902fe], 
PUP.Optional.MyWebSearch, HKU\S-1-5-21-3688857076-792490274-234704465-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFAB9EC5-7889-45C9-B6FA-5D19CCFEA2D2}, Quarantined, [e676a3e91881e2546a06fb2d56aeaa56], 
PUP.Optional.ASK, HKU\S-1-5-21-3688857076-792490274-234704465-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3ED778CD-1535-4C54-9057-08339B99E0D7}, Quarantined, [c09c6f1d6a2fa096da28870bde262dd3], 
PUP.Optional.OneSystemCare, HKU\S-1-5-21-3688857076-792490274-234704465-501\SOFTWARE\ONE SYSTEM CARE, Quarantined, [72ea107c3a5f4beb14fa78b259abeb15], 
 
Registry Values: 18
PUP.Optional.MyWebSearch, HKU\S-1-5-21-3688857076-792490274-234704465-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ffab9ec5-7889-45c9-b6fa-5d19ccfea2d2}|URL, http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YUxdm002YYgb&ptb=7E29705A-5E77-480A-938A-22965BCCFE80&ind=2012070511&ptnrS=YUxdm002YYgb&si=translateye&n=77edc26f&psa=&st=sb&searchfor={searchTerms}, Quarantined, [8dcfef9db0e93402e68a2dfb3ec6837d]
PUP.Optional.ASK, HKU\S-1-5-21-3688857076-792490274-234704465-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3ED778CD-1535-4C54-9057-08339B99E0D7}|URL, http://websearch.ask.com/redirect?client=ie&tb=FTB&o=41648107&src=crm&q={searchTerms}&locale=en_UK&apn_ptnrs=9D&apn_dtid=YYYYYYYYGB&apn_uid=51A4C060-9097-4AB8-92E7-17394EBE8D78&apn_sauid=A6A8FCC4-9527-4A46-B1F5-13FBA4C6A6D3, Quarantined, [73e93359bbdee65044be2e64aa5a57a9]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-3688857076-792490274-234704465-1004\SOFTWARE\ONE SYSTEM CARE|OSID, 6.1, Quarantined, [005cee9eecad270ff618bf6bb54ffb05]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-3688857076-792490274-234704465-1004\SOFTWARE\ONE SYSTEM CARE|AdvertsLink1, http://dl.softservers.net/121002084/DriverPro.exe, Quarantined, [64f8503ccdcc48ee838a7caeb54f24dc]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-3688857076-792490274-234704465-1004\SOFTWARE\ONE SYSTEM CARE|AdvertsLink2, http://dl.softservers.net/171002084/LiveSupport.exe, Quarantined, [4517b5d766337cba2ce151d9c73dc53b]
PUP.Optional.MyWebSearch, HKU\S-1-5-21-3688857076-792490274-234704465-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ffab9ec5-7889-45c9-b6fa-5d19ccfea2d2}|URL, http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YUxdm002YYgb&ptb=7E29705A-5E77-480A-938A-22965BCCFE80&ind=2012070511&ptnrS=YUxdm002YYgb&si=translateye&n=77edc26f&psa=&st=sb&searchfor={searchTerms}, Quarantined, [c19bccc0debb14224f2120087e862dd3]
PUP.Optional.ASK, HKU\S-1-5-21-3688857076-792490274-234704465-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3ED778CD-1535-4C54-9057-08339B99E0D7}|URL, http://websearch.ask.com/redirect?client=ie&tb=FTB&o=41648107&src=crm&q={searchTerms}&locale=en_UK&apn_ptnrs=9D&apn_dtid=YYYYYYYYGB&apn_uid=51A4C060-9097-4AB8-92E7-17394EBE8D78&apn_sauid=A6A8FCC4-9527-4A46-B1F5-13FBA4C6A6D3, Quarantined, [d08cfb917227d561a959e0b212f252ae]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-3688857076-792490274-234704465-1005\SOFTWARE\ONE SYSTEM CARE|OSID, 6.1, Quarantined, [520a8c00b8e1a2948a84c961798b13ed]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-3688857076-792490274-234704465-1005\SOFTWARE\ONE SYSTEM CARE|AdvertsLink1, http://dl.softservers.net/121002084/DriverPro.exe, Quarantined, [dc80fe8e8613b284ed202604e32102fe]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-3688857076-792490274-234704465-1005\SOFTWARE\ONE SYSTEM CARE|AdvertsLink2, http://dl.softservers.net/171002084/LiveSupport.exe, Quarantined, [b3a9d7b58d0ca492ff0e45e533d1d62a]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-3688857076-792490274-234704465-1012\SOFTWARE\ONE SYSTEM CARE|OSID, 6.1, Quarantined, [124a99f3d3c674c2709ef13930d47c84]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-3688857076-792490274-234704465-1012\SOFTWARE\ONE SYSTEM CARE|AdvertsLink1, http://dl.softservers.net/121002084/DriverPro.exe, Quarantined, [95c7cebed8c100366e9fbf6b22e2966a]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-3688857076-792490274-234704465-1012\SOFTWARE\ONE SYSTEM CARE|AdvertsLink2, http://dl.softservers.net/171002084/LiveSupport.exe, Quarantined, [69f3c3c9b2e72c0a55b8d75359ab649c]
PUP.Optional.MyWebSearch, HKU\S-1-5-21-3688857076-792490274-234704465-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ffab9ec5-7889-45c9-b6fa-5d19ccfea2d2}|URL, http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YUxdm002YYgb&ptb=7E29705A-5E77-480A-938A-22965BCCFE80&ind=2011090505&ptnrS=YUxdm002YYgb&si=translateye&n=77dece49&psa=&st=sb&searchfor={searchTerms}, Quarantined, [e676a3e91881e2546a06fb2d56aeaa56]
PUP.Optional.ASK, HKU\S-1-5-21-3688857076-792490274-234704465-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3ED778CD-1535-4C54-9057-08339B99E0D7}|URL, http://websearch.ask.com/redirect?client=ie&tb=FTB&o=41648107&src=kw&q={searchTerms}&locale=&apn_ptnrs=9D&apn_dtid=YYYYYYYYGB&apn_uid=51A4C060-9097-4AB8-92E7-17394EBE8D78&apn_sauid=A6A8FCC4-9527-4A46-B1F5-13FBA4C6A6D3, Quarantined, [c09c6f1d6a2fa096da28870bde262dd3]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-3688857076-792490274-234704465-501\SOFTWARE\ONE SYSTEM CARE|OSID, 6.1, Quarantined, [72ea107c3a5f4beb14fa78b259abeb15]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-3688857076-792490274-234704465-501\SOFTWARE\ONE SYSTEM CARE|AdvertsLink1, http://dl.softservers.net/121002084/DriverPro.exe, Quarantined, [0d4f602c7d1cc47288855ecc44c07c84]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-3688857076-792490274-234704465-501\SOFTWARE\ONE SYSTEM CARE|AdvertsLink2, http://dl.softservers.net/171002084/LiveSupport.exe, Quarantined, [92ca54382574bb7bd835200a12f217e9]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
Rogue.Link, C:\Users\Kevin\Favorites\Free Porn Forum.url, Quarantined, [5a028903efaaf73ff7f10165b84bb848], 
Rogue.Link, C:\Users\Kevin\Favorites\Free Porn Video Blog.url, Quarantined, [9bc1fb91a9f0c373618732341ce742be], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#15 satchfan

satchfan

  • Malware Response Team
  • 2,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:23 AM

Posted 26 March 2016 - 06:52 PM

AdwCleaner should have dealt with those so we need another look.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • double-click SystemLook.exe to run it.
  • copy the content of the following codebox into the main textfield - please make sure you include the colon, (:), at the beginning.:
    :filefind
    *MindSpark*
    *My Web Search*
    *MyWebSearch*
    *OneSystemCare*
    
    :folderfind
    *MindSpark*
    My Web Search
    *MyWebSearch*
    *OneSystemCare*
    
    :Regfind
    MindSpark
    My Web Search
    MyWebSearch
    OneSystemCare
    
  • click the Look button to start the scan.
  • when finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users