Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with some sort of Malware/Ransomware


  • This topic is locked This topic is locked
19 replies to this topic

#1 lel1120

lel1120

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 20 April 2016 - 04:21 PM

hello... My computer was infected on Monday evening (in the middle of the night) I wasn't even on the computer, but the next morning I awoke to a Notepad message with the malware/ransomware...
 
I ran Malwarebytes and have removed the malware/ransomware (I think!) but now all of my files are .crypted
 
I tried the simple task of renaming a few of the file and am able too; but they will not open by just doing that.  
 
I ran the suggested FRST and please see attached Notepad:
 
TIA for any help!!
-Lindsay
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-04-2016
Ran by Lindsay (administrator) on LINDSAY-PC (20-04-2016 13:59:45)
Running from C:\Users\Lindsay\Downloads
Loaded Profiles: Lindsay (Available Profiles: Lindsay)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe
( ) C:\Windows\System32\dlcjcoms.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Sonix) C:\Windows\vsnp2uvc.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SwapDrive, Inc.) C:\Program Files\Online Backup\OnlineBackup.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\Hp\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\Belkin\F1U201.401\usbshare.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(www.shadowexplorer.com) C:\Program Files\ShadowExplorer\sesvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-12] (Synaptics, Inc.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [622592 2006-12-18] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [65536 2006-07-19] (Brother Industries, Ltd.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46632 2007-01-11] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] => "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [675840 2008-08-01] (Sonix)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-11-02] (Western Digital Technologies, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [BrowserAppCoreService] => C:\Users\Lindsay\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe [49152 2013-08-26] (ShopAtHome.com)
HKLM\...\Run: [ATT_McciTrayApp] => "C:\Program Files\ATT\8.4.1.11\ma\bin\pcTrayApp.exe"
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [@BackupScheduler] => C:\Program Files\Online Backup\OnlineBackup.exe [611768 2007-09-20] (SwapDrive, Inc.)
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [226904 2007-07-12] (Macrovision Corporation)
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\Hp\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [2427400 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [GoogleChromeAutoLaunch_992BA959EE9962246D5D731966759E72] => C:\Program Files\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [Crypted] => C:\Users\Lindsay\AppData\Local\Temp\a.txt <===== ATTENTION
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [**5b7f285d<*>] => C:\Users\Lindsay\AppData\Local\ywuv\G2uUB.GjHytT <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [Umdrmedia] => C:\Users\Lindsay\AppData\Local\Umdrmedia\a2.exe
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [ARCworks] => C:\Windows\System32\regsvr32.exe C:\Users\Lindsay\AppData\Local\Umdrmedia\gkjnyqjd.dll
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [Udqmedia] => regsvr32.exe C:\Users\Lindsay\AppData\Local\Udqmedia\rjkvynws.dll <===== ATTENTION
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\RunOnce: [Application Restart #3] => C:\Program Files\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\MountPoints2: {99a7cd71-5e96-11dc-be60-8000131432f2} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Lindsay\AppData\Local\Umdrmedia\rnlcugwd.dll ATTENTION
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\InprocServer32: [Default-pngfilt]  <==== ATTENTION
 
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION
HKU\S-1-5-18\...\Run: [YSearchProtection] => C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2007-10-12]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\F1U201.401.lnk [2008-06-13]
ShortcutTarget: F1U201.401.lnk -> C:\Program Files\Belkin\F1U201.401\usbshare.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-10-23]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2008-03-18]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2008-09-29]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5D397078-D39D-4699-93C7-15D8C45D702E}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5F65C9C6-74BA-41CE-927B-79616BFA11A0}: [DhcpNameServer] 192.168.0.1 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*hxxp://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*hxxp://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = 
SearchScopes: HKLM -> {61FBACB3-E8CE-4F01-8815-2BC6B991FA77} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVNUS7
SearchScopes: HKLM -> {B03AA86A-D1DF-4705-89C1-8BF7BD02F118} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-1078577255-633202429-3496206462-1000 -> {19F2B849-4ADE-4d4b-85F9-C31C643DBDE9} URL = hxxp://www.fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=4&tid={5348328E-801C-4593-B46A-D695BC064081}
SearchScopes: HKU\S-1-5-21-1078577255-633202429-3496206462-1000 -> {21A5A706-4507-4BAE-88F8-D6F63671CB22} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1078577255-633202429-3496206462-1000 -> {2C7390BE-6D43-4F63-983E-F8AD11424426} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MS8TDF&pc=MS8TDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1078577255-633202429-3496206462-1000 -> {3A8B0D16-D90D-4090-985E-E3A3D7289769} URL = hxxp://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-1078577255-633202429-3496206462-1000 -> {57C89EB0-EF8F-4699-86D5-FE8801218B2C} URL = hxxp://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-1078577255-633202429-3496206462-1000 -> {61FBACB3-E8CE-4F01-8815-2BC6B991FA77} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVNUS7
SearchScopes: HKU\S-1-5-21-1078577255-633202429-3496206462-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-1078577255-633202429-3496206462-1000 -> {790880C7-573A-4DAF-9349-BAB2CDE6AF8A} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1078577255-633202429-3496206462-1000 -> {9748A70E-2C34-4E6D-B368-81C214721410} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
SearchScopes: HKU\S-1-5-21-1078577255-633202429-3496206462-1000 -> {AD43A510-0817-11DE-A4D6-59A755D89593} URL = hxxp://search.yahoo.com/search?ei=utf-8&fr=bfg&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1078577255-633202429-3496206462-1000 -> {B03AA86A-D1DF-4705-89C1-8BF7BD02F118} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=ushpl
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-28] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-28] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06] (Hewlett-Packard Co.)
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\f065acs5.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-01-11] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-28] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll [2012-10-16] (Alcatel-Lucent)
FF Plugin: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll [2006-03-31] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1078577255-633202429-3496206462-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Lindsay\AppData\Local\Citrix\Plugins\104\npappdetector.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2007-05-10] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2007-11-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2007-11-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2007-11-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2007-11-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2007-11-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2007-11-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2007-11-30] (Apple Inc.)
FF Extension: Yahoo! Toolbar - C:\Users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\f065acs5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2007-11-25] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-10-31] [not signed]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google Search) - C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-03]
CHR Extension: (Search by Image (by Google)) - C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-12-30]
CHR Extension: (Google Docs Offline) - C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-22]
CHR Extension: (Pin It Button) - C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Gmail) - C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-07]
CHR HKLM\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1078577255-633202429-3496206462-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ddpocmpoechljihmgemoaahhmadaenbc] - <no Path\update_url>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [270431 2007-03-28] () [File not signed]
S2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [118877 2007-03-28] () [File not signed]
S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-01-09] (Hewlett-Packard Development Company, L.P.) [File not signed]
S4 dlbf_device; C:\Windows\system32\dlbfcoms.exe [538096 2007-03-09] ( )
R2 dlcj_device; C:\Windows\system32\dlcjcoms.exe [537480 2006-11-17] ( )
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [217088 2008-03-07] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 HPSLPSVC; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL [663552 2007-10-14] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [235696 2015-12-02] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 pcCMService; C:\Program Files\Common Files\Motive\pcCMService.exe [369152 2013-10-22] (Alcatel-Lucent) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S4 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2009-09-16] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2006-11-09] (Intuit Inc.) [File not signed]
R2 sesvc; C:\Program Files\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2013-10-18] (Enigma Software Group USA, LLC.)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-11-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-11-02] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S2 AT&T Troubleshoot & Resolve; "C:\Program Files\ATT\8.4.1.11\ma\bin\MAHostService.exe" [X]
S3 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R0 AFS; C:\Windows\system32\Drivers\AFS.sys [79052 2012-04-26] (Oak Technology Inc.) [File not signed]
S3 APL531; C:\Windows\System32\Drivers\ov550i.sys [596480 2007-04-10] (Omnivision Technologies, Inc.) [File not signed]
R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13904 2011-05-06] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
R3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [148992 2006-12-12] (Conexant Systems Inc.) [File not signed]
S3 KLIF; C:\Windows\system32\drivers\klif.sys [148496 2009-03-16] (Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-04-20] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2012-10-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2012-10-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 RimSerPort; C:\Windows\System32\DRIVERS\RimSerial.sys [18432 2005-08-16] (Research in Motion Ltd)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3482240 2009-06-09] ()
S3 SUSTUCAM; C:\Windows\System32\DRIVERS\sustucam.sys [47360 2009-11-25] (Susteen, Inc.)
S3 SUSTUCAP; C:\Windows\System32\DRIVERS\sustucap.sys [47360 2009-11-25] (Susteen, Inc.)
S3 SUSTUCAU; C:\Windows\System32\DRIVERS\sustucau.sys [28032 2009-11-25] (Susteen, Inc.)
R3 tap0801; C:\Windows\System32\DRIVERS\tap0801.sys [26624 2006-10-01] (The OpenVPN Project) [File not signed]
S3 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [104064 2007-11-25] (Microsoft Corporation) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 BLKWGU(Belkin); system32\DRIVERS\BLKWGU.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
U2 WZCSVC; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-20 13:58 - 2016-04-20 13:58 - 00000829 ____C C:\Users\Lindsay\Desktop\FRST - Shortcut.lnk
2016-04-20 12:20 - 2016-04-20 12:24 - 00336456 ____C C:\Users\Lindsay\Downloads\Addition.txt
2016-04-20 12:17 - 2016-04-20 13:59 - 00031036 ____C C:\Users\Lindsay\Downloads\FRST.txt
2016-04-20 12:15 - 2016-04-20 12:15 - 01726464 ____C (Farbar) C:\Users\Lindsay\Downloads\FRST (1).exe
2016-04-20 12:13 - 2016-04-20 13:59 - 00000000 ___DC C:\FRST
2016-04-20 12:13 - 2016-04-20 12:13 - 01726464 ____C (Farbar) C:\Users\Lindsay\Downloads\FRST.exe
2016-04-20 12:08 - 2016-04-20 12:08 - 01355144 ____C (Emsisoft Ltd) C:\Users\Lindsay\Downloads\decrypt_autolocky.exe
2016-04-20 12:04 - 2016-04-20 12:04 - 00201234 ____C C:\Users\Lindsay\Downloads\py2exe-0.6.9.win32-py2.7.exe
2016-04-20 11:45 - 2016-04-20 11:45 - 00712192 ____C (Cisco Systems Inc.) C:\Users\Lindsay\Downloads\TeslaDecrypter.exe
2016-04-20 11:38 - 2016-04-20 11:38 - 00452424 ____C (Bleeping Computer, LLC) C:\Users\Lindsay\Downloads\ListCWall.exe
2016-04-20 11:38 - 2016-04-20 11:38 - 00001248 ____C C:\Users\Lindsay\Desktop\ListCWall.txt
2016-04-20 11:28 - 2016-04-20 11:28 - 00001682 ____C C:\Users\Lindsay\Desktop\ShadowExplorer.lnk
2016-04-20 11:28 - 2016-04-20 11:28 - 00000000 ___DC C:\Users\Lindsay\AppData\Roaming\www.shadowexplorer.com
2016-04-20 11:28 - 2016-04-20 11:28 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2016-04-20 11:27 - 2016-04-20 11:28 - 00000000 ___DC C:\Program Files\ShadowExplorer
2016-04-20 11:26 - 2016-04-20 11:27 - 00969845 ____C (ShadowExplorer.com ) C:\Users\Lindsay\Downloads\ShadowExplorer-0.9-setup.exe
2016-04-20 09:11 - 2016-04-20 12:15 - 00170200 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-20 09:08 - 2016-04-20 09:08 - 00000899 ____C C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-20 09:08 - 2016-04-20 09:08 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-20 09:08 - 2016-04-20 09:08 - 00000000 ___DC C:\ProgramData\Malwarebytes
2016-04-20 09:08 - 2016-04-20 09:08 - 00000000 ___DC C:\Program Files\Malwarebytes Anti-Malware
2016-04-20 09:08 - 2016-03-10 14:09 - 00053120 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-20 09:08 - 2016-03-10 14:08 - 00126336 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-20 09:08 - 2016-03-10 14:08 - 00024448 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-20 09:05 - 2016-04-20 09:06 - 22851472 ____C (Malwarebytes ) C:\Users\Lindsay\Downloads\mbam-setup-web.NT-2.2.1.1043.exe
2016-04-19 12:41 - 2016-04-20 11:02 - 00008192 ____C C:\Windows\system32\WDPABKP.dat
2016-04-19 12:38 - 2016-04-20 12:24 - 00006736 ____C C:\Windows\system32\PerfStringBackup.TMP
2016-04-19 12:33 - 2016-04-19 16:30 - 00000000 ___DC C:\Users\Lindsay\AppData\Roaming\Online Backup
2016-04-18 21:05 - 2016-04-18 21:05 - 02236106 ____C C:\Users\Lindsay\Documents\Photograph.jpg.crypted
2016-04-18 21:05 - 2016-04-18 21:05 - 01129722 ____C C:\Users\Lindsay\Documents\Photograph (9).jpg.crypted
2016-04-18 21:05 - 2016-04-18 21:05 - 00585673 ____C C:\Users\Lindsay\Documents\scan0002.jpg.crypted
2016-04-18 21:05 - 2016-04-18 21:05 - 00302986 ____C C:\Users\Lindsay\Documents\Photograph (8).jpg.crypted
2016-04-18 21:04 - 2016-04-18 21:05 - 01969674 ____C C:\Users\Lindsay\Documents\Photograph (6).jpg.crypted
2016-04-18 21:04 - 2016-04-18 21:05 - 00338858 ____C C:\Users\Lindsay\Documents\Photograph (7).jpg.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 41731691 ____C C:\Users\Lindsay\Documents\Sandy Turner Submittal package.max.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 04855323 ____C C:\Users\Lindsay\Documents\Subcontract Attachments.max.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 03430618 ____C C:\Users\Lindsay\Documents\W9-signed.max.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 02336827 ____C C:\Users\Lindsay\Documents\Photograph (14).jpg.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 01987306 ____C C:\Users\Lindsay\Documents\Photograph (12).jpg.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 01823770 ____C C:\Users\Lindsay\Documents\Photograph (10).jpg.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 01485930 ____C C:\Users\Lindsay\Documents\Photograph (13).jpg.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 01235128 ____C C:\Users\Lindsay\Documents\004.JPG.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 01176824 ____C C:\Users\Lindsay\Documents\002.JPG.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 01154584 ____C C:\Users\Lindsay\Documents\003.JPG.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 01148106 ____C C:\Users\Lindsay\Documents\Photograph (4).jpg.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 01145368 ____C C:\Users\Lindsay\Documents\001.JPG.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 00920986 ____C C:\Users\Lindsay\Documents\Photograph (3).jpg.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 00910073 ____C C:\Users\Lindsay\Documents\W9-signed (2).max.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 00822922 ____C C:\Users\Lindsay\Documents\Social Security no.max.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 00818794 ____C C:\Users\Lindsay\Documents\Photograph (2).jpg.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 00611578 ____C C:\Users\Lindsay\Documents\Subcontract Attachments (2).max.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 00508074 ____C C:\Users\Lindsay\Documents\Photograph (11).jpg.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 00202314 ____C C:\Users\Lindsay\Documents\Sarah Sanderson Grace.max.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 00186024 ____C C:\Users\Lindsay\Documents\SGS.max.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 00073290 ____C C:\Users\Lindsay\Documents\Photograph (5).jpg.crypted
2016-04-18 21:03 - 2016-04-18 21:04 - 16578155 ____C C:\Users\Lindsay\Documents\NYE printables.max.crypted
2016-04-18 21:03 - 2016-04-18 21:04 - 00585674 ____C C:\Users\Lindsay\Documents\Sandy Turner II.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 18392603 ____C C:\Users\Lindsay\Documents\Hartley Subcontract Phase.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 15420347 ____C C:\Users\Lindsay\Documents\Greenleaf Ph. 2&3 Lath & Plaster Submittal.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 03113339 ____C C:\Users\Lindsay\Documents\Prevailing Wage Handout.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 02514539 ____C C:\Users\Lindsay\Documents\Housing in Ghana.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 01682970 ____C C:\Users\Lindsay\Documents\Parent vendor WAIVER OF LIABILITY & HH Agreement-signed.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 01500266 ____C C:\Users\Lindsay\Documents\greenleaf CO #8.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 01125256 ____C C:\Users\Lindsay\Documents\HH.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 01124026 ____C C:\Users\Lindsay\Documents\Hartley East County Hall of Justice 3.27.15 2.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 01119978 ____C C:\Users\Lindsay\Documents\NYE printables (3).max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 01057130 ____C C:\Users\Lindsay\Documents\greenleaf CO #8 (2).max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 01050218 ____C C:\Users\Lindsay\Documents\labels-p4-blanks.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00982058 ____C C:\Users\Lindsay\Documents\greenleaf CO #7 (2).max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00980682 ____C C:\Users\Lindsay\Documents\greenleaf CO #6 (2).max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00882954 ____C C:\Users\Lindsay\Documents\greenleaf CO #5.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00880522 ____C C:\Users\Lindsay\Documents\greenleaf CO #6.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00875370 ____C C:\Users\Lindsay\Documents\greenleaf CO #7.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00778026 ____C C:\Users\Lindsay\Documents\Greenleaf CO #9.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00630250 ____C C:\Users\Lindsay\Documents\NYE printables (2).max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00599402 ____C C:\Users\Lindsay\Documents\Greenleaf CO #9 (2).max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00585834 ____C C:\Users\Lindsay\Documents\Greenleaf Ph. 2&3 Lath & Plaster Submittal (2).max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00553305 ____C C:\Users\Lindsay\Documents\LOI (2).max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00450920 ____C C:\Users\Lindsay\Documents\LOI.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00319481 ____C C:\Users\Lindsay\Documents\Lego 4.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00318841 ____C C:\Users\Lindsay\Documents\Lego 3.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00311434 ____C C:\Users\Lindsay\Documents\No-Loss-Letter.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00000134 ____C C:\Users\Lindsay\Documents\K-1.max.crypted
2016-04-18 21:02 - 2016-04-18 21:03 - 01016074 ____C C:\Users\Lindsay\Documents\greenleaf CO #5 (2).max.crypted
2016-04-18 21:02 - 2016-04-18 21:03 - 00883978 ____C C:\Users\Lindsay\Documents\greenleaf CO #4.max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 10450699 ____C C:\Users\Lindsay\Documents\Employee Master File - Part 2 of 2.max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 05268539 ____C C:\Users\Lindsay\Documents\Greenleaf - DPI_COR#014R2 Kel-Prime & Acrylic Finish Upgrade.max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 03927691 ____C C:\Users\Lindsay\Documents\doc20151214110729.max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 03362619 ____C C:\Users\Lindsay\Documents\Green Leaf Change Orders (1).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 01916026 ____C C:\Users\Lindsay\Documents\greenleaf CO #2 (2) (2).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 01059434 ____C C:\Users\Lindsay\Documents\Greenleaf CO #3 (2).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 01053242 ____C C:\Users\Lindsay\Documents\greenleaf CO #3 (2) (2) (2).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 01024778 ____C C:\Users\Lindsay\Documents\Greenleaf CO #2 (2).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 01016298 ____C C:\Users\Lindsay\Documents\Green Leaf Change Orders (1) (2).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00999562 ____C C:\Users\Lindsay\Documents\greenleaf CO #4 (2).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00975306 ____C C:\Users\Lindsay\Documents\Green Leaf  CO #1 (2).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00902298 ____C C:\Users\Lindsay\Documents\greenleaf CO #3 (2) (2).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00891946 ____C C:\Users\Lindsay\Documents\Greenleaf CO #3.max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00890314 ____C C:\Users\Lindsay\Documents\Green Leaf  CO #1.max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00878634 ____C C:\Users\Lindsay\Documents\Greenleaf CO #2.max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00693114 ____C C:\Users\Lindsay\Documents\CleaningChecklistPrintable.max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00632138 ____C C:\Users\Lindsay\Documents\Greenleaf CO #10 (2).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00576586 ____C C:\Users\Lindsay\Documents\Attachments (4).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00545081 ____C C:\Users\Lindsay\Documents\Attachments.max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00538122 ____C C:\Users\Lindsay\Documents\6-30-15 Cahill pg 2.max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00495434 ____C C:\Users\Lindsay\Documents\5-28-15 Cahill.max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00480874 ____C C:\Users\Lindsay\Documents\Greenleaf CO #10.max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00424490 ____C C:\Users\Lindsay\Documents\Attachments (5).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00395434 ____C C:\Users\Lindsay\Documents\Attachments (3).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00393898 ____C C:\Users\Lindsay\Documents\Attachments (6).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00391754 ____C C:\Users\Lindsay\Documents\Attachments (2).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00000216 ____C C:\Users\Lindsay\Documents\GENERAL TERMS AND CONDITIONS - ALL Trees.max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00000216 ____C C:\Users\Lindsay\Documents\GENERAL TERMS AND CONDITIONS - ALL Trees (2).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00000182 ____C C:\Users\Lindsay\Documents\Drywall Bay Area 010115.max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00000182 ____C C:\Users\Lindsay\Documents\Drywall Bay Area 010115 (2).max.crypted
2016-04-18 21:01 - 2016-04-18 21:02 - 00855801 ____C C:\Users\Lindsay\Documents\2015 Certs.max.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 23345610 ____C C:\Users\Lindsay\Documents\Document (8).pdf.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 15444603 ____C C:\Users\Lindsay\Documents\11-20-2014 Employer Enrollment Appilcation.max.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 05276682 ____C C:\Users\Lindsay\Documents\Document (4).pdf.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 03459657 ____C C:\Users\Lindsay\Documents\#6-#9.max.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 02811499 ____C C:\Users\Lindsay\Documents\Document (8) (2).pdf.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 01340201 ____C C:\Users\Lindsay\Documents\Document (7).pdf.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 01153753 ____C C:\Users\Lindsay\Documents\Document (9).pdf.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 00921401 ____C C:\Users\Lindsay\Documents\Document (6).pdf.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 00766426 ____C C:\Users\Lindsay\Documents\101790265-Quatrefoil-Monogram-Papaya-Peach.max.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 00694857 ____C C:\Users\Lindsay\Documents\Document (5).pdf.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 00653802 ____C C:\Users\Lindsay\Documents\2015 Certs (2) (3).max.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 00620810 ____C C:\Users\Lindsay\Documents\2015 Certs (2) (2).max.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 00612074 ____C C:\Users\Lindsay\Documents\2015 Certs (3).max.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 00524650 ____C C:\Users\Lindsay\Documents\2015 Certs (4).max.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 00460552 ____C C:\Users\Lindsay\Documents\1R.max.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 00460296 ____C C:\Users\Lindsay\Documents\1.max.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 00383466 ____C C:\Users\Lindsay\Documents\2015 Certs (2).max.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 00177145 ____C C:\Users\Lindsay\Documents\Document.pdf.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 00000248 ____C C:\Users\Lindsay\Documents\2012-07-31 - GENERAL TERMS AND CONDITIONS - ALL Trees (2).max.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 00000232 ____C C:\Users\Lindsay\Documents\2012-07-31 - GENERAL TERMS AND CONDITIONS - ALL Trees.max.crypted
2016-04-18 21:00 - 2016-04-18 21:01 - 24264474 ____C C:\Users\Lindsay\Documents\Document (14).pdf.crypted
2016-04-18 21:00 - 2016-04-18 21:01 - 02027753 ____C C:\Users\Lindsay\Documents\Document (3).pdf.crypted
2016-04-18 21:00 - 2016-04-18 21:00 - 03442650 ____C C:\Users\Lindsay\Documents\Document (15).pdf.crypted
2016-04-18 21:00 - 2016-04-18 21:00 - 01503609 ____C C:\Users\Lindsay\Documents\Document (12).pdf.crypted
2016-04-18 21:00 - 2016-04-18 21:00 - 01491129 ____C C:\Users\Lindsay\Documents\Document (13).pdf.crypted
2016-04-18 21:00 - 2016-04-18 21:00 - 00564169 ____C C:\Users\Lindsay\Documents\Document (10).pdf.crypted
2016-04-18 21:00 - 2016-04-18 21:00 - 00531929 ____C C:\Users\Lindsay\Documents\Document (11).pdf.crypted
2016-04-18 21:00 - 2016-04-18 21:00 - 00095513 ____C C:\Users\Lindsay\Documents\Document (2).pdf.crypted
2016-04-18 21:00 - 2016-04-18 21:00 - 00053978 ____C C:\Users\Lindsay\Documents\Happy birthday Johnny.doc.crypted
2016-04-18 21:00 - 2016-04-18 21:00 - 00024248 ____C C:\Users\Lindsay\Documents\tat.doc.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00418345 ____C C:\Users\Lindsay\Desktop\Warriors.jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00285626 ____C C:\Users\Lindsay\Desktop\Warriors 3 x 2.jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00196648 ____C C:\Users\Lindsay\Desktop\shaw.jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00154490 ____C C:\Users\Lindsay\Desktop\wired_california_drought_guide1-1024x576.jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00109514 ____C C:\Users\Lindsay\Desktop\CLAYTON-VALLEY-Little-League.jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00084954 ____C C:\Users\Lindsay\Desktop\CLAYTON-VALLEY-Little-League1.jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00069497 ____C C:\Users\Lindsay\Desktop\Capture.JPG.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00069018 ____C C:\Users\Lindsay\Desktop\Giants-baseball-for-post.jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00062297 ____C C:\Users\Lindsay\Desktop\swim 2015.JPG.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00050666 ____C C:\Users\Lindsay\Desktop\clip-art-spongebob-491292.jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00049081 ____C C:\Users\Lindsay\Desktop\Capture2.JPG.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00046841 ____C C:\Users\Lindsay\Desktop\Save-the-Date.jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00044602 ____C C:\Users\Lindsay\Desktop\salvador-dali-the-elephants-4360.jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00038409 ____C C:\Users\Lindsay\Desktop\procserv (1).jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00035385 ____C C:\Users\Lindsay\Desktop\procserv (2).jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00032777 ____C C:\Users\Lindsay\Desktop\procserv.jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00025001 ____C C:\Users\Lindsay\Desktop\Capturek.JPG.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00020266 ____C C:\Users\Lindsay\Desktop\Little League Logo New.jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00012872 ____C C:\Users\Lindsay\Desktop\img-thing.jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00011288 ____C C:\Users\Lindsay\Desktop\download.jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00006568 ____C C:\Users\Lindsay\Desktop\download (1).jpg.crypted
2016-04-18 20:12 - 2016-04-18 20:13 - 00026057 ____C C:\Users\Lindsay\Desktop\Award 4.JPG.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 15333515 ____C C:\Users\Lindsay\Desktop\TimeManagementPrintableKit.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 01399290 ____C C:\Users\Lindsay\Desktop\OrganizingChallengeProjectPrintable.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 01327785 ____C C:\Users\Lindsay\Desktop\EV 2-2-16.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 01298970 ____C C:\Users\Lindsay\Desktop\Scan14-06-13 1405.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 01193882 ____C C:\Users\Lindsay\Desktop\Signed Subcontract with prices 6-22-15.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00616138 ____C C:\Users\Lindsay\Desktop\Etsy_10134009917.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00382698 ____C C:\Users\Lindsay\Desktop\Revised Greenleaf Phase 2 & 3 Plaster Proposal.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00372538 ____C C:\Users\Lindsay\Desktop\Oakland Civic Center.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00303336 ____C C:\Users\Lindsay\Desktop\SSG.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00199706 ____C C:\Users\Lindsay\Desktop\CVLL_Volunteer_Refund_Form_2015.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00197690 ____C C:\Users\Lindsay\Desktop\CVLL_Volunteer_Refund_Form_2015-mcnally.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00185418 ____C C:\Users\Lindsay\Desktop\Drywall_Current_Rates.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00154762 ____C C:\Users\Lindsay\Desktop\McNally-WCSpringClinicRegistrationform2016.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00117961 ____C C:\Users\Lindsay\Desktop\Project1.mpp.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00081690 ____C C:\Users\Lindsay\Desktop\OUSD Whittier Rack 1-28-15.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00076745 ____C C:\Users\Lindsay\Desktop\Plaster Rates.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00070506 ____C C:\Users\Lindsay\Desktop\Little_League_Day___A_s___SF_Giants.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00060250 ____C C:\Users\Lindsay\Desktop\My Subcontractor Agreement.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00053162 ____C C:\Users\Lindsay\Desktop\My Account - Nationwide.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00024714 ____C C:\Users\Lindsay\Desktop\dmv_registration_hold_dispute.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00022121 ____C C:\Users\Lindsay\Desktop\Award 1.JPG.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00021274 ____C C:\Users\Lindsay\Desktop\Grace-CA report.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00021065 ____C C:\Users\Lindsay\Desktop\Award 2.JPG.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00020360 ____C C:\Users\Lindsay\Desktop\Will.pdf
2016-04-18 20:12 - 2016-04-18 20:12 - 00019353 ____C C:\Users\Lindsay\Desktop\Award 3.JPG.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00017993 ____C C:\Users\Lindsay\Desktop\Save the Date.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00016665 ____C C:\Users\Lindsay\Desktop\Time Keeper.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00008073 ____C C:\Users\Lindsay\Desktop\Drywall Bay Area 010115.pdf.crypted
2016-04-18 20:11 - 2016-04-18 20:12 - 00181002 ____C C:\Users\Lindsay\Desktop\Carpenters_Current_Rates.pdf.crypted
2016-04-18 20:11 - 2016-04-18 20:12 - 00045640 ____C C:\Users\Lindsay\Desktop\Bid.pdf.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 30353611 ____C C:\Users\Lindsay\Desktop\Nathaniel Hartley.ZIP.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 03071579 ____C C:\Users\Lindsay\Desktop\Aronuna 7-2-14 (2).pdf.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 01315034 ____C C:\Users\Lindsay\Desktop\5-30-14 sketch.pdf.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 00338650 ____C C:\Users\Lindsay\Desktop\Aronuna 7-2-14.doc.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 00200378 ____C C:\Users\Lindsay\Desktop\2015-2016 Drywall.Lathing Wage Card.pdf.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 00183130 ____C C:\Users\Lindsay\Desktop\Aronuna 7-2-14.pdf.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 00089866 ____C C:\Users\Lindsay\Desktop\McNally-WCSpringClinicRegistrationform2016.doc.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 00083658 ____C C:\Users\Lindsay\Desktop\5-1-15 receipt.pdf.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 00031928 ____C C:\Users\Lindsay\Desktop\Bid.doc.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 00026330 ____C C:\Users\Lindsay\Desktop\Grace-CA report.doc.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 00024265 ____C C:\Users\Lindsay\Desktop\Save the Date.doc.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 00021033 ____C C:\Users\Lindsay\Desktop\2015 Rates.pdf.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 00016585 ____C C:\Users\Lindsay\Desktop\2015 Rates.xls.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 00016072 ____C C:\Users\Lindsay\Desktop\Time Keeper.xls.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 00012409 ____C C:\Users\Lindsay\Desktop\Giants - FarmB Practice - Revised.xlsx.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 00010793 ____C C:\Users\Lindsay\Desktop\Farm_B Giants - parents copy.xlsx.crypted
2016-04-18 12:15 - 2016-04-20 10:57 - 00000000 ___DC C:\Users\Lindsay\AppData\Local\Umdrmedia
2016-03-28 10:36 - 2016-03-28 10:36 - 00000000 ___DC C:\Program Files\Common Files\Java
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-20 13:56 - 2010-03-26 10:17 - 00000886 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-20 13:03 - 2012-04-26 15:55 - 00000830 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-20 13:01 - 2006-11-02 05:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-20 13:01 - 2006-11-02 05:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-20 12:24 - 2006-11-02 04:18 - 00000000 ___DC C:\Windows\inf
2016-04-20 11:56 - 2010-03-26 10:17 - 00000882 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-20 11:04 - 2010-11-19 11:41 - 00000437 ____C C:\Windows\system32\Drivers\etc\hosts.ics
2016-04-20 11:01 - 2006-11-02 06:01 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2016-04-20 11:00 - 2011-09-27 17:43 - 00000000 ___DC C:\Program Files\Upromise
2016-04-20 11:00 - 2006-11-02 04:18 - 00000000 ___DC C:\Windows\tapi
2016-04-20 10:59 - 2007-09-07 19:37 - 00000012 _____ C:\Windows\bthservsdp.dat
2016-04-20 10:59 - 2006-11-02 06:01 - 00032652 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-20 10:57 - 2015-02-19 14:03 - 00000000 ___DC C:\Program Files\EliteUnzip
2016-04-20 10:57 - 2012-04-23 10:39 - 00000000 ___DC C:\ProgramData\InstallMate
2016-04-19 12:44 - 2007-09-07 07:56 - 00000000 ___DC C:\Users\Lindsay
2016-04-19 12:38 - 2015-11-18 13:12 - 00000000 ___DC C:\Users\Lindsay\AppData\Local\IIIQ
2016-04-19 12:25 - 2007-10-06 21:52 - 00000000 ___DC C:\Windows\Minidump
2016-04-19 11:32 - 2011-05-18 10:22 - 00000000 ___DC C:\ProgramData\Motive
2016-04-19 11:15 - 2011-05-18 10:21 - 00000000 ___DC C:\Program Files\ATT
2016-04-18 21:27 - 2011-02-15 15:33 - 00000000 ___DC C:\Users\Lindsay\Documents\Rosetta Stone
2016-04-18 21:27 - 2009-02-10 15:24 - 00000000 ___DC C:\Users\Lindsay\Documents\My Scans
2016-04-18 21:06 - 2011-01-31 17:53 - 00000000 ___DC C:\Users\Lindsay\Documents\2011-01-31 Deck's 1st Birthday
2016-04-18 21:00 - 2015-02-27 14:40 - 00000000 ___DC C:\Users\Lindsay\Desktop\WCPS 2015 Auction
2016-04-18 20:59 - 2014-04-22 14:51 - 00000000 ___DC C:\Users\Lindsay\Desktop\To Recycle
2016-04-18 20:56 - 2015-01-25 11:47 - 00000000 ___DC C:\Users\Lindsay\Desktop\Sweet Ellie
2016-04-18 20:15 - 2008-02-25 13:44 - 00000000 ___DC C:\Users\Lindsay\Desktop\Random
2016-04-18 20:14 - 2016-02-08 12:01 - 00000000 ___DC C:\Users\Lindsay\Desktop\Grace
2016-04-18 20:14 - 2014-04-22 14:28 - 00000000 ___DC C:\Users\Lindsay\Desktop\Chore Charts
2016-04-18 20:14 - 2013-12-06 14:32 - 00000000 ___DC C:\Users\Lindsay\Desktop\Budget
2016-04-18 20:14 - 2013-12-06 12:15 - 00000000 ___DC C:\Users\Lindsay\Desktop\Games
2016-04-18 18:43 - 2012-04-30 10:44 - 00000000 ___DC C:\Thirty One
2016-04-18 18:41 - 2008-03-19 12:55 - 00000000 ___DC C:\Stan
2016-04-18 18:40 - 2009-03-05 14:36 - 00000000 ___DC C:\SLEB
2016-04-18 18:39 - 2010-11-15 14:10 - 00000000 ___DC C:\School
2016-04-18 18:38 - 2015-12-17 16:56 - 00000000 ___DC C:\Project Photos
2016-04-18 16:38 - 2008-05-12 12:36 - 00000000 ___DC C:\Photos
2016-04-18 16:32 - 2007-09-12 14:09 - 00000000 ___DC C:\Office Documents
2016-04-18 16:29 - 2009-03-01 11:31 - 00000000 ___DC C:\Mom
2016-04-18 16:27 - 2007-10-05 10:50 - 00000000 ___DC C:\Mark
2016-04-18 16:15 - 2007-11-16 13:57 - 00000000 ___DC C:\Marie
2016-04-18 16:11 - 2010-04-08 13:22 - 00000000 ___DC C:\Hartley Construction Inc
2016-04-18 16:09 - 2009-07-01 14:00 - 00000000 ___DC C:\MA Lindquist
2016-04-18 15:51 - 2013-04-10 11:44 - 00000000 ___DC C:\Desert Olive Nursery
2016-04-18 15:47 - 2007-10-04 11:53 - 00000000 ___DC C:\Lindsay
2016-04-18 15:40 - 2012-02-14 23:10 - 00000000 ___DC C:\John
2016-04-18 15:39 - 2010-11-04 10:03 - 00000000 ___DC C:\IRS
2016-04-18 15:37 - 2011-05-31 15:22 - 00000000 ___DC C:\Insurance
2016-04-18 15:16 - 2013-10-24 12:26 - 02221411 ___HC C:\Users\Lindsay\Documents\PP11Thumbs.ptn
2016-04-18 15:10 - 2013-10-24 12:29 - 00002236 ___HC C:\Users\Lindsay\Documents\PP11Thumbs.ptn2
2016-04-18 13:59 - 2013-09-16 13:58 - 00000000 ___DC C:\California Flight Academy
2016-04-18 13:59 - 2012-10-16 14:11 - 00000000 ___DC C:\Blog
2016-04-18 13:59 - 2008-11-04 16:25 - 00000000 ___DC C:\CSLB
2016-04-18 13:59 - 2008-08-08 11:16 - 00000000 ___DC C:\Corporate
2016-04-18 13:57 - 2008-05-07 12:19 - 00000000 ___DC C:\Bank
2016-04-18 13:53 - 2008-08-08 10:50 - 00000000 ___DC C:\Accounting
2016-04-18 13:49 - 2015-01-12 12:51 - 00000000 ___DC C:\2015 Projects
2016-04-18 13:46 - 2013-03-20 15:18 - 00000000 ___DC C:\2013
2016-04-18 13:39 - 2012-07-03 18:10 - 00000000 ___DC C:\2012 Projects
2016-04-18 13:37 - 2013-12-06 11:47 - 00000000 ___DC C:\2011 Projects
2016-04-18 13:34 - 2010-05-21 16:47 - 00000000 ___DC C:\2010 Projects
2016-04-18 13:18 - 2008-05-06 10:53 - 00000000 ___DC C:\1701 energy
2016-04-08 15:13 - 2012-11-12 11:45 - 00001983 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-07 14:04 - 2012-04-26 15:55 - 00797376 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-04-07 14:04 - 2011-05-31 10:15 - 00142528 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-04-06 17:15 - 2007-09-08 03:49 - 00000000 ___DC C:\Users\Lindsay\AppData\Local\ApplicationHistory
2016-03-28 10:40 - 2013-11-08 16:48 - 00000000 ___DC C:\ProgramData\Oracle
2016-03-28 10:37 - 2014-11-06 16:59 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-28 10:37 - 2007-04-19 12:43 - 00000000 ___DC C:\Program Files\Java
2016-03-28 10:35 - 2015-10-06 11:25 - 00000000 ___DC C:\Users\Lindsay\.oracle_jre_usage
2016-03-28 10:34 - 2014-11-06 16:59 - 00095808 ____C (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
 
==================== Files in the root of some directories =======
 
2007-11-30 12:26 - 2011-07-25 12:04 - 0025493 ____C () C:\Users\Lindsay\AppData\Roaming\Comma Separated Values (Windows).ADR
2010-02-16 23:39 - 2010-12-13 14:45 - 0012951 ____C () C:\Users\Lindsay\AppData\Roaming\Comma Separated Values (Windows).CAL
2008-12-30 18:15 - 2008-12-30 18:33 - 0002528 ____C () C:\Users\Lindsay\AppData\Roaming\mindhabits.dat
2009-05-13 09:29 - 2011-03-31 08:58 - 0000066 ____C () C:\Users\Lindsay\AppData\Roaming\wklnhst.dat
2007-09-07 08:14 - 2007-09-07 08:14 - 0000000 ____C () C:\Users\Lindsay\AppData\Local\AtStart.txt
2016-03-15 10:22 - 2016-03-15 10:22 - 0000000 ___HC () C:\Users\Lindsay\AppData\Local\BIT59AC.tmp
2007-09-07 08:38 - 2015-03-06 14:53 - 0053760 ____C () C:\Users\Lindsay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-09-07 08:14 - 2007-09-07 08:14 - 0000000 ____C () C:\Users\Lindsay\AppData\Local\DSwitch.txt
2007-09-11 00:19 - 2007-09-11 00:19 - 0000095 ____C () C:\Users\Lindsay\AppData\Local\fusioncache.dat
2007-09-07 08:14 - 2007-09-07 08:14 - 0000000 ____C () C:\Users\Lindsay\AppData\Local\QSwitch.txt
2009-02-14 17:28 - 2009-02-16 22:07 - 0029290 ____C () C:\Users\Lindsay\AppData\Local\slot1.mm1
2009-10-19 12:00 - 2009-10-19 12:00 - 0000059 ____C () C:\Users\Lindsay\AppData\Local\Tempdir
2015-03-20 14:58 - 2015-03-20 14:58 - 0000057 ____C () C:\ProgramData\Ament.ini
2008-09-07 09:48 - 2008-09-07 09:48 - 0000056 ___HC () C:\ProgramData\ezsidmv.dat
2007-04-19 12:04 - 2012-11-03 09:40 - 0015051 ____C () C:\ProgramData\hpzinstall.log
2016-03-01 13:34 - 2016-03-01 14:17 - 0000301 ____C () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-11-07 20:33 - 2012-11-07 20:33 - 0007265 ____C () C:\ProgramData\N360BUOptions.ini
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-20 11:10
 
==================== End of FRST.txt ============================

Edited by Oh My!, 20 April 2016 - 10:19 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,720 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:36 PM

Posted 20 April 2016 - 10:19 PM

Greetings Lindsay and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Unfortunately we will not be able to decrypt your files. Your computer is still infected so we will address that.

When you ran a FRST scan an Addition.txt document should have been placed on your desktop. Please copy and paste the contents of that report in your reply. In addition, please complete the following

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [Crypted] => C:\Users\Lindsay\AppData\Local\Temp\a.txt
C:\Users\Lindsay\AppData\Local\Temp\a.txt
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [**5b7f285d<*>] => C:\Users\Lindsay\AppData\Local\ywuv\G2uUB.GjHytT
C:\Users\Lindsay\AppData\Local\ywuv
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [Umdrmedia] => C:\Users\Lindsay\AppData\Local\Umdrmedia\a2.exe
C:\Users\Lindsay\AppData\Local\Umdrmedia
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [ARCworks] => C:\Windows\System32\regsvr32.exe C:\Users\Lindsay\AppData\Local\Umdrmedia\gkjnyqjd.dll
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [Udqmedia] => regsvr32.exe C:\Users\Lindsay\AppData\Local\Udqmedia\rjkvynws.dll 
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...0c966feabec1\InprocServer32: [Default-shell32]
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Lindsay\AppData\Local\Umdrmedia\rnlcugwd.dll
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\InprocServer32: [Default-pngfilt] 
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...A8F59079A8D5}\localserver32:
HKU\S-1-5-18\...\Run: [YSearchProtection] => C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Yahoo!\Search Protection
CHR HKLM\SOFTWARE\Policies\Google: Restriction
SearchScopes: HKLM -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = 
SearchScopes: HKLM -> {B03AA86A-D1DF-4705-89C1-8BF7BD02F118} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-1078577255-633202429-3496206462-1000 -> {19F2B849-4ADE-4d4b-85F9-C31C643DBDE9} URL = hxxp://www.fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=4&tid={5348328E-801C-4593-B46A-D695BC064081}
SearchScopes: HKU\S-1-5-21-1078577255-633202429-3496206462-1000 -> {B03AA86A-D1DF-4705-89C1-8BF7BD02F118} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=ushpl
FF Plugin HKU\S-1-5-21-1078577255-633202429-3496206462-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Lindsay\AppData\Local\Citrix\Plugins\104\npappdetector.dll [No File]
FF Extension: Yahoo! Toolbar - C:\Users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\f065acs5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2007-11-25] [not signed]
CHR HKU\S-1-5-21-1078577255-633202429-3496206462-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ddpocmpoechljihmgemoaahhmadaenbc] - <no Path\update_url>
S2 AT&T Troubleshoot & Resolve; "C:\Program Files\ATT\8.4.1.11\ma\bin\MAHostService.exe" [X]
S3 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 BLKWGU(Belkin); system32\DRIVERS\BLKWGU.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
U2 WZCSVC; no ImagePath
Folder: C:\Users\Lindsay\AppData\Local\IIIQ
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Running Combofix in Vista/7

--------------------
  • Please download ComboFix and save it to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Note: If after disabling Combofix warns you an Antivirus program is still running ignore the warning and run Combofix.
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouse click while the program is running or it may stall.
  • Patiently allow the program to run. At times it may appear nothing is happening
  • Copy and paste the report in your reply
  • If Combofix fails to run completely stop and let me know
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed you will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Cleaning
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Addition.txt
  • Combofix log
  • AdwCleaner log
  • System Summary Information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 lel1120

lel1120
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 21 April 2016 - 02:10 PM

I am trying to post the Addition.txt file and it keeps telling me it's too long :/

 

I'll attach it...


please see attached file

Attached Files



#4 lel1120

lel1120
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 21 April 2016 - 02:33 PM

Fix result of Farbar Recovery Scan Tool (x86) Version:18-04-2016
Ran by Lindsay (2016-04-21 12:13:49) Run:1
Running from C:\Users\Lindsay\Desktop
Loaded Profiles: Lindsay (Available Profiles: Lindsay)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [Crypted] => C:\Users\Lindsay\AppData\Local\Temp\a.txt
C:\Users\Lindsay\AppData\Local\Temp\a.txt
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [**5b7f285d<*>] => C:\Users\Lindsay\AppData\Local\ywuv\G2uUB.GjHytT
C:\Users\Lindsay\AppData\Local\ywuv
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [Umdrmedia] => C:\Users\Lindsay\AppData\Local\Umdrmedia\a2.exe
C:\Users\Lindsay\AppData\Local\Umdrmedia
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [ARCworks] => C:\Windows\System32\regsvr32.exe C:\Users\Lindsay\AppData\Local\Umdrmedia\gkjnyqjd.dll
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [Udqmedia] => regsvr32.exe C:\Users\Lindsay\AppData\Local\Udqmedia\rjkvynws.dll
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...0c966feabec1\InprocServer32: [Default-shell32]
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Lindsay\AppData\Local\Umdrmedia\rnlcugwd.dll
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\InprocServer32: [Default-pngfilt]
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...A8F59079A8D5}\localserver32:
HKU\S-1-5-18\...\Run: [YSearchProtection] => C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Yahoo!\Search Protection
CHR HKLM\SOFTWARE\Policies\Google: Restriction
SearchScopes: HKLM -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKLM -> {B03AA86A-D1DF-4705-89C1-8BF7BD02F118} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-1078577255-633202429-3496206462-1000 -> {19F2B849-4ADE-4d4b-85F9-C31C643DBDE9} URL = hxxp://www.fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=4&tid={5348328E-801C-4593-B46A-D695BC064081}
SearchScopes: HKU\S-1-5-21-1078577255-633202429-3496206462-1000 -> {B03AA86A-D1DF-4705-89C1-8BF7BD02F118} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=ushpl
FF Plugin HKU\S-1-5-21-1078577255-633202429-3496206462-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Lindsay\AppData\Local\Citrix\Plugins\104\npappdetector.dll [No File]
FF Extension: Yahoo! Toolbar - C:\Users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\f065acs5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2007-11-25] [not signed]
CHR HKU\S-1-5-21-1078577255-633202429-3496206462-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ddpocmpoechljihmgemoaahhmadaenbc] - <no Path\update_url>
S2 AT&T Troubleshoot & Resolve; "C:\Program Files\ATT\8.4.1.11\ma\bin\MAHostService.exe" [X]
S3 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 BLKWGU(Belkin); system32\DRIVERS\BLKWGU.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
U2 WZCSVC; no ImagePath
Folder: C:\Users\Lindsay\AppData\Local\IIIQ
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Crypted => value removed successfully.
"C:\Users\Lindsay\AppData\Local\Temp\a.txt" => not found.
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\Software\Microsoft\Windows\CurrentVersion\Run\\**5b7f285d<*> => value removed successfully.
"C:\Users\Lindsay\AppData\Local\ywuv" => not found.
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Umdrmedia => value removed successfully.
C:\Users\Lindsay\AppData\Local\Umdrmedia => moved successfully
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ARCworks => value removed successfully.
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Udqmedia => value removed successfully.
"HKU\S-1-5-21-1078577255-633202429-3496206462-1000\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}" => key removed successfully.
"HKU\S-1-5-21-1078577255-633202429-3496206462-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => key removed successfully.
"HKU\S-1-5-21-1078577255-633202429-3496206462-1000\Software\Classes\CLSID\{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750}" => key removed successfully.
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 => key not found.
"HKU\S-1-5-21-1078577255-633202429-3496206462-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => key removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\YSearchProtection => value removed successfully.
"C:\Program Files\Yahoo!\Search Protection" => not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B03AA86A-D1DF-4705-89C1-8BF7BD02F118}" => key removed successfully.
HKCR\CLSID\{B03AA86A-D1DF-4705-89C1-8BF7BD02F118} => key not found.
"HKU\S-1-5-21-1078577255-633202429-3496206462-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}" => key removed successfully.
HKCR\CLSID\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9} => key not found.
"HKU\S-1-5-21-1078577255-633202429-3496206462-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B03AA86A-D1DF-4705-89C1-8BF7BD02F118}" => key removed successfully.
HKCR\CLSID\{B03AA86A-D1DF-4705-89C1-8BF7BD02F118} => key not found.
"HKU\S-1-5-21-1078577255-633202429-3496206462-1000\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin" => key removed successfully.
C:\Users\Lindsay\AppData\Local\Citrix\Plugins\104\npappdetector.dll => not found.
C:\Users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\f065acs5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} => moved successfully
C:\Users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\f065acs5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} => path removed successfully.
FF Extension: Yahoo! Toolbar - C:\Users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\f065acs5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2007-11-25] [not signed] => not found
"HKU\S-1-5-21-1078577255-633202429-3496206462-1000\SOFTWARE\Google\Chrome\Extensions\ddpocmpoechljihmgemoaahhmadaenbc" => key removed successfully.
AT&T Troubleshoot & Resolve => service removed successfully.
stllssvr => service removed successfully.
blbdrive => service removed successfully.
BLKWGU(Belkin) => service removed successfully.
HTCAND32 => service removed successfully.
IpInIp => service removed successfully.
MREMPR5 => service removed successfully.
MRENDIS5 => service removed successfully.
NwlnkFlt => service removed successfully.
NwlnkFwd => service removed successfully.
RimUsb => service removed successfully.
UIUSys => service removed successfully.
WZCSVC => service removed successfully.

========================= Folder: C:\Users\Lindsay\AppData\Local\IIIQ ========================

2015-11-18 13:12 - 2016-04-19 12:38 - 0174080 ____C (Igor Pavlov) C:\Users\Lindsay\AppData\Local\IIIQ\7z.dll

====== End of Folder: ======

 

The system needed a reboot.

==== End of Fixlog 12:17:04 ====



#5 lel1120

lel1120
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 21 April 2016 - 03:58 PM

ComboFix 16-04-13.01 - Lindsay 04/21/2016  12:45:07.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2037.450 [GMT -7:00]
Running from: c:\users\Lindsay\AppData\Local\Temp\Temporary Internet Files\Content.IE5\0VAFNOB7\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\win
c:\programdata\win\Amazing Adventures\highscore.mse
c:\programdata\win\Amazing Adventures\Lins.mse
c:\programdata\win\Amazing Adventures\options.mso
c:\programdata\win\Amazing Adventures\players.mse
c:\users\Lindsay\AppData\Local\.#
c:\users\Lindsay\AppData\Local\Adobe\AdbeRdr1014_en_US.exe
c:\users\Lindsay\AppData\Local\Adobe\gccheck.exe
c:\users\Lindsay\AppData\Local\Adobe\gtbcheck.exe
c:\users\Lindsay\AppData\Local\Adobe\SecurityScan_Release.exe
c:\users\Lindsay\AppData\Local\assembly\tmp
c:\users\Lindsay\AppData\Roaming\windows
c:\users\Lindsay\GoToAssistDownloadHelper.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_pcCMService
.
.
(((((((((((((((((((((((((   Files Created from 2016-03-21 to 2016-04-21  )))))))))))))))))))))))))))))))
.
.
2016-04-20 23:34 . 2016-04-21 17:47 -------- dc----w- c:\users\Lindsay\AppData\Roaming\PrimoPDF
2016-04-20 19:13 . 2016-04-21 19:17 -------- dc----w- C:\FRST
2016-04-20 18:28 . 2016-04-20 18:28 -------- dc----w- c:\users\Lindsay\AppData\Roaming\www.shadowexplorer.com
2016-04-20 18:27 . 2016-04-20 18:28 -------- dc----w- c:\program files\ShadowExplorer
2016-04-20 16:11 . 2016-04-21 20:41 170200 -c--a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-04-20 16:08 . 2016-03-10 21:09 53120 -c--a-w- c:\windows\system32\drivers\mwac.sys
2016-04-20 16:08 . 2016-03-10 21:08 126336 -c--a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-04-20 16:08 . 2016-03-10 21:08 24448 -c--a-w- c:\windows\system32\drivers\mbam.sys
2016-04-20 16:08 . 2016-04-20 16:08 -------- dc----w- c:\program files\Malwarebytes Anti-Malware
2016-04-20 16:08 . 2016-04-20 16:08 -------- dc----w- c:\programdata\Malwarebytes
2016-04-19 19:38 . 2016-04-21 19:30 6736 -c--a-w- c:\windows\system32\PerfStringBackup.TMP
2016-04-19 19:33 . 2016-04-20 23:31 -------- dc----w- c:\users\Lindsay\AppData\Roaming\Online Backup
2016-03-28 17:36 . 2016-03-28 17:36 -------- dc----w- c:\program files\Common Files\Java
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-07 21:04 . 2012-04-26 22:55 797376 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2016-04-07 21:04 . 2011-05-31 17:15 142528 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-03-28 17:34 . 2014-11-06 23:59 95808 -c--a-w- c:\windows\system32\WindowsAccessBridge.dll
2016-03-15 17:22 . 2016-03-15 17:22 0 -c-ha-w- c:\users\Lindsay\AppData\Local\BIT59AC.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"@BackupScheduler"="c:\program files\Online Backup\OnlineBackup.exe" [2007-09-20 611768]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-10-31 59720]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-10-31 59720]
"HP Officejet 4630 series (NET)"="c:\program files\Hp\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe" [2014-07-21 2427400]
"GoogleChromeAutoLaunch_992BA959EE9962246D5D731966759E72"="c:\program files\Google\Chrome\Application\chrome.exe" [2016-04-06 874648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-12-18 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-11 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2006-11-16 35368]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-02 675840]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"WD Quick View"="c:\program files\Western Digital\WD Quick View\WDDMStatus.exe" [2013-11-02 5537136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-05-16 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-03-21 595480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-12 113664]
F1U201.401.lnk - c:\program files\Belkin\F1U201.401\usbshare.exe [2008-6-13 135168]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Lindsay^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
backup=c:\windows\pss\iWin Desktop Alerts.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-02-26 16:52 154392 -c--a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP AutoIndexer]
2001-03-01 13:53 77824 -c----w- c:\program files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-16 16:03 75008 -c--a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP SchedIndexer]
2001-03-01 13:53 86016 -c----w- c:\program files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 04:17 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-03-20 22:23 1773568 -c--a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPLJ Config]
2002-04-10 21:13 499712 -c----w- c:\program files\Hewlett-Packard\LaserJet All-in-one\hppcfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPRestartApp]
2000-09-27 17:05 114688 -c--a-w- c:\program files\Hewlett-Packard\LaserJet All-in-one\applch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-02-26 16:52 138008 -c--a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-05-16 00:39 152392 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-01-11 21:01 30248 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-02-26 16:52 133912 -c--a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-02-13 18:38 159744 -c--a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-03-29 00:45 176128 -c--a-w- c:\program files\Hp\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2003-12-13 00:50 33792 -c--a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ    wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ    WcesComm RapiMgr
bthsvcs REG_MULTI_SZ    BthServ
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
HPService REG_MULTI_SZ    HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-08 21:56 1106072 -c--a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2012-02-18 18:29 114176 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2016-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 21:04]
.
2016-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 19:06]
.
2016-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 19:06]
.
2011-09-25 c:\windows\Tasks\User_Feed_Synchronization-{EEE31C42-BE54-45EB-8BC9-E94F16579819}.job
- c:\windows\system32\msfeedssync.exe [2012-02-18 18:29]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: $talisma_url$
Trusted Zone: elationsys.com\www
Trusted Zone: intuit.com\accounts
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-BrowserAppCoreService - c:\users\Lindsay\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\SahProcessManager.exe
HKLM-Run-ATT_McciTrayApp - c:\program files\ATT\8.4.1.11\ma\bin\pcTrayApp.exe
AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe
AddRemove-ST5UNST #1 - c:\windows\ST5UNST.EXE
.
.
.
**************************************************************************
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\windows\system32\dlcjcoms.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes Anti-Malware\mbamservice.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\ShadowExplorer\sesvc.exe
c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Western Digital\WD SmartWare\WDBackupEngine.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Apple\Internet Services\APSDaemon.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\sdclt.exe
c:\windows\system32\MsiExec.exe
c:\windows\system32\MsiExec.exe
c:\program files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
.
**************************************************************************
.
Completion time: 2016-04-21  13:55:24 - machine was rebooted
ComboFix-quarantined-files.txt  2016-04-21 20:55
.
Pre-Run: 20,840,067,072 bytes free
Post-Run: 20,585,185,280 bytes free
.
- - End Of File - - 6E6467ADA7BFA4E0BF01E290E0922788
1A1A06F62E891045814007163C1C76C3
 



#6 lel1120

lel1120
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 21 April 2016 - 05:11 PM

# AdwCleaner v5.112 - Logfile created 21/04/2016 at 14:31:55
# Updated 17/04/2016 by Xplode
# Database : 2016-04-19.5 [Server]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (X86)
# Username : Lindsay - LINDSAY-PC
# Running from : C:\Users\Lindsay\Downloads\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\Upromise
[-] Folder Deleted : C:\Program Files\EliteUnzip
[-] Folder Deleted : C:\ProgramData\iWin
[-] Folder Deleted : C:\ProgramData\iwin games
[-] Folder Deleted : C:\ProgramData\Premium
[-] Folder Deleted : C:\ProgramData\Trymedia
[#] Folder Deleted : C:\ProgramData\Application Data\iWin
[#] Folder Deleted : C:\ProgramData\Application Data\iwin games
[#] Folder Deleted : C:\ProgramData\Application Data\Premium
[#] Folder Deleted : C:\ProgramData\Application Data\Trymedia
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iwin games
[-] Folder Deleted : C:\Users\Lindsay\AppData\Local\Mindspark_Interactive_Net
[-] Folder Deleted : C:\Users\Lindsay\AppData\Local\YSearchUtil
[-] Folder Deleted : C:\Users\Lindsay\AppData\LocalLow\HPAppData
[-] Folder Deleted : C:\Users\Lindsay\AppData\LocalLow\Yahoo! Companion
[-] Folder Deleted : C:\Users\Lindsay\AppData\LocalLow\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Lindsay\AppData\Roaming\download Manager
[-] Folder Deleted : C:\Users\Lindsay\AppData\Roaming\iWin
[-] Folder Deleted : C:\Users\Lindsay\AppData\Roaming\Upromise
[-] Folder Deleted : C:\Users\Lindsay\AppData\Roaming\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Lindsay\AppData\Roaming\Pogo Games
[-] Folder Deleted : C:\Users\Lindsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Elite Unzip
[-] Folder Deleted : C:\Windows\system32\config\systemprofile\AppData\Local\YSearchUtil
[-] Folder Deleted : C:\Windows\system32\config\systemprofile\AppData\Roaming\Yahoo!\Companion

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ddpocmpoechljihmgemoaahhmadaenbc_0.localstorage
[-] File Deleted : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ddpocmpoechljihmgemoaahhmadaenbc_0.localstorage-journal
[-] File Deleted : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d1af033869koo7.cloudfront.net_0.localstorage
[-] File Deleted : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d1af033869koo7.cloudfront.net_0.localstorage-journal
[-] File Deleted : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d23716qn9q7omq.cloudfront.net_0.localstorage
[-] File Deleted : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d23716qn9q7omq.cloudfront.net_0.localstorage-journal
[-] File Deleted : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d3l3lkinz3f56t.cloudfront.net_0.localstorage
[-] File Deleted : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d3l3lkinz3f56t.cloudfront.net_0.localstorage-journal
[-] File Deleted : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_dsms0mj1bbhn4.cloudfront.net_0.localstorage
[-] File Deleted : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_dsms0mj1bbhn4.cloudfront.net_0.localstorage-journal
[-] File Deleted : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
[-] File Deleted : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
[-] File Deleted : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_d3l3lkinz3f56t.cloudfront.net_0.localstorage
[-] File Deleted : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_d3l3lkinz3f56t.cloudfront.net_0.localstorage-journal
[-] File Deleted : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_rsearch.shopathome.com_0.localstorage
[-] File Deleted : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_rsearch.shopathome.com_0.localstorage-journal
[-] File Deleted : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage
[-] File Deleted : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage-journal
[-] File Deleted : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
[-] File Deleted : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : IHUninstallTrackingTASK
[-] Task Deleted : LaunchApp
[-] Task Deleted : RunAsStdUser Task

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-api.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.mindspark.eliteunzip_aa
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\iLividSetup (1).exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DBBBC528-9C8C-4051-9187-ED6F01A457C9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{38552F25-8DED-4206-BB21-041EF53328F9}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Value Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Key Deleted : HKCU\Software\BI
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Trymedia Systems
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{220FB035-4744-483A-9A0B-41DF77061583}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{220FB035-4744-483A-9A0B-41DF77061583}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\JustCloud
[-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\Companion
[-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1078577255-633202429-3496206462-1000\Software\Compete
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1078577255-633202429-3496206462-1000\Software\CompeteInc
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1078577255-633202429-3496206462-1000\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1078577255-633202429-3496206462-1000\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [11481 bytes] - [21/04/2016 14:31:55]
C:\AdwCleaner\AdwCleaner[S1].txt - [12162 bytes] - [21/04/2016 14:00:34]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [11629 bytes] ##########



#7 lel1120

lel1120
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 21 April 2016 - 05:41 PM

please see attached system summary informationAttached File  System Info.ZIP   125.53KB   1 downloads



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,720 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:36 PM

Posted 21 April 2016 - 07:13 PM

Greetings and sorry for the delay.

Please do this.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s). If you desire to keep the program I would ask that you reinstall it following our efforts here.
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

RegHunter
SpyHunter

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
Task: {23C90957-89D7-4DAB-B940-41DC74AD9A5E} - System32\Tasks\{72357627-5703-462F-A86A-745A867B9310} => pcalua.exe -a "C:\Users\Lindsay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZB28C8B8\yahoo_lemonysnicket_tm5-3[2].exe" -d C:\Users\Lindsay
Task: {4FC049D3-57A2-4A95-A608-0DA2C8B1F157} - System32\Tasks\{38D0B71A-F277-4887-AEEF-CA4D4A484116} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {5ACD82DB-0160-4B18-BE8C-F701E1E0DD86} - System32\Tasks\{7F09698E-5EFD-4384-A0CA-DBEE404F2871} => pcalua.exe -a C:\Users\Lindsay\Desktop\Install.exe -d C:\Users\Lindsay\Desktop
Task: {7B192DBE-5AAB-4624-B846-61EB8FA2D5EA} - System32\Tasks\RunAsStdUser Task => C:\Program Files\iWin Games\iWinGames.exe
C:\Program Files\iWin Games
Task: {9CB270B7-F452-4FD7-B5D7-73AA4FA25B6F} - System32\Tasks\{D80433F6-89F9-465C-999D-357940F43B42} => pcalua.exe -a "C:\Users\Lindsay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0KEF2QX\sp37021[1].exe" -d C:\Users\Lindsay\Desktop
Task: {A6CDFCE2-9D25-4C3B-9907-2DE04129D8C3} - System32\Tasks\{93B0E6E9-8C1F-4672-8E80-6628E78ED040} => pcalua.exe -a E:\setup32\autorun\autorun.exe -d E:\
Task: {B6166E49-EF5C-4580-95F2-E5F88F4144E8} - System32\Tasks\{D7D3161C-DE40-4980-A2F1-7FDE2BFE6C51} => pcalua.exe -a E:\setup.exe -d E:\
Task: {BDCCA621-89C2-41FA-8636-433CF9A04DDC} - System32\Tasks\{AD842762-EF80-4705-AF22-39DA8F804463} => pcalua.exe -a "C:\Users\Lindsay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0K40Q3J2\laserjet3200[1].exe" -d C:\Users\Lindsay
Task: {C911BE6B-FE5B-4E2E-9F01-D6E4347FAAAB} - System32\Tasks\IHUninstallTrackingTASK => /C DEL C:\Users\Lindsay\AppData\Local\Temp\IHU5503.tmp.exe
Task: {F6782275-47C4-4FD6-88CC-4E3EC6AF0068} - System32\Tasks\{CA15C59F-944D-4718-8C62-70C3C1B4383D} => pcalua.exe -a "C:\Users\Lindsay\Desktop\laserjet 3200\setup\Setup.exe" -d "C:\Users\Lindsay\Desktop\laserjet 3200\setup"
Task: {F9711C13-FF5D-48B9-8491-88A32F56414F} - System32\Tasks\{1C936A7D-A600-45D0-B831-2C67F2ACE8FA} => pcalua.exe -a C:\Windows\ST5UNST.EXE -c -n "C:\FootBall Grid\ST5UNST.LOG"
AlternateDataStreams: C:\ProgramData\TEMP:017C5853 [206]
AlternateDataStreams: C:\ProgramData\TEMP:064877B6 [434]
AlternateDataStreams: C:\ProgramData\TEMP:0CA8F181 [127]
AlternateDataStreams: C:\ProgramData\TEMP:0D82FC9D [100]
AlternateDataStreams: C:\ProgramData\TEMP:0EC7A545 [145]
AlternateDataStreams: C:\ProgramData\TEMP:122B409D [131]
AlternateDataStreams: C:\ProgramData\TEMP:14224589 [242]
AlternateDataStreams: C:\ProgramData\TEMP:16E7793D [102]
AlternateDataStreams: C:\ProgramData\TEMP:18173A8E [145]
AlternateDataStreams: C:\ProgramData\TEMP:18DEBC51 [135]
AlternateDataStreams: C:\ProgramData\TEMP:1C88C8E5 [202]
AlternateDataStreams: C:\ProgramData\TEMP:1CF2F47C [116]
AlternateDataStreams: C:\ProgramData\TEMP:1E3E41D3 [155]
AlternateDataStreams: C:\ProgramData\TEMP:1FA003F9 [98]
AlternateDataStreams: C:\ProgramData\TEMP:237E4B91 [114]
AlternateDataStreams: C:\ProgramData\TEMP:262338FE [260]
AlternateDataStreams: C:\ProgramData\TEMP:2836460B [105]
AlternateDataStreams: C:\ProgramData\TEMP:293697E7 [118]
AlternateDataStreams: C:\ProgramData\TEMP:294A5F28 [258]
AlternateDataStreams: C:\ProgramData\TEMP:2B454E16 [123]
AlternateDataStreams: C:\ProgramData\TEMP:2B9555D8 [448]
AlternateDataStreams: C:\ProgramData\TEMP:2BE0D46D [232]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [67]
AlternateDataStreams: C:\ProgramData\TEMP:2F141B68 [114]
AlternateDataStreams: C:\ProgramData\TEMP:31614B4F [109]
AlternateDataStreams: C:\ProgramData\TEMP:33AFD01D [113]
AlternateDataStreams: C:\ProgramData\TEMP:349CACE5 [141]
AlternateDataStreams: C:\ProgramData\TEMP:3678540D [120]
AlternateDataStreams: C:\ProgramData\TEMP:395C0D36 [127]
AlternateDataStreams: C:\ProgramData\TEMP:39D0446E [139]
AlternateDataStreams: C:\ProgramData\TEMP:3C4C57F9 [220]
AlternateDataStreams: C:\ProgramData\TEMP:3EC5BC08 [237]
AlternateDataStreams: C:\ProgramData\TEMP:3EE26F5F [114]
AlternateDataStreams: C:\ProgramData\TEMP:4072646B [107]
AlternateDataStreams: C:\ProgramData\TEMP:447AD91E [117]
AlternateDataStreams: C:\ProgramData\TEMP:471AD3D0 [262]
AlternateDataStreams: C:\ProgramData\TEMP:48429D0E [158]
AlternateDataStreams: C:\ProgramData\TEMP:4E645C1D [125]
AlternateDataStreams: C:\ProgramData\TEMP:4EC7F009 [225]
AlternateDataStreams: C:\ProgramData\TEMP:4FA837B4 [123]
AlternateDataStreams: C:\ProgramData\TEMP:5080697C [252]
AlternateDataStreams: C:\ProgramData\TEMP:52A22573 [117]
AlternateDataStreams: C:\ProgramData\TEMP:5433DBEF [58]
AlternateDataStreams: C:\ProgramData\TEMP:556B8A38 [115]
AlternateDataStreams: C:\ProgramData\TEMP:55818279 [100]
AlternateDataStreams: C:\ProgramData\TEMP:569CEE83 [129]
AlternateDataStreams: C:\ProgramData\TEMP:573A3907 [160]
AlternateDataStreams: C:\ProgramData\TEMP:5A991E48 [178]
AlternateDataStreams: C:\ProgramData\TEMP:5ACE199E [254]
AlternateDataStreams: C:\ProgramData\TEMP:5AE33054 [126]
AlternateDataStreams: C:\ProgramData\TEMP:5D2A2F0A [98]
AlternateDataStreams: C:\ProgramData\TEMP:5E73E1C2 [502]
AlternateDataStreams: C:\ProgramData\TEMP:5EE41602 [254]
AlternateDataStreams: C:\ProgramData\TEMP:5F280981 [256]
AlternateDataStreams: C:\ProgramData\TEMP:6017A808 [134]
AlternateDataStreams: C:\ProgramData\TEMP:623EC635 [113]
AlternateDataStreams: C:\ProgramData\TEMP:65521523 [174]
AlternateDataStreams: C:\ProgramData\TEMP:65C55727 [122]
AlternateDataStreams: C:\ProgramData\TEMP:6638AEDF [162]
AlternateDataStreams: C:\ProgramData\TEMP:6666A16B [162]
AlternateDataStreams: C:\ProgramData\TEMP:6A0A47E7 [254]
AlternateDataStreams: C:\ProgramData\TEMP:6D549BCC [109]
AlternateDataStreams: C:\ProgramData\TEMP:6FBD5837 [128]
AlternateDataStreams: C:\ProgramData\TEMP:6FC375B1 [119]
AlternateDataStreams: C:\ProgramData\TEMP:700B9342 [125]
AlternateDataStreams: C:\ProgramData\TEMP:708BB0FA [115]
AlternateDataStreams: C:\ProgramData\TEMP:70E897B5 [103]
AlternateDataStreams: C:\ProgramData\TEMP:725A4A66 [127]
AlternateDataStreams: C:\ProgramData\TEMP:7307D080 [118]
AlternateDataStreams: C:\ProgramData\TEMP:737160C1 [0]
AlternateDataStreams: C:\ProgramData\TEMP:75A89023 [124]
AlternateDataStreams: C:\ProgramData\TEMP:75DEB833 [120]
AlternateDataStreams: C:\ProgramData\TEMP:76DB9169 [123]
AlternateDataStreams: C:\ProgramData\TEMP:78DEA3A4 [95]
AlternateDataStreams: C:\ProgramData\TEMP:799F5445 [128]
AlternateDataStreams: C:\ProgramData\TEMP:7D50F3CE [126]
AlternateDataStreams: C:\ProgramData\TEMP:7EA8DDF7 [254]
AlternateDataStreams: C:\ProgramData\TEMP:8061242F [144]
AlternateDataStreams: C:\ProgramData\TEMP:8247A199 [106]
AlternateDataStreams: C:\ProgramData\TEMP:8401B6D5 [432]
AlternateDataStreams: C:\ProgramData\TEMP:8543BABC [248]
AlternateDataStreams: C:\ProgramData\TEMP:85F55C68 [105]
AlternateDataStreams: C:\ProgramData\TEMP:87B05421 [120]
AlternateDataStreams: C:\ProgramData\TEMP:895CFFA7 [236]
AlternateDataStreams: C:\ProgramData\TEMP:89C6F032 [127]
AlternateDataStreams: C:\ProgramData\TEMP:8DF68137 [110]
AlternateDataStreams: C:\ProgramData\TEMP:8E12100F [128]
AlternateDataStreams: C:\ProgramData\TEMP:8EC55520 [156]
AlternateDataStreams: C:\ProgramData\TEMP:8F4B5B2D [125]
AlternateDataStreams: C:\ProgramData\TEMP:91191703 [240]
AlternateDataStreams: C:\ProgramData\TEMP:920E58B7 [98]
AlternateDataStreams: C:\ProgramData\TEMP:930F088E [162]
AlternateDataStreams: C:\ProgramData\TEMP:940EEA60 [103]
AlternateDataStreams: C:\ProgramData\TEMP:94A4DF77 [125]
AlternateDataStreams: C:\ProgramData\TEMP:953CB9E9 [145]
AlternateDataStreams: C:\ProgramData\TEMP:95EBD4E0 [139]
AlternateDataStreams: C:\ProgramData\TEMP:9700C55E [141]
AlternateDataStreams: C:\ProgramData\TEMP:996104FC [113]
AlternateDataStreams: C:\ProgramData\TEMP:99963C1E [244]
AlternateDataStreams: C:\ProgramData\TEMP:9B58A61A [110]
AlternateDataStreams: C:\ProgramData\TEMP:9D0CEAB7 [157]
AlternateDataStreams: C:\ProgramData\TEMP:9D6EAEC3 [237]
AlternateDataStreams: C:\ProgramData\TEMP:9E3370A3 [124]
AlternateDataStreams: C:\ProgramData\TEMP:A00E67E1 [105]
AlternateDataStreams: C:\ProgramData\TEMP:A02025CE [242]
AlternateDataStreams: C:\ProgramData\TEMP:A1693604 [258]
AlternateDataStreams: C:\ProgramData\TEMP:A26AFC00 [245]
AlternateDataStreams: C:\ProgramData\TEMP:A3B8F70C [205]
AlternateDataStreams: C:\ProgramData\TEMP:A57D4D0A [118]
AlternateDataStreams: C:\ProgramData\TEMP:A5FC8FA1 [123]
AlternateDataStreams: C:\ProgramData\TEMP:A653FB07 [126]
AlternateDataStreams: C:\ProgramData\TEMP:A6CD15C3 [300]
AlternateDataStreams: C:\ProgramData\TEMP:A7DA2BCD [202]
AlternateDataStreams: C:\ProgramData\TEMP:AA3339BE [98]
AlternateDataStreams: C:\ProgramData\TEMP:AA37E770 [108]
AlternateDataStreams: C:\ProgramData\TEMP:ABADFC83 [129]
AlternateDataStreams: C:\ProgramData\TEMP:ACC48415 [108]
AlternateDataStreams: C:\ProgramData\TEMP:AFB24B00 [113]
AlternateDataStreams: C:\ProgramData\TEMP:AFEF2CE6 [110]
AlternateDataStreams: C:\ProgramData\TEMP:B1FBBD09 [198]
AlternateDataStreams: C:\ProgramData\TEMP:B280F0C0 [124]
AlternateDataStreams: C:\ProgramData\TEMP:B7C0A73F [125]
AlternateDataStreams: C:\ProgramData\TEMP:B8791731 [147]
AlternateDataStreams: C:\ProgramData\TEMP:BB0256E7 [129]
AlternateDataStreams: C:\ProgramData\TEMP:BBB82A4E [308]
AlternateDataStreams: C:\ProgramData\TEMP:BCCE4CAB [119]
AlternateDataStreams: C:\ProgramData\TEMP:BD27B7FC [230]
AlternateDataStreams: C:\ProgramData\TEMP:C07A6A6B [96]
AlternateDataStreams: C:\ProgramData\TEMP:C1980E97 [101]
AlternateDataStreams: C:\ProgramData\TEMP:C1B5E244 [121]
AlternateDataStreams: C:\ProgramData\TEMP:C22674B6 [202]
AlternateDataStreams: C:\ProgramData\TEMP:C726C321 [141]
AlternateDataStreams: C:\ProgramData\TEMP:C81E3C9C [121]
AlternateDataStreams: C:\ProgramData\TEMP:CB9AF090 [120]
AlternateDataStreams: C:\ProgramData\TEMP:CD609535 [107]
AlternateDataStreams: C:\ProgramData\TEMP:CDF8423E [214]
AlternateDataStreams: C:\ProgramData\TEMP:CF61CE5A [100]
AlternateDataStreams: C:\ProgramData\TEMP:D2648A4D [138]
AlternateDataStreams: C:\ProgramData\TEMP:D3A82449 [254]
AlternateDataStreams: C:\ProgramData\TEMP:D453E38B [123]
AlternateDataStreams: C:\ProgramData\TEMP:D4CA4749 [111]
AlternateDataStreams: C:\ProgramData\TEMP:D8F9D810 [222]
AlternateDataStreams: C:\ProgramData\TEMP:E0C8C69E [114]
AlternateDataStreams: C:\ProgramData\TEMP:E0E19514 [246]
AlternateDataStreams: C:\ProgramData\TEMP:E3F37A7D [103]
AlternateDataStreams: C:\ProgramData\TEMP:E411AA0D [270]
AlternateDataStreams: C:\ProgramData\TEMP:E6F5146C [138]
AlternateDataStreams: C:\ProgramData\TEMP:E84554BB [125]
AlternateDataStreams: C:\ProgramData\TEMP:EA1582F8 [100]
AlternateDataStreams: C:\ProgramData\TEMP:ED92736E [64]
AlternateDataStreams: C:\ProgramData\TEMP:F1DEA771 [124]
AlternateDataStreams: C:\ProgramData\TEMP:F6763F46 [272]
AlternateDataStreams: C:\ProgramData\TEMP:F7120F9A [126]
AlternateDataStreams: C:\ProgramData\TEMP:F76D01BB [114]
AlternateDataStreams: C:\ProgramData\TEMP:F84B8DB5 [214]
AlternateDataStreams: C:\ProgramData\TEMP:FC7ED104 [294]
AlternateDataStreams: C:\ProgramData\TEMP:FFE4BAC7 [168]
AlternateDataStreams: C:\ProgramData\TEMP:FFF5C02B [145]
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{0AF10CEC-2ECD-4B92-9581-34F6AE0637F3}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{0B61512C-0ED8-11D3-9E32-00104BD19098}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{0B91A74B-AD7C-4A9D-B563-29EEF9167172}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{0C15D503-D017-47CE-9016-7B3F978721CC}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{1143B0F7-C473-41E6-A3D3-5BE6747C4BF2}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{1388EEBB-9566-47F1-A93A-45BCE7784CD8}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{15A03DEA-0E76-44EE-A931-4EB1563FBC6B}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{1F2E5C40-9550-11CE-99D2-00AA006E086C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{25762500-AF02-4841-86EA-570C05251A21}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{294935CE-F637-4E7C-A41B-AB255460B862}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{2D0E74B6-021A-11D5-9054-00508BF70A94}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{3050F4F5-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{30C3B080-30FB-11D0-B724-00AA006C1A01}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{33FF368F-39A9-4F9E-8E17-60003CE8FF8B}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{35786D3C-B075-49B9-88DD-029876E11C01}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58700-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58702-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58703-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58712-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58713-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58715-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58716-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58718-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58731-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{3CFF8962-C47C-4ACD-8895-D33C0839BC06}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{3EA48300-8CF6-101B-84FB-666CCB9BCD32}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{3F06D202-EFCD-4EDC-B9AC-201629808A52}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{4657278A-411B-11D2-839A-00C04FD918D0}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{49F371E1-8C5C-4D9C-9A3B-54A6827F513C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{527C9A9B-B9A2-44B0-84F9-F0DC11C2BCFB}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{52A2AAAE-085D-4187-97EA-8C30DB990436}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{53BD6B4E-3780-4693-AFC3-7161C2F3EE9C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{5D02926A-212E-11D0-9DF9-00A0C922E6EC}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{6078223B-6348-437A-8E76-F9326E74668C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{6150E9BF-D029-4EA9-B122-0978F8F4E4E6}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{61B76A32-6422-11D5-A590-0050DABD6B8C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{61B76A34-6422-11D5-A590-0050DABD6B8C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{6311429E-2F1A-4777-880F-C7289FD10169}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{640167B4-59B0-47A6-B335-A6B3C0695AEA}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{6799211A-582F-4307-BCA6-EF28891C3DD5}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{68213E0D-E2B5-43D8-9683-080885FB7E24}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{69D0B4D2-E8C2-4A6F-942C-6C009E6CF096}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{6A01FDA0-30DF-11D0-B724-00AA006C1A01}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{6CEFB03E-7690-3724-A567-77CEBCCD2D03}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{6F3FE1E2-B01C-4A46-93FD-F3BA6366C3AF}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{7444C719-39BF-11D1-8CD9-00C04FC29D45}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{77F419AA-771A-45FF-AC66-7567FA3243D3}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{78A51822-51F4-11D0-8F20-00805F2CD064}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{7D5C4BDD-B015-4401-8731-1507B87DE297}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{7F38D87A-773C-4E6A-B37B-E619A0DBDB18}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{7FEBAF7C-18CF-11D2-993F-00A0C91F3880}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{807563E5-5146-11D5-A672-00B0D022E945}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{81853D85-6664-40EE-9406-774EC2CE77D6}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{83B8BCA6-687C-11D0-A405-00AA0060275C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{85E94D25-0712-47ED-8CDE-B0971177C6A1}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{8CDA9380-6D67-424B-BEBD-9505022F2E76}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{8E85D0CE-DEAF-4EA1-9410-FD1A2105CEB5}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{90BECECC-1777-4F3E-88EE-7D69D11FD818}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{9D148291-B9C8-11D0-A4CC-0000F80149F6}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{9E14B23A-5D8A-447F-B962-6D6D6897861E}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{A14A674B-E0BE-48C1-BAB2-6ACBA33CA8CF}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{AB517586-73CF-489C-8D8C-5AE0EAD0613A}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{B77B1CBF-E827-44A9-A33A-6CCFEEAA142A}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{C1908682-7B2C-4AB0-B98E-183649A0BF84}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{C206F324-BB45-4765-93FF-3BCA7306FF2E}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{C5621364-87CC-4731-8947-929CAE75323E}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{D250B176-7844-4C31-8F22-713A6F91E1A8}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{D58960BA-2EF3-4910-9E34-C911B1710180}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{D83A0655-59E2-44A5-B1F0-CB07B9B972F2}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{D83A0656-565B-47B1-A1BC-42F700061A72}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{D83A0657-1845-4C75-B1FD-53121EBF2AEA}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{D8FE166A-EEFC-4BA4-A102-0D9EBC56715B}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{D9BC6FA3-A54B-11D4-A516-0050DA68678D}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{D9BC6FA5-A54B-11D4-A516-0050DA68678D}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E01B917A-9C8B-41F2-923A-89304A830D1C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E03E85B0-7BE3-4000-BA98-6C13DE9FA486}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E2258CD0-A8D3-4DEC-ADE2-E18E53FB8A2C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E2258CD2-A8D3-4DEC-ADE2-E18E53FB8A2C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E2258CD4-A8D3-4DEC-ADE2-E18E53FB8A2C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E3E478D6-A2F2-4791-89A3-21F5C78DC3EC}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E53C85D6-E6D9-4BCF-A623-72062A99AA7F}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E5F53C93-E95C-437C-A179-6C95A7752622}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{EB030009-6D26-11D3-B0F4-00C04F60B2A1}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{F4F55570-2FF4-444F-9851-E04BA4E4B524}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{F6240000-66DA-4DCD-B1AF-5C59D05C44D5}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{F81E9010-6EA4-11CE-A7FF-00AA003CA9F6}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{F947BE82-1205-11D3-9E32-00104BD19098}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InprocServer32 -> C:\Users\Lindsay\AppData\Local\Umdrmedia\rnlcugwd.dll
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION
cmd: netsh advfirewall reset
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste or attach the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 lel1120

lel1120
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 21 April 2016 - 08:13 PM

I am getting an error message when I try and run FRST...

Attached Files



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,720 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:36 PM

Posted 21 April 2016 - 09:59 PM

Greetings,

The Fixlist and FRST.exe must be in the same location. Based on your initial post it looks like FRST.exe is in the Downloads folder:

Running from C:\Users\Lindsay\Downloads

You will need to save the Fixlist in the Downloads folder or move FRST.exe to your Desktop (assuming that is where the Fixlist is saved).
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 lel1120

lel1120
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 22 April 2016 - 11:59 AM

so I ran FRST, but it didn't place anything on the desktop after...



#12 lel1120

lel1120
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 22 April 2016 - 12:00 PM

Fix result of Farbar Recovery Scan Tool (x86) Version:18-04-2016
Ran by Lindsay (2016-04-22 09:40:29) Run:3
Running from C:\Users\Lindsay\Desktop\FRST folder
Loaded Profiles: Lindsay (Available Profiles: Lindsay)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Task: {23C90957-89D7-4DAB-B940-41DC74AD9A5E} - System32\Tasks\{72357627-5703-462F-A86A-745A867B9310} => pcalua.exe -a "C:\Users\Lindsay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZB28C8B8\yahoo_lemonysnicket_tm5-3[2].exe" -d C:\Users\Lindsay
Task: {4FC049D3-57A2-4A95-A608-0DA2C8B1F157} - System32\Tasks\{38D0B71A-F277-4887-AEEF-CA4D4A484116} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {5ACD82DB-0160-4B18-BE8C-F701E1E0DD86} - System32\Tasks\{7F09698E-5EFD-4384-A0CA-DBEE404F2871} => pcalua.exe -a C:\Users\Lindsay\Desktop\Install.exe -d C:\Users\Lindsay\Desktop
Task: {7B192DBE-5AAB-4624-B846-61EB8FA2D5EA} - System32\Tasks\RunAsStdUser Task => C:\Program Files\iWin Games\iWinGames.exe
C:\Program Files\iWin Games
Task: {9CB270B7-F452-4FD7-B5D7-73AA4FA25B6F} - System32\Tasks\{D80433F6-89F9-465C-999D-357940F43B42} => pcalua.exe -a "C:\Users\Lindsay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0KEF2QX\sp37021[1].exe" -d C:\Users\Lindsay\Desktop
Task: {A6CDFCE2-9D25-4C3B-9907-2DE04129D8C3} - System32\Tasks\{93B0E6E9-8C1F-4672-8E80-6628E78ED040} => pcalua.exe -a E:\setup32\autorun\autorun.exe -d E:\
Task: {B6166E49-EF5C-4580-95F2-E5F88F4144E8} - System32\Tasks\{D7D3161C-DE40-4980-A2F1-7FDE2BFE6C51} => pcalua.exe -a E:\setup.exe -d E:\
Task: {BDCCA621-89C2-41FA-8636-433CF9A04DDC} - System32\Tasks\{AD842762-EF80-4705-AF22-39DA8F804463} => pcalua.exe -a "C:\Users\Lindsay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0K40Q3J2\laserjet3200[1].exe" -d C:\Users\Lindsay
Task: {C911BE6B-FE5B-4E2E-9F01-D6E4347FAAAB} - System32\Tasks\IHUninstallTrackingTASK => /C DEL C:\Users\Lindsay\AppData\Local\Temp\IHU5503.tmp.exe
Task: {F6782275-47C4-4FD6-88CC-4E3EC6AF0068} - System32\Tasks\{CA15C59F-944D-4718-8C62-70C3C1B4383D} => pcalua.exe -a "C:\Users\Lindsay\Desktop\laserjet 3200\setup\Setup.exe" -d "C:\Users\Lindsay\Desktop\laserjet 3200\setup"
Task: {F9711C13-FF5D-48B9-8491-88A32F56414F} - System32\Tasks\{1C936A7D-A600-45D0-B831-2C67F2ACE8FA} => pcalua.exe -a C:\Windows\ST5UNST.EXE -c -n "C:\FootBall Grid\ST5UNST.LOG"
AlternateDataStreams: C:\ProgramData\TEMP:017C5853 [206]
AlternateDataStreams: C:\ProgramData\TEMP:064877B6 [434]
AlternateDataStreams: C:\ProgramData\TEMP:0CA8F181 [127]
AlternateDataStreams: C:\ProgramData\TEMP:0D82FC9D [100]
AlternateDataStreams: C:\ProgramData\TEMP:0EC7A545 [145]
AlternateDataStreams: C:\ProgramData\TEMP:122B409D [131]
AlternateDataStreams: C:\ProgramData\TEMP:14224589 [242]
AlternateDataStreams: C:\ProgramData\TEMP:16E7793D [102]
AlternateDataStreams: C:\ProgramData\TEMP:18173A8E [145]
AlternateDataStreams: C:\ProgramData\TEMP:18DEBC51 [135]
AlternateDataStreams: C:\ProgramData\TEMP:1C88C8E5 [202]
AlternateDataStreams: C:\ProgramData\TEMP:1CF2F47C [116]
AlternateDataStreams: C:\ProgramData\TEMP:1E3E41D3 [155]
AlternateDataStreams: C:\ProgramData\TEMP:1FA003F9 [98]
AlternateDataStreams: C:\ProgramData\TEMP:237E4B91 [114]
AlternateDataStreams: C:\ProgramData\TEMP:262338FE [260]
AlternateDataStreams: C:\ProgramData\TEMP:2836460B [105]
AlternateDataStreams: C:\ProgramData\TEMP:293697E7 [118]
AlternateDataStreams: C:\ProgramData\TEMP:294A5F28 [258]
AlternateDataStreams: C:\ProgramData\TEMP:2B454E16 [123]
AlternateDataStreams: C:\ProgramData\TEMP:2B9555D8 [448]
AlternateDataStreams: C:\ProgramData\TEMP:2BE0D46D [232]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [67]
AlternateDataStreams: C:\ProgramData\TEMP:2F141B68 [114]
AlternateDataStreams: C:\ProgramData\TEMP:31614B4F [109]
AlternateDataStreams: C:\ProgramData\TEMP:33AFD01D [113]
AlternateDataStreams: C:\ProgramData\TEMP:349CACE5 [141]
AlternateDataStreams: C:\ProgramData\TEMP:3678540D [120]
AlternateDataStreams: C:\ProgramData\TEMP:395C0D36 [127]
AlternateDataStreams: C:\ProgramData\TEMP:39D0446E [139]
AlternateDataStreams: C:\ProgramData\TEMP:3C4C57F9 [220]
AlternateDataStreams: C:\ProgramData\TEMP:3EC5BC08 [237]
AlternateDataStreams: C:\ProgramData\TEMP:3EE26F5F [114]
AlternateDataStreams: C:\ProgramData\TEMP:4072646B [107]
AlternateDataStreams: C:\ProgramData\TEMP:447AD91E [117]
AlternateDataStreams: C:\ProgramData\TEMP:471AD3D0 [262]
AlternateDataStreams: C:\ProgramData\TEMP:48429D0E [158]
AlternateDataStreams: C:\ProgramData\TEMP:4E645C1D [125]
AlternateDataStreams: C:\ProgramData\TEMP:4EC7F009 [225]
AlternateDataStreams: C:\ProgramData\TEMP:4FA837B4 [123]
AlternateDataStreams: C:\ProgramData\TEMP:5080697C [252]
AlternateDataStreams: C:\ProgramData\TEMP:52A22573 [117]
AlternateDataStreams: C:\ProgramData\TEMP:5433DBEF [58]
AlternateDataStreams: C:\ProgramData\TEMP:556B8A38 [115]
AlternateDataStreams: C:\ProgramData\TEMP:55818279 [100]
AlternateDataStreams: C:\ProgramData\TEMP:569CEE83 [129]
AlternateDataStreams: C:\ProgramData\TEMP:573A3907 [160]
AlternateDataStreams: C:\ProgramData\TEMP:5A991E48 [178]
AlternateDataStreams: C:\ProgramData\TEMP:5ACE199E [254]
AlternateDataStreams: C:\ProgramData\TEMP:5AE33054 [126]
AlternateDataStreams: C:\ProgramData\TEMP:5D2A2F0A [98]
AlternateDataStreams: C:\ProgramData\TEMP:5E73E1C2 [502]
AlternateDataStreams: C:\ProgramData\TEMP:5EE41602 [254]
AlternateDataStreams: C:\ProgramData\TEMP:5F280981 [256]
AlternateDataStreams: C:\ProgramData\TEMP:6017A808 [134]
AlternateDataStreams: C:\ProgramData\TEMP:623EC635 [113]
AlternateDataStreams: C:\ProgramData\TEMP:65521523 [174]
AlternateDataStreams: C:\ProgramData\TEMP:65C55727 [122]
AlternateDataStreams: C:\ProgramData\TEMP:6638AEDF [162]
AlternateDataStreams: C:\ProgramData\TEMP:6666A16B [162]
AlternateDataStreams: C:\ProgramData\TEMP:6A0A47E7 [254]
AlternateDataStreams: C:\ProgramData\TEMP:6D549BCC [109]
AlternateDataStreams: C:\ProgramData\TEMP:6FBD5837 [128]
AlternateDataStreams: C:\ProgramData\TEMP:6FC375B1 [119]
AlternateDataStreams: C:\ProgramData\TEMP:700B9342 [125]
AlternateDataStreams: C:\ProgramData\TEMP:708BB0FA [115]
AlternateDataStreams: C:\ProgramData\TEMP:70E897B5 [103]
AlternateDataStreams: C:\ProgramData\TEMP:725A4A66 [127]
AlternateDataStreams: C:\ProgramData\TEMP:7307D080 [118]
AlternateDataStreams: C:\ProgramData\TEMP:737160C1 [0]
AlternateDataStreams: C:\ProgramData\TEMP:75A89023 [124]
AlternateDataStreams: C:\ProgramData\TEMP:75DEB833 [120]
AlternateDataStreams: C:\ProgramData\TEMP:76DB9169 [123]
AlternateDataStreams: C:\ProgramData\TEMP:78DEA3A4 [95]
AlternateDataStreams: C:\ProgramData\TEMP:799F5445 [128]
AlternateDataStreams: C:\ProgramData\TEMP:7D50F3CE [126]
AlternateDataStreams: C:\ProgramData\TEMP:7EA8DDF7 [254]
AlternateDataStreams: C:\ProgramData\TEMP:8061242F [144]
AlternateDataStreams: C:\ProgramData\TEMP:8247A199 [106]
AlternateDataStreams: C:\ProgramData\TEMP:8401B6D5 [432]
AlternateDataStreams: C:\ProgramData\TEMP:8543BABC [248]
AlternateDataStreams: C:\ProgramData\TEMP:85F55C68 [105]
AlternateDataStreams: C:\ProgramData\TEMP:87B05421 [120]
AlternateDataStreams: C:\ProgramData\TEMP:895CFFA7 [236]
AlternateDataStreams: C:\ProgramData\TEMP:89C6F032 [127]
AlternateDataStreams: C:\ProgramData\TEMP:8DF68137 [110]
AlternateDataStreams: C:\ProgramData\TEMP:8E12100F [128]
AlternateDataStreams: C:\ProgramData\TEMP:8EC55520 [156]
AlternateDataStreams: C:\ProgramData\TEMP:8F4B5B2D [125]
AlternateDataStreams: C:\ProgramData\TEMP:91191703 [240]
AlternateDataStreams: C:\ProgramData\TEMP:920E58B7 [98]
AlternateDataStreams: C:\ProgramData\TEMP:930F088E [162]
AlternateDataStreams: C:\ProgramData\TEMP:940EEA60 [103]
AlternateDataStreams: C:\ProgramData\TEMP:94A4DF77 [125]
AlternateDataStreams: C:\ProgramData\TEMP:953CB9E9 [145]
AlternateDataStreams: C:\ProgramData\TEMP:95EBD4E0 [139]
AlternateDataStreams: C:\ProgramData\TEMP:9700C55E [141]
AlternateDataStreams: C:\ProgramData\TEMP:996104FC [113]
AlternateDataStreams: C:\ProgramData\TEMP:99963C1E [244]
AlternateDataStreams: C:\ProgramData\TEMP:9B58A61A [110]
AlternateDataStreams: C:\ProgramData\TEMP:9D0CEAB7 [157]
AlternateDataStreams: C:\ProgramData\TEMP:9D6EAEC3 [237]
AlternateDataStreams: C:\ProgramData\TEMP:9E3370A3 [124]
AlternateDataStreams: C:\ProgramData\TEMP:A00E67E1 [105]
AlternateDataStreams: C:\ProgramData\TEMP:A02025CE [242]
AlternateDataStreams: C:\ProgramData\TEMP:A1693604 [258]
AlternateDataStreams: C:\ProgramData\TEMP:A26AFC00 [245]
AlternateDataStreams: C:\ProgramData\TEMP:A3B8F70C [205]
AlternateDataStreams: C:\ProgramData\TEMP:A57D4D0A [118]
AlternateDataStreams: C:\ProgramData\TEMP:A5FC8FA1 [123]
AlternateDataStreams: C:\ProgramData\TEMP:A653FB07 [126]
AlternateDataStreams: C:\ProgramData\TEMP:A6CD15C3 [300]
AlternateDataStreams: C:\ProgramData\TEMP:A7DA2BCD [202]
AlternateDataStreams: C:\ProgramData\TEMP:AA3339BE [98]
AlternateDataStreams: C:\ProgramData\TEMP:AA37E770 [108]
AlternateDataStreams: C:\ProgramData\TEMP:ABADFC83 [129]
AlternateDataStreams: C:\ProgramData\TEMP:ACC48415 [108]
AlternateDataStreams: C:\ProgramData\TEMP:AFB24B00 [113]
AlternateDataStreams: C:\ProgramData\TEMP:AFEF2CE6 [110]
AlternateDataStreams: C:\ProgramData\TEMP:B1FBBD09 [198]
AlternateDataStreams: C:\ProgramData\TEMP:B280F0C0 [124]
AlternateDataStreams: C:\ProgramData\TEMP:B7C0A73F [125]
AlternateDataStreams: C:\ProgramData\TEMP:B8791731 [147]
AlternateDataStreams: C:\ProgramData\TEMP:BB0256E7 [129]
AlternateDataStreams: C:\ProgramData\TEMP:BBB82A4E [308]
AlternateDataStreams: C:\ProgramData\TEMP:BCCE4CAB [119]
AlternateDataStreams: C:\ProgramData\TEMP:BD27B7FC [230]
AlternateDataStreams: C:\ProgramData\TEMP:C07A6A6B [96]
AlternateDataStreams: C:\ProgramData\TEMP:C1980E97 [101]
AlternateDataStreams: C:\ProgramData\TEMP:C1B5E244 [121]
AlternateDataStreams: C:\ProgramData\TEMP:C22674B6 [202]
AlternateDataStreams: C:\ProgramData\TEMP:C726C321 [141]
AlternateDataStreams: C:\ProgramData\TEMP:C81E3C9C [121]
AlternateDataStreams: C:\ProgramData\TEMP:CB9AF090 [120]
AlternateDataStreams: C:\ProgramData\TEMP:CD609535 [107]
AlternateDataStreams: C:\ProgramData\TEMP:CDF8423E [214]
AlternateDataStreams: C:\ProgramData\TEMP:CF61CE5A [100]
AlternateDataStreams: C:\ProgramData\TEMP:D2648A4D [138]
AlternateDataStreams: C:\ProgramData\TEMP:D3A82449 [254]
AlternateDataStreams: C:\ProgramData\TEMP:D453E38B [123]
AlternateDataStreams: C:\ProgramData\TEMP:D4CA4749 [111]
AlternateDataStreams: C:\ProgramData\TEMP:D8F9D810 [222]
AlternateDataStreams: C:\ProgramData\TEMP:E0C8C69E [114]
AlternateDataStreams: C:\ProgramData\TEMP:E0E19514 [246]
AlternateDataStreams: C:\ProgramData\TEMP:E3F37A7D [103]
AlternateDataStreams: C:\ProgramData\TEMP:E411AA0D [270]
AlternateDataStreams: C:\ProgramData\TEMP:E6F5146C [138]
AlternateDataStreams: C:\ProgramData\TEMP:E84554BB [125]
AlternateDataStreams: C:\ProgramData\TEMP:EA1582F8 [100]
AlternateDataStreams: C:\ProgramData\TEMP:ED92736E [64]
AlternateDataStreams: C:\ProgramData\TEMP:F1DEA771 [124]
AlternateDataStreams: C:\ProgramData\TEMP:F6763F46 [272]
AlternateDataStreams: C:\ProgramData\TEMP:F7120F9A [126]
AlternateDataStreams: C:\ProgramData\TEMP:F76D01BB [114]
AlternateDataStreams: C:\ProgramData\TEMP:F84B8DB5 [214]
AlternateDataStreams: C:\ProgramData\TEMP:FC7ED104 [294]
AlternateDataStreams: C:\ProgramData\TEMP:FFE4BAC7 [168]
AlternateDataStreams: C:\ProgramData\TEMP:FFF5C02B [145]
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{0AF10CEC-2ECD-4B92-9581-34F6AE0637F3}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{0B61512C-0ED8-11D3-9E32-00104BD19098}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{0B91A74B-AD7C-4A9D-B563-29EEF9167172}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{0C15D503-D017-47CE-9016-7B3F978721CC}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{1143B0F7-C473-41E6-A3D3-5BE6747C4BF2}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{1388EEBB-9566-47F1-A93A-45BCE7784CD8}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{15A03DEA-0E76-44EE-A931-4EB1563FBC6B}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{1F2E5C40-9550-11CE-99D2-00AA006E086C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{25762500-AF02-4841-86EA-570C05251A21}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{294935CE-F637-4E7C-A41B-AB255460B862}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{2D0E74B6-021A-11D5-9054-00508BF70A94}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{3050F4F5-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{30C3B080-30FB-11D0-B724-00AA006C1A01}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{33FF368F-39A9-4F9E-8E17-60003CE8FF8B}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{35786D3C-B075-49B9-88DD-029876E11C01}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58700-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58702-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58703-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58712-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58713-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58715-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58716-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58718-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58731-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{3CFF8962-C47C-4ACD-8895-D33C0839BC06}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{3EA48300-8CF6-101B-84FB-666CCB9BCD32}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{3F06D202-EFCD-4EDC-B9AC-201629808A52}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{4657278A-411B-11D2-839A-00C04FD918D0}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{49F371E1-8C5C-4D9C-9A3B-54A6827F513C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{527C9A9B-B9A2-44B0-84F9-F0DC11C2BCFB}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{52A2AAAE-085D-4187-97EA-8C30DB990436}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{53BD6B4E-3780-4693-AFC3-7161C2F3EE9C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{5D02926A-212E-11D0-9DF9-00A0C922E6EC}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{6078223B-6348-437A-8E76-F9326E74668C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{6150E9BF-D029-4EA9-B122-0978F8F4E4E6}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{61B76A32-6422-11D5-A590-0050DABD6B8C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{61B76A34-6422-11D5-A590-0050DABD6B8C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{6311429E-2F1A-4777-880F-C7289FD10169}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{640167B4-59B0-47A6-B335-A6B3C0695AEA}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{6799211A-582F-4307-BCA6-EF28891C3DD5}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{68213E0D-E2B5-43D8-9683-080885FB7E24}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{69D0B4D2-E8C2-4A6F-942C-6C009E6CF096}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{6A01FDA0-30DF-11D0-B724-00AA006C1A01}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{6CEFB03E-7690-3724-A567-77CEBCCD2D03}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{6F3FE1E2-B01C-4A46-93FD-F3BA6366C3AF}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{7444C719-39BF-11D1-8CD9-00C04FC29D45}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{77F419AA-771A-45FF-AC66-7567FA3243D3}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{78A51822-51F4-11D0-8F20-00805F2CD064}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{7D5C4BDD-B015-4401-8731-1507B87DE297}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{7F38D87A-773C-4E6A-B37B-E619A0DBDB18}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{7FEBAF7C-18CF-11D2-993F-00A0C91F3880}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{807563E5-5146-11D5-A672-00B0D022E945}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{81853D85-6664-40EE-9406-774EC2CE77D6}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{83B8BCA6-687C-11D0-A405-00AA0060275C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{85E94D25-0712-47ED-8CDE-B0971177C6A1}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{8CDA9380-6D67-424B-BEBD-9505022F2E76}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{8E85D0CE-DEAF-4EA1-9410-FD1A2105CEB5}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{90BECECC-1777-4F3E-88EE-7D69D11FD818}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{9D148291-B9C8-11D0-A4CC-0000F80149F6}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{9E14B23A-5D8A-447F-B962-6D6D6897861E}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{A14A674B-E0BE-48C1-BAB2-6ACBA33CA8CF}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{AB517586-73CF-489C-8D8C-5AE0EAD0613A}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{B77B1CBF-E827-44A9-A33A-6CCFEEAA142A}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{C1908682-7B2C-4AB0-B98E-183649A0BF84}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{C206F324-BB45-4765-93FF-3BCA7306FF2E}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{C5621364-87CC-4731-8947-929CAE75323E}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{D250B176-7844-4C31-8F22-713A6F91E1A8}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{D58960BA-2EF3-4910-9E34-C911B1710180}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{D83A0655-59E2-44A5-B1F0-CB07B9B972F2}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{D83A0656-565B-47B1-A1BC-42F700061A72}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{D83A0657-1845-4C75-B1FD-53121EBF2AEA}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{D8FE166A-EEFC-4BA4-A102-0D9EBC56715B}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{D9BC6FA3-A54B-11D4-A516-0050DA68678D}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{D9BC6FA5-A54B-11D4-A516-0050DA68678D}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E01B917A-9C8B-41F2-923A-89304A830D1C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E03E85B0-7BE3-4000-BA98-6C13DE9FA486}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E2258CD0-A8D3-4DEC-ADE2-E18E53FB8A2C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E2258CD2-A8D3-4DEC-ADE2-E18E53FB8A2C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E2258CD4-A8D3-4DEC-ADE2-E18E53FB8A2C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E3E478D6-A2F2-4791-89A3-21F5C78DC3EC}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E53C85D6-E6D9-4BCF-A623-72062A99AA7F}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E5F53C93-E95C-437C-A179-6C95A7752622}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{EB030009-6D26-11D3-B0F4-00C04F60B2A1}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{F4F55570-2FF4-444F-9851-E04BA4E4B524}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{F6240000-66DA-4DCD-B1AF-5C59D05C44D5}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{F81E9010-6EA4-11CE-A7FF-00AA003CA9F6}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{F947BE82-1205-11D3-9E32-00104BD19098}\InprocServer32
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InprocServer32 -> C:\Users\Lindsay\AppData\Local\Umdrmedia\rnlcugwd.dll
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION
cmd: netsh advfirewall reset
emptytemp:
*****************
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23C90957-89D7-4DAB-B940-41DC74AD9A5E} => key not found. 
C:\Windows\System32\Tasks\{72357627-5703-462F-A86A-745A867B9310} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{72357627-5703-462F-A86A-745A867B9310} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FC049D3-57A2-4A95-A608-0DA2C8B1F157} => key not found. 
C:\Windows\System32\Tasks\{38D0B71A-F277-4887-AEEF-CA4D4A484116} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{38D0B71A-F277-4887-AEEF-CA4D4A484116} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5ACD82DB-0160-4B18-BE8C-F701E1E0DD86} => key not found. 
C:\Windows\System32\Tasks\{7F09698E-5EFD-4384-A0CA-DBEE404F2871} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7F09698E-5EFD-4384-A0CA-DBEE404F2871} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B192DBE-5AAB-4624-B846-61EB8FA2D5EA} => key not found. 
C:\Windows\System32\Tasks\RunAsStdUser Task => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task => key not found. 
"C:\Program Files\iWin Games" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CB270B7-F452-4FD7-B5D7-73AA4FA25B6F} => key not found. 
C:\Windows\System32\Tasks\{D80433F6-89F9-465C-999D-357940F43B42} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D80433F6-89F9-465C-999D-357940F43B42} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6CDFCE2-9D25-4C3B-9907-2DE04129D8C3} => key not found. 
C:\Windows\System32\Tasks\{93B0E6E9-8C1F-4672-8E80-6628E78ED040} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{93B0E6E9-8C1F-4672-8E80-6628E78ED040} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6166E49-EF5C-4580-95F2-E5F88F4144E8} => key not found. 
C:\Windows\System32\Tasks\{D7D3161C-DE40-4980-A2F1-7FDE2BFE6C51} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D7D3161C-DE40-4980-A2F1-7FDE2BFE6C51} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDCCA621-89C2-41FA-8636-433CF9A04DDC} => key not found. 
C:\Windows\System32\Tasks\{AD842762-EF80-4705-AF22-39DA8F804463} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AD842762-EF80-4705-AF22-39DA8F804463} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C911BE6B-FE5B-4E2E-9F01-D6E4347FAAAB} => key not found. 
C:\Windows\System32\Tasks\IHUninstallTrackingTASK => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IHUninstallTrackingTASK => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6782275-47C4-4FD6-88CC-4E3EC6AF0068} => key not found. 
C:\Windows\System32\Tasks\{CA15C59F-944D-4718-8C62-70C3C1B4383D} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CA15C59F-944D-4718-8C62-70C3C1B4383D} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9711C13-FF5D-48B9-8491-88A32F56414F} => key not found. 
C:\Windows\System32\Tasks\{1C936A7D-A600-45D0-B831-2C67F2ACE8FA} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1C936A7D-A600-45D0-B831-2C67F2ACE8FA} => key not found. 
"C:\ProgramData\TEMP" => ":017C5853" ADS not found.
"C:\ProgramData\TEMP" => ":064877B6" ADS not found.
"C:\ProgramData\TEMP" => ":0CA8F181" ADS not found.
"C:\ProgramData\TEMP" => ":0D82FC9D" ADS not found.
"C:\ProgramData\TEMP" => ":0EC7A545" ADS not found.
"C:\ProgramData\TEMP" => ":122B409D" ADS not found.
"C:\ProgramData\TEMP" => ":14224589" ADS not found.
"C:\ProgramData\TEMP" => ":16E7793D" ADS not found.
"C:\ProgramData\TEMP" => ":18173A8E" ADS not found.
"C:\ProgramData\TEMP" => ":18DEBC51" ADS not found.
"C:\ProgramData\TEMP" => ":1C88C8E5" ADS not found.
"C:\ProgramData\TEMP" => ":1CF2F47C" ADS not found.
"C:\ProgramData\TEMP" => ":1E3E41D3" ADS not found.
"C:\ProgramData\TEMP" => ":1FA003F9" ADS not found.
"C:\ProgramData\TEMP" => ":237E4B91" ADS not found.
"C:\ProgramData\TEMP" => ":262338FE" ADS not found.
"C:\ProgramData\TEMP" => ":2836460B" ADS not found.
"C:\ProgramData\TEMP" => ":293697E7" ADS not found.
"C:\ProgramData\TEMP" => ":294A5F28" ADS not found.
"C:\ProgramData\TEMP" => ":2B454E16" ADS not found.
"C:\ProgramData\TEMP" => ":2B9555D8" ADS not found.
"C:\ProgramData\TEMP" => ":2BE0D46D" ADS not found.
"C:\ProgramData\TEMP" => ":2CB9631F" ADS not found.
"C:\ProgramData\TEMP" => ":2F141B68" ADS not found.
"C:\ProgramData\TEMP" => ":31614B4F" ADS not found.
"C:\ProgramData\TEMP" => ":33AFD01D" ADS not found.
"C:\ProgramData\TEMP" => ":349CACE5" ADS not found.
"C:\ProgramData\TEMP" => ":3678540D" ADS not found.
"C:\ProgramData\TEMP" => ":395C0D36" ADS not found.
"C:\ProgramData\TEMP" => ":39D0446E" ADS not found.
"C:\ProgramData\TEMP" => ":3C4C57F9" ADS not found.
"C:\ProgramData\TEMP" => ":3EC5BC08" ADS not found.
"C:\ProgramData\TEMP" => ":3EE26F5F" ADS not found.
"C:\ProgramData\TEMP" => ":4072646B" ADS not found.
"C:\ProgramData\TEMP" => ":447AD91E" ADS not found.
"C:\ProgramData\TEMP" => ":471AD3D0" ADS not found.
"C:\ProgramData\TEMP" => ":48429D0E" ADS not found.
"C:\ProgramData\TEMP" => ":4E645C1D" ADS not found.
"C:\ProgramData\TEMP" => ":4EC7F009" ADS not found.
"C:\ProgramData\TEMP" => ":4FA837B4" ADS not found.
"C:\ProgramData\TEMP" => ":5080697C" ADS not found.
"C:\ProgramData\TEMP" => ":52A22573" ADS not found.
"C:\ProgramData\TEMP" => ":5433DBEF" ADS not found.
"C:\ProgramData\TEMP" => ":556B8A38" ADS not found.
"C:\ProgramData\TEMP" => ":55818279" ADS not found.
"C:\ProgramData\TEMP" => ":569CEE83" ADS not found.
"C:\ProgramData\TEMP" => ":573A3907" ADS not found.
"C:\ProgramData\TEMP" => ":5A991E48" ADS not found.
"C:\ProgramData\TEMP" => ":5ACE199E" ADS not found.
"C:\ProgramData\TEMP" => ":5AE33054" ADS not found.
"C:\ProgramData\TEMP" => ":5D2A2F0A" ADS not found.
"C:\ProgramData\TEMP" => ":5E73E1C2" ADS not found.
"C:\ProgramData\TEMP" => ":5EE41602" ADS not found.
"C:\ProgramData\TEMP" => ":5F280981" ADS not found.
"C:\ProgramData\TEMP" => ":6017A808" ADS not found.
"C:\ProgramData\TEMP" => ":623EC635" ADS not found.
"C:\ProgramData\TEMP" => ":65521523" ADS not found.
"C:\ProgramData\TEMP" => ":65C55727" ADS not found.
"C:\ProgramData\TEMP" => ":6638AEDF" ADS not found.
"C:\ProgramData\TEMP" => ":6666A16B" ADS not found.
"C:\ProgramData\TEMP" => ":6A0A47E7" ADS not found.
"C:\ProgramData\TEMP" => ":6D549BCC" ADS not found.
"C:\ProgramData\TEMP" => ":6FBD5837" ADS not found.
"C:\ProgramData\TEMP" => ":6FC375B1" ADS not found.
"C:\ProgramData\TEMP" => ":700B9342" ADS not found.
"C:\ProgramData\TEMP" => ":708BB0FA" ADS not found.
"C:\ProgramData\TEMP" => ":70E897B5" ADS not found.
"C:\ProgramData\TEMP" => ":725A4A66" ADS not found.
"C:\ProgramData\TEMP" => ":7307D080" ADS not found.
"C:\ProgramData\TEMP" => ":737160C1" ADS not found.
"C:\ProgramData\TEMP" => ":75A89023" ADS not found.
"C:\ProgramData\TEMP" => ":75DEB833" ADS not found.
"C:\ProgramData\TEMP" => ":76DB9169" ADS not found.
"C:\ProgramData\TEMP" => ":78DEA3A4" ADS not found.
"C:\ProgramData\TEMP" => ":799F5445" ADS not found.
"C:\ProgramData\TEMP" => ":7D50F3CE" ADS not found.
"C:\ProgramData\TEMP" => ":7EA8DDF7" ADS not found.
"C:\ProgramData\TEMP" => ":8061242F" ADS not found.
"C:\ProgramData\TEMP" => ":8247A199" ADS not found.
"C:\ProgramData\TEMP" => ":8401B6D5" ADS not found.
"C:\ProgramData\TEMP" => ":8543BABC" ADS not found.
"C:\ProgramData\TEMP" => ":85F55C68" ADS not found.
"C:\ProgramData\TEMP" => ":87B05421" ADS not found.
"C:\ProgramData\TEMP" => ":895CFFA7" ADS not found.
"C:\ProgramData\TEMP" => ":89C6F032" ADS not found.
"C:\ProgramData\TEMP" => ":8DF68137" ADS not found.
"C:\ProgramData\TEMP" => ":8E12100F" ADS not found.
"C:\ProgramData\TEMP" => ":8EC55520" ADS not found.
"C:\ProgramData\TEMP" => ":8F4B5B2D" ADS not found.
"C:\ProgramData\TEMP" => ":91191703" ADS not found.
"C:\ProgramData\TEMP" => ":920E58B7" ADS not found.
"C:\ProgramData\TEMP" => ":930F088E" ADS not found.
"C:\ProgramData\TEMP" => ":940EEA60" ADS not found.
"C:\ProgramData\TEMP" => ":94A4DF77" ADS not found.
"C:\ProgramData\TEMP" => ":953CB9E9" ADS not found.
"C:\ProgramData\TEMP" => ":95EBD4E0" ADS not found.
"C:\ProgramData\TEMP" => ":9700C55E" ADS not found.
"C:\ProgramData\TEMP" => ":996104FC" ADS not found.
"C:\ProgramData\TEMP" => ":99963C1E" ADS not found.
"C:\ProgramData\TEMP" => ":9B58A61A" ADS not found.
"C:\ProgramData\TEMP" => ":9D0CEAB7" ADS not found.
"C:\ProgramData\TEMP" => ":9D6EAEC3" ADS not found.
"C:\ProgramData\TEMP" => ":9E3370A3" ADS not found.
"C:\ProgramData\TEMP" => ":A00E67E1" ADS not found.
"C:\ProgramData\TEMP" => ":A02025CE" ADS not found.
"C:\ProgramData\TEMP" => ":A1693604" ADS not found.
"C:\ProgramData\TEMP" => ":A26AFC00" ADS not found.
"C:\ProgramData\TEMP" => ":A3B8F70C" ADS not found.
"C:\ProgramData\TEMP" => ":A57D4D0A" ADS not found.
"C:\ProgramData\TEMP" => ":A5FC8FA1" ADS not found.
"C:\ProgramData\TEMP" => ":A653FB07" ADS not found.
"C:\ProgramData\TEMP" => ":A6CD15C3" ADS not found.
"C:\ProgramData\TEMP" => ":A7DA2BCD" ADS not found.
"C:\ProgramData\TEMP" => ":AA3339BE" ADS not found.
"C:\ProgramData\TEMP" => ":AA37E770" ADS not found.
"C:\ProgramData\TEMP" => ":ABADFC83" ADS not found.
"C:\ProgramData\TEMP" => ":ACC48415" ADS not found.
"C:\ProgramData\TEMP" => ":AFB24B00" ADS not found.
"C:\ProgramData\TEMP" => ":AFEF2CE6" ADS not found.
"C:\ProgramData\TEMP" => ":B1FBBD09" ADS not found.
"C:\ProgramData\TEMP" => ":B280F0C0" ADS not found.
"C:\ProgramData\TEMP" => ":B7C0A73F" ADS not found.
"C:\ProgramData\TEMP" => ":B8791731" ADS not found.
"C:\ProgramData\TEMP" => ":BB0256E7" ADS not found.
"C:\ProgramData\TEMP" => ":BBB82A4E" ADS not found.
"C:\ProgramData\TEMP" => ":BCCE4CAB" ADS not found.
"C:\ProgramData\TEMP" => ":BD27B7FC" ADS not found.
"C:\ProgramData\TEMP" => ":C07A6A6B" ADS not found.
"C:\ProgramData\TEMP" => ":C1980E97" ADS not found.
"C:\ProgramData\TEMP" => ":C1B5E244" ADS not found.
"C:\ProgramData\TEMP" => ":C22674B6" ADS not found.
"C:\ProgramData\TEMP" => ":C726C321" ADS not found.
"C:\ProgramData\TEMP" => ":C81E3C9C" ADS not found.
"C:\ProgramData\TEMP" => ":CB9AF090" ADS not found.
"C:\ProgramData\TEMP" => ":CD609535" ADS not found.
"C:\ProgramData\TEMP" => ":CDF8423E" ADS not found.
"C:\ProgramData\TEMP" => ":CF61CE5A" ADS not found.
"C:\ProgramData\TEMP" => ":D2648A4D" ADS not found.
"C:\ProgramData\TEMP" => ":D3A82449" ADS not found.
"C:\ProgramData\TEMP" => ":D453E38B" ADS not found.
"C:\ProgramData\TEMP" => ":D4CA4749" ADS not found.
"C:\ProgramData\TEMP" => ":D8F9D810" ADS not found.
"C:\ProgramData\TEMP" => ":E0C8C69E" ADS not found.
"C:\ProgramData\TEMP" => ":E0E19514" ADS not found.
"C:\ProgramData\TEMP" => ":E3F37A7D" ADS not found.
"C:\ProgramData\TEMP" => ":E411AA0D" ADS not found.
"C:\ProgramData\TEMP" => ":E6F5146C" ADS not found.
"C:\ProgramData\TEMP" => ":E84554BB" ADS not found.
"C:\ProgramData\TEMP" => ":EA1582F8" ADS not found.
"C:\ProgramData\TEMP" => ":ED92736E" ADS not found.
"C:\ProgramData\TEMP" => ":F1DEA771" ADS not found.
"C:\ProgramData\TEMP" => ":F6763F46" ADS not found.
"C:\ProgramData\TEMP" => ":F7120F9A" ADS not found.
"C:\ProgramData\TEMP" => ":F76D01BB" ADS not found.
"C:\ProgramData\TEMP" => ":F84B8DB5" ADS not found.
"C:\ProgramData\TEMP" => ":FC7ED104" ADS not found.
"C:\ProgramData\TEMP" => ":FFE4BAC7" ADS not found.
"C:\ProgramData\TEMP" => ":FFF5C02B" ADS not found.
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{0AF10CEC-2ECD-4B92-9581-34F6AE0637F3}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{0B61512C-0ED8-11D3-9E32-00104BD19098}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{0B91A74B-AD7C-4A9D-B563-29EEF9167172}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{0C15D503-D017-47CE-9016-7B3F978721CC}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{1143B0F7-C473-41E6-A3D3-5BE6747C4BF2}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{1388EEBB-9566-47F1-A93A-45BCE7784CD8}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{15A03DEA-0E76-44EE-A931-4EB1563FBC6B}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{1F2E5C40-9550-11CE-99D2-00AA006E086C}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{25762500-AF02-4841-86EA-570C05251A21}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{294935CE-F637-4E7C-A41B-AB255460B862}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{2D0E74B6-021A-11D5-9054-00508BF70A94}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{3050F4F5-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{30C3B080-30FB-11D0-B724-00AA006C1A01}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{33FF368F-39A9-4F9E-8E17-60003CE8FF8B}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{35786D3C-B075-49B9-88DD-029876E11C01}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58700-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58702-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58703-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58712-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58713-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58715-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58716-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58718-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58731-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{3CFF8962-C47C-4ACD-8895-D33C0839BC06}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{3EA48300-8CF6-101B-84FB-666CCB9BCD32}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{3F06D202-EFCD-4EDC-B9AC-201629808A52}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{4657278A-411B-11D2-839A-00C04FD918D0}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{49F371E1-8C5C-4D9C-9A3B-54A6827F513C}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{527C9A9B-B9A2-44B0-84F9-F0DC11C2BCFB}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{52A2AAAE-085D-4187-97EA-8C30DB990436}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{53BD6B4E-3780-4693-AFC3-7161C2F3EE9C}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{5D02926A-212E-11D0-9DF9-00A0C922E6EC}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{6078223B-6348-437A-8E76-F9326E74668C}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{6150E9BF-D029-4EA9-B122-0978F8F4E4E6}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{61B76A32-6422-11D5-A590-0050DABD6B8C}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{61B76A34-6422-11D5-A590-0050DABD6B8C}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{6311429E-2F1A-4777-880F-C7289FD10169}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{640167B4-59B0-47A6-B335-A6B3C0695AEA}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{6799211A-582F-4307-BCA6-EF28891C3DD5}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{68213E0D-E2B5-43D8-9683-080885FB7E24}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{69D0B4D2-E8C2-4A6F-942C-6C009E6CF096}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{6A01FDA0-30DF-11D0-B724-00AA006C1A01}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{6CEFB03E-7690-3724-A567-77CEBCCD2D03}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{6F3FE1E2-B01C-4A46-93FD-F3BA6366C3AF}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{7444C719-39BF-11D1-8CD9-00C04FC29D45}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{77F419AA-771A-45FF-AC66-7567FA3243D3}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{78A51822-51F4-11D0-8F20-00805F2CD064}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{7D5C4BDD-B015-4401-8731-1507B87DE297}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{7F38D87A-773C-4E6A-B37B-E619A0DBDB18}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{7FEBAF7C-18CF-11D2-993F-00A0C91F3880}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{807563E5-5146-11D5-A672-00B0D022E945}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{81853D85-6664-40EE-9406-774EC2CE77D6}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{83B8BCA6-687C-11D0-A405-00AA0060275C}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{85E94D25-0712-47ED-8CDE-B0971177C6A1}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{8CDA9380-6D67-424B-BEBD-9505022F2E76}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{8E85D0CE-DEAF-4EA1-9410-FD1A2105CEB5}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{90BECECC-1777-4F3E-88EE-7D69D11FD818}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{9D148291-B9C8-11D0-A4CC-0000F80149F6}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{9E14B23A-5D8A-447F-B962-6D6D6897861E}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{A14A674B-E0BE-48C1-BAB2-6ACBA33CA8CF}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{AB517586-73CF-489C-8D8C-5AE0EAD0613A}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{B77B1CBF-E827-44A9-A33A-6CCFEEAA142A}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{C1908682-7B2C-4AB0-B98E-183649A0BF84}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{C206F324-BB45-4765-93FF-3BCA7306FF2E}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{C5621364-87CC-4731-8947-929CAE75323E}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{D250B176-7844-4C31-8F22-713A6F91E1A8}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{D58960BA-2EF3-4910-9E34-C911B1710180}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{D83A0655-59E2-44A5-B1F0-CB07B9B972F2}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{D83A0656-565B-47B1-A1BC-42F700061A72}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{D83A0657-1845-4C75-B1FD-53121EBF2AEA}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{D8FE166A-EEFC-4BA4-A102-0D9EBC56715B}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{D9BC6FA3-A54B-11D4-A516-0050DA68678D}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{D9BC6FA5-A54B-11D4-A516-0050DA68678D}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E01B917A-9C8B-41F2-923A-89304A830D1C}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E03E85B0-7BE3-4000-BA98-6C13DE9FA486}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E2258CD0-A8D3-4DEC-ADE2-E18E53FB8A2C}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E2258CD2-A8D3-4DEC-ADE2-E18E53FB8A2C}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E2258CD4-A8D3-4DEC-ADE2-E18E53FB8A2C}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E3E478D6-A2F2-4791-89A3-21F5C78DC3EC}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E53C85D6-E6D9-4BCF-A623-72062A99AA7F}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E5F53C93-E95C-437C-A179-6C95A7752622}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{EB030009-6D26-11D3-B0F4-00C04F60B2A1}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{F4F55570-2FF4-444F-9851-E04BA4E4B524}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{F6240000-66DA-4DCD-B1AF-5C59D05C44D5}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{F81E9010-6EA4-11CE-A7FF-00AA003CA9F6}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
CustomCLSID: HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{F947BE82-1205-11D3-9E32-00104BD19098}\InprocServer32 => key could not remove. ErrorCode: 0xC000003B
HKU\S-1-5-21-1078577255-633202429-3496206462-1000_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} => key not found. 
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\Software\Classes\.exe => key not found. 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
EmptyTemp: => 34.1 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 09:42:12 ====


#13 lel1120

lel1120
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 22 April 2016 - 12:03 PM

thank you btw... I don't know if I've stated that! :smash:



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,720 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:36 PM

Posted 22 April 2016 - 02:06 PM

You are welcome.

Is it possible you ran the fix twice?

How is your computer running?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 lel1120

lel1120
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 22 April 2016 - 02:26 PM

I'm not sure if I did... it seems to be running well...

 

is there anything I can do with all my .crypted files?  :(






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users