Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Most likely adware issue on laptop [Solved]


  • This topic is locked This topic is locked

#1
GTech

GTech

    Member

  • Member
  • PipPip
  • 78 posts

Hello,

 

My laptop most likely has adware as random ads consistently appear while I'm browsing on the internet. I use Google Chrome and it also closes randomly as well. The computer is very slow, too. 

 

Basic specs of the computer: 

 

- Acer Aspire 

- AMD Quad Core Processor A6-3420M with Turbo CORE Technology up to 2.40 Ghz

- AMD Radeon HD 6520G with 512 mb graphics system memory

- Software used is Windows  7

 

Any other information required please let me know and I'll gladly provide it for you.

 

I appreciate any help. Thank you!

 

 


  • 0

Advertisements


#2
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Greetings and :welcome:

My nickname is Ruggie and I will be assisting you in cleaning your computer.
 

  • Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
  • When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.
  • If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.

stop32.png Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

right-grn.pngPlease be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

right-grn.pngIf at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

right-grn.png I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

right-grn.png Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

right-grn.pngPlease stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

right-grn.png Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

right-grn.png If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

right-grn.png If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work

Initial FRST Scan

Please download Farbar Recovery Scan Tool and save it to your Desktop. There will be 2 versions offered, if you know which version is the one you need, download that one, if not, download both, only one will work on your computer, that is the one you need.


  • Right click frst.png to run as administrator. >> Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to the disclaimer.
  • Ensure that the following are ticked as in the image below

Addition.txt

frst-addition.png


  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • This will also generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Items I need to see in your next post:



  • FRST.txt
  • Addition.txt

 

 


  • 0

#3
GTech

GTech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Hello Ruggie,

 

Thank you for taking interest in helping my case. I look forward to working with you. Here is what you've asked for: 

 

  • FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015

Ran by Crystal Narine (administrator) on CRYSTALNARINE on 08-07-2015 00:57:20
Running from C:\Users\Crystal Narine\Downloads
Loaded Profiles: Crystal Narine (Available Profiles: Crystal Narine)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\PaperCut MF Client\pc-client.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464984 2012-10-12] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2075288 2012-10-12] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-23] (NTI Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-05-04] (Memeo Inc.)
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PaperCut MF Client] => C:\Program Files (x86)\PaperCut MF Client\pc-client.exe [274432 2013-05-02] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\Run: [Google Update] => C:\Users\Crystal Narine\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-30] (Google Inc.)
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\Run: [Facebook Update] => C:\Users\Crystal Narine\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-08] (Facebook Inc.)
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2676584 2011-09-16] (Hewlett-Packard Co.)
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\Run: [OneDrive] => C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382664 2015-05-21] (Microsoft Corporation)
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\RunOnce: [Uninstall C:\Users\Crystal Narine\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Crystal Narine\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64"
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\RunOnce: [Uninstall C:\Users\Crystal Narine\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Crystal Narine\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314"
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\RunOnce: [Uninstall C:\Users\Crystal Narine\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Crystal Narine\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\RunOnce: [Uninstall C:\Users\Crystal Narine\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Crystal Narine\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530"
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\RunOnce: [Uninstall C:\Users\Crystal Narine\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Crystal Narine\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\RunOnce: [Uninstall C:\Users\Crystal Narine\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Crystal Narine\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627"
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\RunOnce: [Uninstall C:\Users\Crystal Narine\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Crystal Narine\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811"
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\RunOnce: [Uninstall C:\Users\Crystal Narine\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Crystal Narine\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217"
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\RunOnce: [Uninstall C:\Users\Crystal Narine\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Crystal Narine\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328"
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\RunOnce: [Uninstall C:\Users\Crystal Narine\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Crystal Narine\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512"
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\RunOnce: [Uninstall C:\Users\Crystal Narine\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Crystal Narine\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612"
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\RunOnce: [Uninstall C:\Users\Crystal Narine\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Crystal Narine\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618"
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\RunOnce: [Uninstall C:\Users\Crystal Narine\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Crystal Narine\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714"
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\RunOnce: [Uninstall C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\17.3.4713.0209] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\17.3.4713.0209"
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\RunOnce: [Uninstall C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\17.3.4724.0224] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\17.3.4724.0224"
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\RunOnce: [Uninstall C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\17.3.4726.0226] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\17.3.4726.0226"
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\RunOnce: [Uninstall C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\17.3.5849.0427] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\17.3.5849.0427"
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\MountPoints2: {0c8ea059-c550-11e3-a170-207c8f81d7e1} - E:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\MountPoints2: {6dfb850f-fd01-11e1-b56e-206a8a6fa9a7} - E:\PcOptions.exe
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\MountPoints2: {6dfb8511-fd01-11e1-b56e-206a8a6fa9a7} - E:\PcOptions.exe
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\Users\Crystal Narine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk [2012-10-06]
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-21] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-736287554-3709403269-3079134508-1001] => Internet Explorer proxy is enabled
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....&cc=CA&unqvl=86
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ca/?ocid=iehp
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....are.com/secure/
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=CA&unqvl=86
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=CA&unqvl=86
SearchScopes: HKU\S-1-5-21-736287554-3709403269-3079134508-1001 -> {8CDF07B6-73A7-40A8-9F1A-0A6C7E00EE1B} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-736287554-3709403269-3079134508-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=CA&unqvl=86
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanne..._IKEA_Win32.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{152C6A0D-29AC-4490-B187-3E212489C9DD}: [DhcpNameServer] 64.71.255.205 64.71.255.253
Tcpip\..\Interfaces\{55F27780-C503-474A-B98F-93B14E7AD10B}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{857B41F6-5D78-4B4E-8925-71AF6D58FA1C}: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{EFAC0B0B-7C2F-46D4-8991-5CA2FEDCE704}: [DhcpNameServer] 200.1.104.35 200.1.104.36
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-09-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-07-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-07-05] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-736287554-3709403269-3079134508-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Crystal Narine\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-736287554-3709403269-3079134508-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Crystal Narine\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-736287554-3709403269-3079134508-1001: @talk.google.com/O1DPlugin -> C:\Users\Crystal Narine\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-736287554-3709403269-3079134508-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Crystal Narine\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-736287554-3709403269-3079134508-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Crystal Narine\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Crystal Narine\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Crystal Narine\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
 
Chrome: 
=======
CHR Profile: C:\Users\Crystal Narine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Crystal Narine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-30]
CHR Extension: (Google Cast) - C:\Users\Crystal Narine\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-19]
CHR Extension: (Google Search) - C:\Users\Crystal Narine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Crystal Narine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-06]
CHR Extension: (Skype Click to Call) - C:\Users\Crystal Narine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-13]
CHR Extension: (Google Wallet) - C:\Users\Crystal Narine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Crystal Narine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2013-06-25]
CHR Extension: (Gmail) - C:\Users\Crystal Narine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 6135ae48; c:\Program Files (x86)\SustainerPlus\SustainerPlus.dll [1782784 2015-06-22] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 862ff8a7; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\afterguard\afterguard.dll",serv
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2008-05-06] (Western Digital Technologies) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-08 00:57 - 2015-07-08 00:59 - 00027387 _____ C:\Users\Crystal Narine\Downloads\FRST.txt
2015-07-08 00:56 - 2015-07-08 00:57 - 00000000 ____D C:\FRST
2015-07-08 00:56 - 2015-07-08 00:56 - 02112512 _____ (Farbar) C:\Users\Crystal Narine\Downloads\FRST64.exe
2015-07-08 00:55 - 2015-07-08 00:55 - 01636352 _____ (Farbar) C:\Users\Crystal Narine\Downloads\FRST.exe
2015-07-08 00:46 - 2015-07-08 00:46 - 00000000 ___HD C:\OneDriveTemp
2015-07-05 19:09 - 2015-07-08 00:47 - 00000020 _____ C:\Users\Crystal Narine\AppData\Roaming\appdataFr2.bin
2015-07-05 19:06 - 2015-07-05 19:06 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-05 19:06 - 2015-07-05 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-03 21:57 - 2015-07-03 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-03 21:57 - 2015-07-03 21:57 - 00001757 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-03 21:56 - 2015-07-03 21:57 - 00000000 ____D C:\Program Files\iTunes
2015-07-03 21:56 - 2015-07-03 21:56 - 00000000 ____D C:\Program Files\iPod
2015-07-02 21:24 - 2015-07-02 21:24 - 00000000 _____ C:\Users\Crystal Narine\.uc-3273fe9c41494ce7f21d31cbc126fed0.crystal narine.crystalnarine.tmp
2015-06-22 19:19 - 2015-06-22 19:19 - 00000000 ____D C:\Program Files (x86)\SustainerPlus
2015-06-22 19:19 - 2015-06-22 19:19 - 00000000 ____D C:\Program Files (x86)\Spanish translator for the web
2015-06-22 19:18 - 2015-07-05 19:00 - 00000000 ____D C:\Program Files (x86)\RaespectSale
2015-06-22 19:17 - 2015-07-04 16:17 - 00000000 ____D C:\ProgramData\{85bbeade-1781-c9ee-85bb-beade178ab78}
2015-06-10 23:08 - 2015-06-10 23:08 - 06112072 _____ (Apple, Inc.) C:\Windows\system32\usbaaplrc.dll
2015-06-10 23:08 - 2015-06-10 23:08 - 00054784 _____ (Apple, Inc.) C:\Windows\system32\Drivers\usbaapl64.sys
2015-06-10 20:00 - 2015-05-22 14:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 20:00 - 2015-05-22 14:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 20:00 - 2015-05-22 14:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 20:00 - 2015-05-22 14:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 20:00 - 2015-05-22 14:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 20:00 - 2015-05-22 14:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 20:00 - 2015-05-22 14:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 20:00 - 2015-05-21 09:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 20:00 - 2015-04-29 14:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 20:00 - 2015-04-29 14:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 20:00 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 20:00 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 20:00 - 2015-04-29 14:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 20:00 - 2015-04-29 14:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 20:00 - 2015-04-29 14:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 20:00 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 20:00 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 20:00 - 2015-04-29 14:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 19:59 - 2015-05-25 14:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 19:59 - 2015-05-25 14:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 19:59 - 2015-05-25 14:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 19:59 - 2015-05-25 14:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 19:59 - 2015-05-25 14:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 19:59 - 2015-05-25 14:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 19:59 - 2015-05-25 14:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 19:59 - 2015-05-25 14:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 19:59 - 2015-05-25 14:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 19:59 - 2015-05-25 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 19:59 - 2015-05-25 14:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 19:59 - 2015-05-25 14:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 19:59 - 2015-05-25 14:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 19:59 - 2015-05-25 14:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 19:59 - 2015-05-25 14:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 19:59 - 2015-05-25 14:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 19:59 - 2015-05-25 14:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 19:59 - 2015-05-25 14:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 19:59 - 2015-05-25 14:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 19:59 - 2015-05-25 14:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 19:59 - 2015-05-25 14:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 19:59 - 2015-05-25 14:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 19:59 - 2015-05-25 14:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 19:59 - 2015-05-25 14:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 19:59 - 2015-05-25 14:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 19:59 - 2015-05-25 14:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 19:59 - 2015-05-25 14:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 19:59 - 2015-05-25 14:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 19:59 - 2015-05-25 14:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 19:59 - 2015-05-25 14:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 19:59 - 2015-05-25 14:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 19:59 - 2015-05-25 14:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 19:59 - 2015-05-25 14:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 19:59 - 2015-05-25 14:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 19:59 - 2015-05-25 14:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 19:59 - 2015-05-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 19:59 - 2015-05-25 14:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 19:59 - 2015-05-25 14:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 19:59 - 2015-05-25 14:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 19:59 - 2015-05-25 14:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 19:59 - 2015-05-25 14:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 14:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 19:59 - 2015-05-25 14:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 19:59 - 2015-05-25 14:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 19:59 - 2015-05-25 14:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 19:59 - 2015-05-25 14:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 19:59 - 2015-05-25 14:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 19:59 - 2015-05-25 14:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 19:59 - 2015-05-25 14:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 19:59 - 2015-05-25 14:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 19:59 - 2015-05-25 14:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 19:59 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 19:59 - 2015-05-25 14:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 19:59 - 2015-05-25 14:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 19:59 - 2015-05-25 14:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 19:59 - 2015-05-25 14:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 19:59 - 2015-05-25 14:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 19:59 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 19:59 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 19:59 - 2015-05-25 14:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 19:59 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 19:59 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 19:59 - 2015-05-25 14:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 19:59 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 19:59 - 2015-05-25 13:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 19:59 - 2015-05-25 13:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 19:59 - 2015-05-25 13:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 19:59 - 2015-05-25 13:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 19:59 - 2015-05-25 13:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 19:59 - 2015-05-25 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 19:59 - 2015-05-25 13:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 19:59 - 2015-05-25 13:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 19:59 - 2015-05-25 13:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 13:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 19:59 - 2015-05-25 12:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 19:59 - 2015-05-25 12:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 19:59 - 2015-05-25 12:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 12:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 12:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 19:59 - 2015-05-25 12:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 19:59 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 19:59 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 19:58 - 2015-05-25 13:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 19:57 - 2015-06-01 15:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 19:57 - 2015-06-01 14:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 19:57 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 19:57 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 19:57 - 2015-05-22 23:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 19:57 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 19:57 - 2015-05-22 23:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 19:57 - 2015-05-22 23:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 19:57 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 19:57 - 2015-05-22 23:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 19:57 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 19:57 - 2015-05-22 23:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 19:57 - 2015-05-22 23:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 19:57 - 2015-05-22 23:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 19:57 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 19:57 - 2015-05-22 23:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 19:57 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 19:57 - 2015-05-22 22:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 19:57 - 2015-05-22 22:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 19:57 - 2015-05-22 22:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 19:57 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 19:57 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 19:57 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 19:57 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 19:57 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 19:57 - 2015-05-22 22:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 19:57 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 19:57 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 19:57 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 19:57 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 19:57 - 2015-05-22 15:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 19:57 - 2015-05-22 15:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 19:57 - 2015-05-22 15:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 19:57 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 19:57 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 19:57 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 19:57 - 2015-05-22 15:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 19:57 - 2015-05-22 14:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 19:57 - 2015-05-22 14:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 19:57 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 19:57 - 2015-05-22 14:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 19:57 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 19:57 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 19:57 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 19:57 - 2015-05-22 14:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 19:57 - 2015-05-22 14:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 19:57 - 2015-05-22 14:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 19:57 - 2015-05-22 14:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 19:57 - 2015-05-22 14:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 19:57 - 2015-05-22 14:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 19:57 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 19:57 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 19:57 - 2015-05-22 14:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 19:57 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 19:57 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 19:57 - 2015-05-22 14:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 19:57 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 19:57 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 19:57 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 19:57 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 19:57 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-08 00:58 - 2012-01-19 15:22 - 02044119 _____ C:\Windows\WindowsUpdate.log
2015-07-08 00:57 - 2009-07-14 00:45 - 00031712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-08 00:57 - 2009-07-14 00:45 - 00031712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-08 00:48 - 2014-04-17 12:44 - 00000438 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-07-08 00:46 - 2014-07-10 12:40 - 00000000 ___RD C:\Users\Crystal Narine\OneDrive
2015-07-08 00:46 - 2012-01-19 15:48 - 00000000 ____D C:\ProgramData\clear.fi
2015-07-08 00:44 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-08 00:44 - 2009-07-14 00:51 - 00172482 _____ C:\Windows\setupact.log
2015-07-06 20:41 - 2013-07-30 15:12 - 00000000 ____D C:\Users\Crystal Narine\AppData\Local\Windows Live
2015-07-06 20:35 - 2009-07-14 01:13 - 00786622 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-06 20:20 - 2012-09-08 12:15 - 00000964 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-736287554-3709403269-3079134508-1001UA.job
2015-07-06 20:15 - 2012-09-08 12:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-06 20:02 - 2012-08-30 11:06 - 00000944 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-736287554-3709403269-3079134508-1001UA.job
2015-07-06 20:01 - 2012-10-06 19:06 - 00000274 _____ C:\Windows\Tasks\HP Photo Creations Messager.job
2015-07-06 15:43 - 2013-03-30 14:35 - 00000000 ____D C:\Users\Crystal Narine\AppData\Local\8673CED4-F1DB-48DC-B920-ED0DC0790B58.aplzod
2015-07-06 09:48 - 2010-11-20 23:47 - 00266238 _____ C:\Windows\PFRO.log
2015-07-05 22:18 - 2012-10-23 22:29 - 00000000 ____D C:\Users\Crystal Narine\AppData\Roaming\Skype
2015-07-05 19:17 - 2015-05-18 19:17 - 00000404 _____ C:\Windows\Tasks\Bidaily Synchronize Task[pr].job
2015-07-05 19:08 - 2012-08-30 11:00 - 00002214 _____ C:\Users\Crystal Narine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-05 19:06 - 2015-05-18 17:46 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-05 18:56 - 2012-08-30 11:06 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-736287554-3709403269-3079134508-1001Core.job
2015-07-05 18:53 - 2012-09-08 12:15 - 00000942 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-736287554-3709403269-3079134508-1001Core.job
2015-07-03 21:56 - 2015-04-09 20:15 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-03 21:56 - 2015-04-09 20:15 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-03 21:56 - 2012-09-04 09:55 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-03 21:49 - 2013-07-11 12:28 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-03 21:49 - 2011-11-02 19:02 - 00000000 ____D C:\ProgramData\Skype
2015-07-02 21:24 - 2012-08-30 23:02 - 00000000 ____D C:\Users\Crystal Narine
2015-06-27 07:44 - 2014-12-28 23:57 - 00000000 __SHD C:\Users\Crystal Narine\AppData\Local\EmieBrowserModeList
2015-06-27 07:44 - 2014-04-19 18:26 - 00000000 __SHD C:\Users\Crystal Narine\AppData\Local\EmieUserList
2015-06-27 07:44 - 2014-04-19 18:26 - 00000000 __SHD C:\Users\Crystal Narine\AppData\Local\EmieSiteList
2015-06-24 18:32 - 2014-12-23 21:18 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-23 20:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-06-23 19:15 - 2012-09-08 12:55 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-23 19:15 - 2012-09-08 12:55 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-23 19:15 - 2011-11-02 18:37 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-22 19:19 - 2015-05-18 19:18 - 00000000 ____D C:\ProgramData\6419412408067237368
2015-06-13 19:48 - 2013-06-27 13:07 - 00243200 _____ C:\Users\Crystal Narine\Documents\Pay.xls
2015-06-12 19:53 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-12 19:50 - 2009-07-14 00:45 - 00434616 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-12 19:47 - 2014-12-11 12:58 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-12 19:47 - 2014-05-11 09:49 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-12 19:47 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-11 08:25 - 2012-09-08 11:52 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 08:16 - 2013-08-15 02:06 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 07:54 - 2012-09-29 14:32 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2015-07-05 19:09 - 2015-07-08 00:47 - 0000020 _____ () C:\Users\Crystal Narine\AppData\Roaming\appdataFr2.bin
2012-10-06 19:03 - 2012-10-06 19:03 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-01-19 15:40 - 2012-01-19 15:43 - 0015123 _____ () C:\ProgramData\ArcadeDeluxe5.log
2012-08-30 11:36 - 2012-08-30 11:36 - 0000032 _____ () C:\ProgramData\Temp.log
 
Some files in TEMP:
====================
C:\Users\Crystal Narine\AppData\Local\Temp\9F4E.exe
C:\Users\Crystal Narine\AppData\Local\Temp\MotorolaDeviceManager_2.2.23.exe
C:\Users\Crystal Narine\AppData\Local\Temp\MsStbL.exe
C:\Users\Crystal Narine\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-03 22:18
 
==================== End of log ============================
 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015

Ran by Crystal Narine at 2015-07-08 01:01:12
Running from C:\Users\Crystal Narine\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-736287554-3709403269-3079134508-500 - Administrator - Disabled)
Crystal Narine (S-1-5-21-736287554-3709403269-3079134508-1001 - Administrator - Enabled) => C:\Users\Crystal Narine
Guest (S-1-5-21-736287554-3709403269-3079134508-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-736287554-3709403269-3079134508-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.3501.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.3501.00 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0902.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{995841E6-A7D8-2742-606C-98E350507317}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
AppendRunner (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{862ff8a7}) (Version:  - AppendRunner) <==== ATTENTION
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Backuptrans iPhone SMS Transfer 2.10.04 (HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\Backuptrans iPhone SMS Transfer) (Version: 2.10.04 - Backuptrans)
BarSim 1.5.3 (HKLM-x32\...\BarSim_is1) (Version:  - )
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version:  - ) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.6.1.3 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.3 - Broadcom Corporation)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden
ChromecastApp (HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Connect (HKLM-x32\...\Connect) (Version: 1.4.12253.0 - Cisco Consumer Products LLC)
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\{2EC1270D-EBD9-335A-B0E4-45B5CB3E9AAC}) (Version: 66.77.16514 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Color LaserJet 2600 series (HKLM\...\HP Color LaserJet 2600 series) (Version:  - )
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Photosmart 5510 series Basic Device Software (HKLM\...\{424E8E17-A7B7-45B5-8C79-D58F04D9D920}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
HP Photosmart 5510 series Help (HKLM-x32\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 5510 series Product Improvement Study (HKLM\...\{1AE1848C-D592-4222-8048-AEE1694D2959}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 3.2.2 - Kobo Inc.)
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.)
LindtCentre (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{6135ae48}) (Version:  - LindtCentre) <==== ATTENTION
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7923 - Memeo Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.161.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9002 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden
PaperCut MF Client 13.2 (HKLM-x32\...\{DD6B302F-4C17-46EF-A017-1CF73FEF887F}) (Version: 1.0.0 - <no manufacturer>)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plex Media Server (HKLM-x32\...\{16eca963-68c5-4756-80f9-db9094a4d6f0}) (Version: 0.9.1104 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1104 - Plex, Inc.) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
RaespectSale (HKLM-x32\...\{3112BDB8-7DB9-279D-EC5F-30BC1ABC266C}) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6446 - Realtek Semiconductor Corp.)
Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
Secure Download Manager (HKLM-x32\...\{7682DFED-23C6-44C9-B9FD-109E0B630277}) (Version: 3.1.10 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
SoundCloud Latest Tracks for Google Chrome (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - ) <==== ATTENTION
Spanish translator for the web (HKLM-x32\...\{C2E3DB8B-C43B-9203-7BE7-D03BA334FD8A}) (Version:  - )
SSH Secure Shell Client (VMware ThinApp) (HKLM-x32\...\{3DD9D877-F512-46B2-A9D9-19F3CD4A1B4B}) (Version: 1.0 - Sheridan College)
StudioTax 2013 (HKLM-x32\...\{A02B37F4-26DA-454A-9997-B006D3587102}) (Version: 9.1.9.0 - BHOK IT Consulting)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
tuitalker 0.6.1 (HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\tuitalker) (Version: 0.6.1 - ARGELA-USA)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points =========================
 
10-06-2015 19:42:06 Windows Update
11-06-2015 07:47:07 Windows Update
22-06-2015 18:14:06 Windows Update
26-06-2015 20:34:25 Windows Update
02-07-2015 21:35:25 Windows Update
04-07-2015 16:16:50 Windows Defender Checkpoint
05-07-2015 18:59:24 Windows Defender Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {09DA07AE-AAFE-4BD7-9C9E-0A0D474C271A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-736287554-3709403269-3079134508-1001UA => C:\Users\Crystal Narine\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-30] (Google Inc.)
Task: {1789AA86-A70A-432F-9B90-E8B5D78F8211} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {1BA1BECB-700A-4D84-B6F9-3328B1671D1B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {20CA8696-5EA3-48BA-88A2-6E7213638A61} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {21B82B57-90E4-45DD-9F9A-FF7698BA7781} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {565B69C8-BEB5-4DE0-8513-148FB9ABEA93} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-04-26] (Apple Inc.)
Task: {598C3E40-3C66-4154-9412-E7417423E083} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-23] (Adobe Systems Incorporated)
Task: {6C6A650F-2B6F-422B-BEA8-8F14F2161F36} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {71771395-EBA4-47DD-8977-3159529A3B8E} - System32\Tasks\HPCustParticipation HP Photosmart 5510 series => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2011-09-16] (Hewlett-Packard Co.)
Task: {804BAF14-D723-4929-86B4-F4506B01A0BE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-736287554-3709403269-3079134508-1001UA => C:\Users\Crystal Narine\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-08] (Facebook Inc.)
Task: {852F1C06-EF2E-429D-B465-044B32B0F2FC} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {8D81D908-9C09-43B9-9F5B-92E7CADAEB7A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-10-12] (Microsoft Corporation)
Task: {93B3A7F3-274C-4B87-9781-378D1C1A3653} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-736287554-3709403269-3079134508-1001Core => C:\Users\Crystal Narine\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-30] (Google Inc.)
Task: {957947FD-73BB-4659-BD02-5F776EF07CCA} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-10-12] (Microsoft Corporation)
Task: {9EBDF0A2-24CD-454E-9843-AB14DAAC2B60} - System32\Tasks\Bidaily Synchronize Task[pr] => c:\programdata\{6601f041-7013-da3a-6601-1f041701c105}\backuptrans iphone whatsapp transfer.exe [2014-05-18] () <==== ATTENTION
Task: {A3377BC2-9F3D-43F0-B935-5050DD43F010} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {C8044A88-58F1-42D4-86EB-0B4B2FB95B12} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-736287554-3709403269-3079134508-1001Core => C:\Users\Crystal Narine\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-08] (Facebook Inc.)
Task: {D41BDE04-C152-491F-BBBC-33E8DA96A1A2} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2011-08-09] (Acer)
Task: {D4A467E4-54EB-4E2C-B385-54AD0DEB0483} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {F069302A-8E4A-4176-B970-A8AF4BBB5D36} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-10-12] (Microsoft)
Task: {F2699A24-C346-4014-9F37-085118E2E671} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Bidaily Synchronize Task[pr].job => c:\programdata\{6601f041-7013-da3a-6601-1f041701c105}\backuptrans iphone whatsapp transfer.exe <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-736287554-3709403269-3079134508-1001Core.job => C:\Users\Crystal Narine\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-736287554-3709403269-3079134508-1001UA.job => C:\Users\Crystal Narine\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-736287554-3709403269-3079134508-1001Core.job => C:\Users\Crystal Narine\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-736287554-3709403269-3079134508-1001UA.job => C:\Users\Crystal Narine\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-10-28 20:07 - 2011-02-17 19:13 - 00136704 _____ () C:\Windows\System32\zlhp2600.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-02 01:14 - 2013-05-02 01:14 - 00274432 _____ () C:\Program Files (x86)\PaperCut MF Client\pc-client.exe
2011-05-04 17:10 - 2011-05-04 17:10 - 00325344 _____ () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
2015-06-22 19:19 - 2015-06-22 19:19 - 01782784 _____ () c:\Program Files (x86)\SustainerPlus\SustainerPlus.dll
2011-08-24 22:03 - 2011-08-24 22:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-23 21:29 - 2011-04-23 21:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2015-05-18 18:28 - 2014-10-31 16:37 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-05-18 18:28 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2011-04-23 21:29 - 2011-04-23 21:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-23 21:29 - 2011-04-23 21:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2011-06-01 12:42 - 2011-06-01 12:42 - 00108296 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
2011-06-01 12:46 - 2011-06-01 12:46 - 00030984 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-05-04 17:10 - 2011-05-04 17:10 - 02896608 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll
2011-05-04 17:10 - 2011-05-04 17:10 - 00027360 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
2010-03-22 18:59 - 2010-03-22 18:59 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL
2015-07-05 19:06 - 2015-06-20 01:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-07-05 19:06 - 2015-06-20 01:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
2011-06-01 12:16 - 2011-06-01 12:16 - 00241664 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
2011-06-01 12:16 - 2011-06-01 12:16 - 00971776 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
2015-07-05 19:06 - 2015-06-20 01:46 - 15003976 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Crystal Narine\Desktop\DSC01654.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\10words.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\A Glass of Milk.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Abortion.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Best Pictures.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Breath Taking Photos.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\BreathTakingPhotos.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\card.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\cds.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\cell fones.AVI:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Chinese Proverb.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\ChoicesWeMake_1.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\circuit.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Copy of RBC consent electronic Jan 2009[1].doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Crystal Narine.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Find.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\fone numbers.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\goodkarma12.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Kodak_moment.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Mobile Phone Recharge.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Mushroom Salad.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Nageur_ét...pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\New Sony En.PPS:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Price of Gas.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\PSLE0U-PSLC0U-Win7UpgradeInstructions.pdf:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Put_the_Glass_Down__.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\SalaryReview.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\scheduleCN 2011.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\scheduleCN.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\thank you letter.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\The Poem.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\The Window.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\The Woman.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\TheParadoxofOurTimes.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\TheWoman.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Two Choices.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\WordsWomenUse1.pps:Roxio EMC Stream
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Crystal Narine\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 64.71.255.204 - 64.71.255.198
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{A29A3993-BC37-4D80-A1F9-037FF45FFBC6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{946D996E-D6A4-40FD-814D-8F38AFA94EF0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{2F987DE6-292A-434E-86AA-6AECB6407CF4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{C4808805-F715-48D5-981E-5B5278472510}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{8B282028-F617-44E1-B07A-408857B324E1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{8AEACA5C-D685-4CB0-9326-65E116F5C9E1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{5A89EEB9-C3F2-4522-B2F8-E49FBA478600}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{88D7B58B-3D1B-49C3-A61D-19B9CC64F86C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{DD599B40-A210-45B7-BD1D-FB1C0EC354C5}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [{BE506939-13ED-4443-9F44-17D030D25407}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
FirewallRules: [{4C65B8E7-AD03-46DD-AE63-E7E007D1B4DB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9F8E77B1-5488-44B0-907E-44BCAF3F9902}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8A677BA5-369D-46A9-845F-AD7D135B3166}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CA743986-2F62-4029-991D-BD674B33BDD2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B2F960BD-390A-4C41-A1EC-04F9E0D9F695}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{EF4D01CB-46E5-4BA6-8F24-12A8A0C0BFB1}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{8724C51A-5B38-4CF3-8619-0B764587B5D4}] => (Allow) LPort=26675
FirewallRules: [{AE3212FA-87E2-4840-AA26-B819C20DFCC5}] => (Allow) C:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe
FirewallRules: [{996F2CBB-2F1C-494A-8D51-DDB39C2A5BD3}] => (Allow) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{C22D69C5-2994-4307-BE2B-486BD3A1DCD2}] => (Allow) C:\Users\Crystal Narine\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{662DFD3A-C8A6-4E1E-9DB4-B98E7C6F6F1A}] => (Allow) C:\Users\Crystal Narine\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{CF90818F-B353-46E0-A27D-5FA0F1C81550}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C70BC66A-7226-47D0-A1F7-20DB69403002}] => (Allow) LPort=2869
FirewallRules: [{D4DFDDA9-5200-4755-A7C1-3748DBFB40D8}] => (Allow) LPort=1900
FirewallRules: [{B298C106-AB88-4E1A-A3E9-6B0B4048D5C3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{BAB93CD6-43DD-4B12-ABA2-87BD63834CAE}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{733EE99D-B218-40DD-BB18-D72ACBBE0A80}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{10C730D3-8E0A-4A63-891D-14920F5DEED0}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [{69705625-7506-4D98-8D42-E90426DA4DE1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{312CFC73-91E9-4076-AB8E-5A2D513A7F03}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/06/2015 07:45:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15320
 
Error: (07/06/2015 07:45:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15320
 
Error: (07/06/2015 07:45:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/06/2015 11:20:06 AM) (Source: Google Update) (EventID: 20) (User: CrystalNarine)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
Error: (07/05/2015 07:25:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8877
 
Error: (07/05/2015 07:25:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8877
 
Error: (07/05/2015 07:25:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/04/2015 05:14:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3931
 
Error: (07/04/2015 05:14:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3931
 
Error: (07/04/2015 05:14:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (07/08/2015 00:52:35 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {B8FB4AD7-EA4A-4B47-BFDC-BFC94160A8EA}
 
Error: (07/08/2015 00:50:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (07/08/2015 00:48:42 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.0.11192.168.137.0255.255.255.0
 
Error: (07/08/2015 00:48:42 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 
 
Error: (07/08/2015 00:47:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the afterguard service to connect.
 
Error: (07/06/2015 11:39:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (07/06/2015 11:37:51 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.0.10192.168.137.0255.255.255.0
 
Error: (07/06/2015 11:37:51 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 
 
Error: (07/06/2015 11:35:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the afterguard service to connect.
 
Error: (07/06/2015 07:36:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
 
Microsoft Office:
=========================
Error: (07/06/2015 07:45:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15320
 
Error: (07/06/2015 07:45:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15320
 
Error: (07/06/2015 07:45:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/06/2015 11:20:06 AM) (Source: Google Update) (EventID: 20) (User: CrystalNarine)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
Error: (07/05/2015 07:25:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8877
 
Error: (07/05/2015 07:25:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8877
 
Error: (07/05/2015 07:25:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/04/2015 05:14:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3931
 
Error: (07/04/2015 05:14:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3931
 
Error: (07/04/2015 05:14:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-06-20 23:07:28.206
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-06-20 23:07:27.977
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-21 00:56:39.359
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-21 00:56:39.172
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-20 02:36:55.203
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-20 02:36:55.000
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-19 22:03:55.396
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-19 22:03:55.225
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-3420M APU with Radeon™ HD Graphics
Percentage of memory in use: 71%
Total physical RAM: 5606.11 MB
Available physical RAM: 1606.64 MB
Total Virtual: 11210.43 MB
Available Virtual: 6945.52 MB
 
==================== Drives ================================
 
Drive c: (ACER) (Fixed) (Total:682.91 GB) (Free:440.58 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: A2165F0D)
Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=682.9 GB) - (Type=07 NTFS)
 
==================== End of log ============================

  • 0

#4
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi.

 

Ok let's make a start :)

 

Step 1

 

We need to uninstall some programs.

Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.

Select the following programs from the list below, one at a time and click Uninstall.
 

  • bestadblocker
  • SoundCloud Latest Tracks for Google Chrome

 

 

Step 2
 

FRST Fix

If FRST.exe/FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.
 

  • Download the attached Attached File  fixlist.txt   5.29KB   96 downloads and save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine, at this point in time. Running this on another machine may cause damage to your operating system.

 

 

Step 3
 

 jrt.pngJunkware Removal Tool
Please download Junkware Removal Tool to your desktop. << Important
Ensure that any security software is temporarily disabled for the duration of the scan. Don't forget to re-enable it afterwards.
 

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by right-clicking jrt.png and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

Items I need to see in your next post:
 

  • Did the uninstalls go ok?
  • FRST Fixlog
  • JRT Report

 

 


  • 0

#5
GTech

GTech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Note: When I tried uninstalling bestadblocker, it said it was already uninstalled, so it just removed it from the list.  

 

  • FRST Fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version:05-07-2015

Ran by Crystal Narine at 2015-07-08 19:54:48 Run:1
Running from C:\Users\Crystal Narine\Desktop
Loaded Profiles: Crystal Narine (Available Profiles: Crystal Narine)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
createrestorepoint:
emptytemp:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\MountPoints2: {0c8ea059-c550-11e3-a170-207c8f81d7e1} - E:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\MountPoints2: {6dfb850f-fd01-11e1-b56e-206a8a6fa9a7} - E:\PcOptions.exe
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\...\MountPoints2: {6dfb8511-fd01-11e1-b56e-206a8a6fa9a7} - E:\PcOptions.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-736287554-3709403269-3079134508-1001] => Internet Explorer proxy is enabled
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=CA&unqvl=86
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=CA&unqvl=86
SearchScopes: HKU\S-1-5-21-736287554-3709403269-3079134508-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=CA&unqvl=86
R2 6135ae48; c:\Program Files (x86)\SustainerPlus\SustainerPlus.dll [1782784 2015-06-22] () [File not signed]
c:\Program Files (x86)\SustainerPlus
S2 862ff8a7; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\afterguard\afterguard.dll",serv
c:\Program Files (x86)\afterguard
Task: {9EBDF0A2-24CD-454E-9843-AB14DAAC2B60} - System32\Tasks\Bidaily Synchronize Task[pr] => c:\programdata\{6601f041-7013-da3a-6601-1f041701c105}\backuptrans iphone whatsapp transfer.exe [2014-05-18] () <==== ATTENTION
c:\programdata\{6601f041-7013-da3a-6601-1f041701c105}
Task: C:\Windows\Tasks\Bidaily Synchronize Task[pr].job => c:\programdata\{6601f041-7013-da3a-6601-1f041701c105}\backuptrans iphone whatsapp transfer.exe <==== ATTENTION
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
C:\Program Files (x86)\Common Files\Wondershare
AlternateDataStreams: C:\Users\Crystal Narine\Desktop\DSC01654.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\10words.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\A Glass of Milk.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Abortion.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Best Pictures.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Breath Taking Photos.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\BreathTakingPhotos.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\card.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\cds.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\cell fones.AVI:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Chinese Proverb.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\ChoicesWeMake_1.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\circuit.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Copy of RBC consent electronic Jan 2009[1].doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Crystal Narine.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Find.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\fone numbers.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\goodkarma12.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Kodak_moment.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Mobile Phone Recharge.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Mushroom Salad.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Nageur_ét...pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\New Sony En.PPS:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Price of Gas.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\PSLE0U-PSLC0U-Win7UpgradeInstructions.pdf:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Put_the_Glass_Down__.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\SalaryReview.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\scheduleCN 2011.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\scheduleCN.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\thank you letter.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\The Poem.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\The Window.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\The Woman.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\TheParadoxofOurTimes.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\TheWoman.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Two Choices.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\WordsWomenUse1.pps:Roxio EMC Stream
end:
 
*****************
 
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKU\S-1-5-21-736287554-3709403269-3079134508-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c8ea059-c550-11e3-a170-207c8f81d7e1}" => key removed successfully
HKCR\CLSID\{0c8ea059-c550-11e3-a170-207c8f81d7e1} => key not found. 
"HKU\S-1-5-21-736287554-3709403269-3079134508-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6dfb850f-fd01-11e1-b56e-206a8a6fa9a7}" => key removed successfully
HKCR\CLSID\{6dfb850f-fd01-11e1-b56e-206a8a6fa9a7} => key not found. 
"HKU\S-1-5-21-736287554-3709403269-3079134508-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6dfb8511-fd01-11e1-b56e-206a8a6fa9a7}" => key removed successfully
HKCR\CLSID\{6dfb8511-fd01-11e1-b56e-206a8a6fa9a7} => key not found. 
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-736287554-3709403269-3079134508-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => key removed successfully
HKCR\Wow6432Node\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found. 
"HKU\S-1-5-21-736287554-3709403269-3079134508-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => key removed successfully
HKCR\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found. 
6135ae48 => Service removed successfully
c:\Program Files (x86)\SustainerPlus => moved successfully.
862ff8a7 => Service removed successfully
"c:\Program Files (x86)\afterguard" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9EBDF0A2-24CD-454E-9843-AB14DAAC2B60}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EBDF0A2-24CD-454E-9843-AB14DAAC2B60}" => key removed successfully
C:\Windows\System32\Tasks\Bidaily Synchronize Task[pr] => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[pr]" => key removed successfully
c:\programdata\{6601f041-7013-da3a-6601-1f041701c105} => moved successfully.
C:\Windows\Tasks\Bidaily Synchronize Task[pr].job => moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe => value removed successfully
 
"C:\Program Files (x86)\Common Files\Wondershare" folder move:
 
Could not move "C:\Program Files (x86)\Common Files\Wondershare" folder => Scheduled to move on reboot.
 
C:\Users\Crystal Narine\Desktop\DSC01654.JPG => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\10words.pps => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\A Glass of Milk.pps => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\Abortion.pps => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\Best Pictures.pps => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\Breath Taking Photos.pps => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\BreathTakingPhotos.pps => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\card.doc => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\cds.doc => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\cell fones.AVI => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\Chinese Proverb.pps => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\ChoicesWeMake_1.pps => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\circuit.pps => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\Copy of RBC consent electronic Jan 2009[1].doc => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\Crystal Narine.doc => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\Find.pps => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\fone numbers.doc => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\goodkarma12.pps => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\Kodak_moment.pps => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\Mobile Phone Recharge.pps => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\Mushroom Salad.doc => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\Nageur_ét...pps => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\New Sony En.PPS => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\Price of Gas.pps => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\PSLE0U-PSLC0U-Win7UpgradeInstructions.pdf => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\Put_the_Glass_Down__.pps => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\SalaryReview.pps => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\scheduleCN 2011.doc => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\scheduleCN.doc => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\thank you letter.doc => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\The Poem.pps => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\The Window.pps => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\The Woman.pps => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\TheParadoxofOurTimes.pps => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\TheWoman.pps => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\Two Choices.pps => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Crystal Narine\Documents\WordsWomenUse1.pps => ":Roxio EMC Stream" ADS removed successfully.
end: => Error: No automatic fix found for this entry.
EmptyTemp: => 3.3 GB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-08 20:11:04)<=
 
C:\Program Files (x86)\Common Files\Wondershare => Is moved successfully
 
==== End of Fixlog 20:11:04 ====
 
JRT.txt
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.3.7 (07.08.2015:2)
OS: Windows 7 Home Premium x64
Ran by Crystal Narine on 08/07/2015 at 20:17:59.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\Windows\system32\tasks\EgisUpdate
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\Crystal Narine\AppData\Roaming\appdataFr2.bin
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{01445275-A4A4-425B-8C64-F2D5A657BC09}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{02CDDAEA-86D2-4DD8-96A0-9E2F0DD6167C}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{06EBEF9E-0C77-4944-B214-CE4E2F8B4E5C}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{075127C0-178E-4CF8-A093-0E0EA89ADAE9}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{0762B436-8A57-43B3-8A18-0E7F216DDD84}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{08A7DDD3-2708-48DF-9081-31216449E267}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{08C7D7F1-3D48-440A-B8CE-97EDBED414D0}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{08D1866B-8C02-4196-9D56-FFB979367216}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{0C968EA3-9ACF-4CA0-AA95-F6FC72CB4576}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{0DB427F5-5450-410D-B946-AB1866B3C7A5}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{0DD06BBC-EEFE-4899-A748-D79803CE9893}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{0F3BE76E-DDA3-41E9-AC26-892757BF1B88}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{10D324A2-6582-44B7-9612-B45935AEF4CC}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{136E96A9-01D3-4F26-86C0-C41E11EC17C0}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{136F7E5C-7E65-42CD-8A15-1775F53A54DA}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{13BDB0F7-BAD7-40A4-92CC-084E54D90021}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{145BBCC9-8223-4A54-A9C6-6A2A14B96137}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{15A742E0-9C96-47F0-9666-8F0AB549CB5A}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{164A382B-18DC-4B87-8195-888CF0B0BE2A}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{16717ACB-2B2E-41CD-BEA4-32056FDC8700}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{174FF711-79E0-4156-881C-9523E8E07807}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{1849BE0B-756C-43C8-A2F9-6BBB6101572E}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{1919E94C-559F-4C36-8B3E-0DAE4375E026}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{1A8C7701-D5F3-41A0-BC9E-E6EA28522C58}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{1A9BED13-5F46-4F27-B671-97D181EFBFAA}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{1B26FBF4-EC97-4682-A8E7-2862BE55BBEC}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{1C378FFA-7418-4518-98DC-CA28B7EF2C74}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{1D7E4F68-C9D1-4EBE-A94B-A0CD791BB00C}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{1E909629-EDA2-4E6E-B278-6287B2CE3B6E}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{1F943644-68FD-4780-9BD8-410307E5B44E}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{2208C01C-CF11-4A73-860C-ACE2B0D5384E}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{22ECF1BF-287C-41CF-B33C-92D482DDE7AA}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{243E003F-2B20-4BBA-983E-70CB76FF90BA}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{24B31C02-70CD-4D3C-B50D-0509C879B152}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{24C694A9-83DE-4FC9-A795-A667FABABFF8}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{24D86F8C-A314-49EF-9F3F-9DA6C8CAF54A}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{265AA865-E8E7-4566-9FB8-88B0A8EADCBD}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{2C06C208-927B-43FB-8563-013322DFEED9}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{2DB8063E-7322-45F7-B454-47F92F373DF7}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{2EABE242-E764-4D00-9E4E-CB8BDEDBF7B2}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{2F393C47-A860-431D-818C-055041406E1D}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{2F849EFE-B419-40F5-A833-6A8B62BA9EE2}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{340042E7-6F1D-449E-A58C-97BD7944516C}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{357EAF2C-905E-4B74-9A28-14A50B711820}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{364FD530-400E-412B-BF9A-D7637F4A721B}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{36842313-696D-4B06-BC4A-2323F641DCE4}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{38013339-BB0C-42C5-BC84-9398005B1CA3}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{38073050-6B69-4F1D-B1A6-958AA8B5A792}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{3925D495-A0AB-4D5E-9F04-34A195978F4C}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{39270BCC-393C-42A7-A9EB-97B154B34616}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{3AA14AA6-BE27-486E-B292-9A817AEA0393}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{3B10DFC3-794B-4AD2-93D3-995A6D3C645A}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{3BC0A39A-2008-4F56-9A55-78516C58666C}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{3C0B4877-18B8-4801-ABDA-BD9B985B11F1}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{3E19B4C9-B74F-4D67-9486-7FBB93F6E370}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{407390A4-2ED9-4EC6-AF3C-E4B2A80FBD27}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{419E4D6D-20AA-4544-96F2-1A76BB5357CB}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{421DD920-E66F-43DF-9F52-219B5A6640EF}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{43ECDC61-3AE8-4848-92F1-B3FD38EDE8A4}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{4490037E-BC31-4A25-88EF-E691F86311E5}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{44CA11DB-F504-4860-A9B0-3010C12396F3}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{46025164-011F-47B7-96ED-A895424919B7}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{4B30D7E8-D28F-4C80-A31C-04969D4E62F5}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{4B5BB31D-B8D6-404A-B093-6100394724C1}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{4C7B57C7-CD75-4D00-8F95-0E34B9DB8448}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{4E28D471-8D23-48F6-ACB5-0595621509F1}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{4E90C0A0-1776-46B8-B398-A43EDFCDC268}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{4EA911C8-BD27-4234-8738-0806090EC13D}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{4F3906CB-637C-4319-BB7D-B9C38DDC273F}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{51B2E2C6-584C-45E5-924F-6E740E75B7FA}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{53DADDDA-A4EB-4509-A85E-DD54CADB50AB}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{542CB49E-26EB-4C9D-BAEF-70128D264D9B}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{5516C04A-ACE1-4968-B540-BB95C0AE97CA}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{554B49E8-B4E1-43CD-B66F-8E884A10FE4E}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{55BA2AAB-DA20-4C92-B59C-472E1ECB9EBE}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{56F9C760-0F56-4EB6-96CA-9ACAB4839F49}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{571C879E-F5E6-4D51-B9C6-E418C22907C4}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{58F08F34-EE67-4CD6-8F42-F0BBB6405CE5}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{5D057AC2-2F2D-40C0-8625-EC7464CEFE77}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{5DA104EE-43BC-4295-A8D2-F10527DE74EA}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{5EFEE6CF-514F-480E-9AA6-D2DC6192E38D}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{5FE35B76-7531-4A37-B42E-DA095AE90B17}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{61A60A06-7387-4C0A-8C82-331A60D853A2}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{61B21EB9-270E-4926-A115-60396B7E3D11}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{661076A1-BFFB-4D14-9799-D77069AABB71}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{6A1ED442-00F3-46DC-B90B-601A71A73EB1}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{6DCFB6BB-7F51-4BFD-AA4C-D51328E97A1C}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{6ED47D61-6BF3-41C3-9535-5CA2DE80758A}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{6EDC8E4C-04DE-418E-86CB-FBC5CB65498F}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{6F325D80-330F-4819-8C97-BA5512A83554}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{6FB3AD38-2012-4966-B905-54E43EF6E788}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{71454E12-2F3E-4E18-8F30-C8492BD70A29}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{71EBBD99-EFC8-4786-8B95-968BDF6BDB52}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{726801F1-DD50-4F58-8DC0-3DC757BFF403}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{74409C92-9D0E-48EB-A18D-D6BDC6F8A252}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{7521B1FB-DB88-40B9-AD41-8C25ED9308B7}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{776C7706-1C36-46D8-8AAB-6C205166BE3A}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{77BE003F-A8E2-46EB-88CC-1005BAC87F24}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{791E0FF1-7F62-466D-B54E-2F31E7EF2C00}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{7A546482-B0B1-4B80-8659-DC830D0F72AD}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{7ADFC6CB-F5CA-4EC0-A6F1-01B4A54AD293}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{7CE7F162-6BAF-49EA-97E5-DA15610F09B7}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{7D992E60-4596-48C9-A2C4-53FBF292115B}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{806BBA12-BC9D-4F2D-83B7-40300D6DDB0C}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{82CC925B-5CE0-42CA-9826-6997F871FF6E}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{82F4ABD2-5836-4110-9B9C-B98A462DF9D8}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{840712CE-6E22-4A40-B9F9-3C38C7649D39}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{864934A0-30D3-4E42-BE4C-9BEFD2B1E60F}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{86DEF7C9-4DE9-4551-BDA1-BED5186B258B}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{86E1692B-2B28-4B40-9BB3-CD4A87E458C9}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{8C6D3BA1-458D-4B09-8AA1-9A1371A8B9C0}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{8CC44B49-9D2B-4823-8976-DD178295E381}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{8D2A938E-6919-461F-8430-0FB939ECE65C}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{91A1FB56-0F72-4CDC-826F-94691FD25099}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{91EE032C-DF25-44D5-8468-9C4EF896A680}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{930FC695-30B3-4D87-AAF9-915AA87DDD03}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{939C0546-3DEC-4ACD-8AF7-EB286E3D0084}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{96BAA4A9-1D34-4F32-9470-FB3D2B5A0B1B}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{97780891-3372-4C4C-8A17-975EDABA0E68}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{9A3926BE-2497-4CBB-9068-44294EA4B264}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{9A6380E5-CFCA-46A6-8008-43526CCB8FCB}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{9BB43E2F-4D15-4006-A905-CFF706565208}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{9BD09453-4471-418B-A5D6-81CDB67FAAF9}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{9E6B7FBD-549C-4A58-B809-2845744573C6}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{9F41AF88-5910-41D0-B919-BBA7B454E6F9}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{9F52C44F-C5B7-47FB-B9C8-603C4FBFB380}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{A0CC75F8-AA9E-4D20-8E30-CCCBBED020DD}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{A10A7317-D4E2-49B6-8051-921065F3729B}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{A23972B8-4E20-40CB-B748-243C4E7E9D0C}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{A24A7187-4848-4105-AF3C-BAD0B1936666}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{A359A688-560F-4311-B668-9CDFF536000B}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{A74B970F-6ECD-4204-B0C0-B9468C81FC27}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{A97606C2-52EE-44C0-AC8A-4575ACE5F358}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{AD82A34D-74B1-46F0-BA41-CD91BE5CF6BA}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{AD995363-1415-4FC8-A0BF-0814E03F699C}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{B060ABD5-9424-4821-A773-78D58AF68A75}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{B0D1750F-491F-42F1-B5C9-4BA34F8A4B34}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{B0EA2406-3491-4C43-8A60-609EA1BCE818}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{B1A52FC8-4580-48CF-9B1C-EE6E311E5B2C}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{B1B07AA3-C086-49AC-87A7-B7F73A94777D}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{B2734A80-6985-4198-ADD1-9DD521DE56BF}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{B49104B3-ABB5-479C-AF13-D1F7706B8E98}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{B64CF3D6-81BC-4618-BF1B-7FFEDE54AA57}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{B869B469-2D05-4DA1-8D2E-AD8A3B87D898}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{B894E533-112F-41A1-96DD-23EC7F7CAC3E}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{BA651F6C-2B48-43DF-9DE7-85AB82D37A4B}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{BBE6DC86-3428-4C25-8948-2262C0AB5BA5}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{BC1087C5-0C99-429A-A1D9-864BB9D071F8}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{BCF0A7AB-74BC-4683-9ADA-772B47B2F5C1}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{BD9BD93C-C077-46C6-A691-FC76BA83C485}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{BF1E40FD-6EF2-416C-B107-1F3AB2514E3B}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{BF4ED896-E152-4EBB-A03E-E7270038F5FC}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{BFEE82CF-FCB4-4F52-B6B9-88837A7ECD22}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{C2170C7D-CEAD-4A5F-A8FE-9E2BB53D0DE0}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{C265D7ED-986D-4C99-86F2-37ACEEB5FEA0}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{C454CA1D-670B-4948-84FE-8DE0D2A45A45}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{C7535B76-EF90-4571-8B0C-71CA61673CC0}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{CB6BB88A-CD71-4345-AFFF-81BA62AC2E62}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{CC918232-2941-4284-9084-360D4C7AA5DC}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{CD8E5163-787F-4895-A231-8EE0E62EC1C7}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{CF0E51E1-D98A-4D13-8E5D-54A06CE4ABDB}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{CF313859-8805-40A1-8042-B7BC08E9B6B8}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{D1353335-AB24-4527-A3C4-90F6EC305F55}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{D27C999E-46A3-4E65-9537-1B193A08F91D}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{D2D6516B-E193-4691-A838-C8AF5990A6E6}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{D35FCF1A-43F6-4CCB-8648-75FECB1378E5}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{D65B4FFF-C7C6-4948-B2A4-0E4DBB7734BB}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{D73074CF-494D-4F2E-B5CA-A0170019125C}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{D7E6251A-84A9-458D-B6B0-E073C8918827}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{D8C7635C-1435-44B9-AD65-7B3C7EC2874F}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{DA86926E-018B-43CA-B614-C04B2C9BB75F}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{DB0A7C1B-EFBE-469B-8E5A-F9E429DC2458}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{DD487942-878C-4628-B7DF-212F3C3A058A}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{DD6FDA1C-05E2-4502-B705-7BC28627C61F}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{DEC9E8D0-D813-4779-B94C-B745C2A48BBE}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{DFF5843E-E0F5-46A0-B847-946CF8BC6055}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{E00AC121-B67E-4A4E-B0C6-1E527E8BCA6F}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{E121D747-72B2-4699-A495-F3FFD47CCC8C}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{E242AC48-AE9A-45CB-B0D4-4719CA1BE66E}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{E2C28224-DB1F-4D7B-8DAB-9B926B7185F0}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{E476C747-7C89-40C4-8CBF-E3812346C9B1}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{E4C3D7DB-0EF7-4AA7-9E39-F79CDE33E65F}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{E4D2CE5F-1C1D-4A42-8BD9-254B93756E39}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{E7CBAB31-5962-4FD2-8ECC-A26B496327CC}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{E889DE94-507C-422D-9B2F-C6B03C4F4E32}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{E9F24D96-B8D0-4003-B6A3-27DDA987CB4E}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{EBAFE1A3-61E6-4B6A-95B1-51514657CFC6}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{EC78A436-9AD9-43B8-ABCB-DC302B62067E}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{F0A599AF-9595-4D6B-BE1B-8C3A04B37D66}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{F0F411BD-2CF7-44CF-A0F5-65CAA65FB131}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{F19C8040-6D2E-4D52-9196-681C75BEB6C4}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{F2426A62-874E-4F06-BED8-8B89809C33B0}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{F253EFB4-505E-4D50-8F01-CECF2120B531}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{F5518D49-BDA3-40D1-9802-3A3B6B847438}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{F5BAF2BD-2E14-4470-976B-3AB9728BC971}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{F5E98E42-0440-44ED-BC0B-F8D971CEC300}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{F716F9B2-B1B6-44ED-8A77-8E45046F0BB0}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{F838CB36-A197-4298-95A8-EA78AD63C5D8}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{F861D3BD-41BA-4112-95FB-FD1517C8E928}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{FB69F62C-DD42-49BF-8C14-53629D8CEF45}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{FEBE0481-F9B4-481F-A7DC-66947FC21865}
Successfully deleted: [Empty Folder] C:\Users\Crystal Narine\appdata\local\{FEE26AB2-1638-46EF-A83A-17A5DE4E24BD}
Successfully deleted: [Folder] C:\Program Files (x86)\RaespectSale
Successfully deleted: [Folder] C:\ProgramData\babylon
Successfully deleted: [Folder] C:\ProgramData\tarma installer
Successfully deleted: [Folder] C:\Users\Crystal Narine\AppData\Roaming\babylon
Successfully deleted: [Folder] C:\ProgramData\6419412408067237368
 
 
 
~~~ Chrome
 
 
[C:\Users\Crystal Narine\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Crystal Narine\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Crystal Narine\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Crystal Narine\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  ogminpmldncgcmokldnmmapddoccmhfl
]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/07/2015 at 20:26:00.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#6
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Great :)

 

Let's take a look with adwcleaner.

 

adwcleaner.png AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the adwcleaner.png AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


  • 0

#7
GTech

GTech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

# AdwCleaner v4.208 - Logfile created 13/07/2015 at 19:39:08
# Updated 09/07/2015 by Xplode
# Database : 2015-07-11.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Crystal Narine - CRYSTALNARINE
# Running from : C:\Users\Crystal Narine\Downloads\AdwCleaner (1).exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\PerIceMinus
Folder Found : C:\ProgramData\{85bbeade-1781-c9ee-85bb-beade178ab78}

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKCU\Software\BABSOLUTION
Key Found : [x64] HKCU\Software\BABSOLUTION
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\SOFTWARE\5b55d6dcb135e845
Key Found : HKLM\SOFTWARE\886b1649-80f9-f344-9bcc-fb2ee0290f9f
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4DDEC9FF-96A3-4B1B-ADCA-0B31EC700151}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{917A80E3-C425-4F5F-B8D3-4804A0CCA924}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{6135ae48}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{862ff8a7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3112BDB8-7DB9-279D-EC5F-30BC1ABC266C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Google Chrome v43.0.2357.130

[C:\Users\Crystal Narine\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&affID=121240&tt=gc_&babsrc=SP_ss&mntrId=0C85207C8F81D7E1
[C:\Users\Crystal Narine\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Crystal Narine\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Crystal Narine\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://websearch.goodforsearch.info/?l=1&q={searchTerms}&pid=22394&r=2015/05/18&hid=17415996016154432536&lg=EN&cc=CA&unqvl=86
[C:\Users\Crystal Narine\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Homepage] : hxxp://www.google.com/","homepage_is_newtabpage":true,"pinned_tabs":[],"prefs":{"preference_reset_time":"13080875169999452"},"protection":{"macs":{"browser":{"show_home_button":"FFFF24A0C0EFAE453435CAE5315049F87BFB2E1CEF8AC41B1CB7885ABC15A9E1"},"default_search_provider":{"keyword":"F0B630D863A66D1E1C7C4401DE5BBED78E9C81447D2EB99825B5E94F08671AEF","name":"C47AC288E41D64D1DB95C91C9F584B1BF16E532E6E23FA7863AC2B119A9EBA91","search_url":"05E08570E73F9D225298F44B34AEE776F804E9FFFA4B4F8DAB2853AE937340E8"},"default_search_provider_data":{"template_url_data":"971354F88BAE0FBF7326877B25D2DCF7D8BB66176393D5820B60DB1A70CB6CDD"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"2FA44195F1E60E87D34916ED519A9B796D3AAD166D168937758BFCE7D8A22E39","bepbmhgboaologfdajaanbcjmnhjmhfn":"85D24E251D9FD7264340E7DEDBC45FD15C06096E79BA72794A2779549B511092","blpcfgokakmgnkcojhhkbfbldkacnbeo":"3C1C2CA78EE8AFFAA61408A170C0521176538B9C5FB58AD999C31AD80DF3BBCB","boadgeojelhgndaghljhdicfkmllpafd":"8AD90954F8A7766F6C5B35D539A21F834772D3B224100BFB2D098D593370B3F4","coobgpohoikkiipiblmjeljniedjpjpf":"1AC39C02D8FC0B1104DF530E472FCC66DAB6F7DD51D802E24EB80A8E895DB703","dimhoefpchdfdaffnkjfngineoanlhlh":"469BAEA37DD0FCCBC086685D7765AE756CD22C19DFAFBCFD035172F47B1FB3EC","dnhpdliibojhegemfjheidglijccjfmc":"41F628387EB8A58E76359A251849BDFFEB40F6EBCF3691584AB2C61EA461E51F","ebbgfojdcpaopbkdefjklfcindmmbfig":"3E398E144587311A7E6CF7D4EFCDD5DFE6DBB2F695575A386F56B4D7F7863543","eemcgdkfndhakfknompkggombfjjjeno":"515C0B1C90D518413CAFED529D35A5B91F6E65DFE85B28D313D2E73F00435C34","ehloibeiaffhibffchiobihgcainmcep":"1942408706713CCFE3391BD19B21943E1C5111300564B7611E8D36128DDDD0F5","ennkphjdgehloodpbhlhldgbnhmacadg":"EC61B7D321FD7EB78917FC1C48F33A826830B14D5CD96BB4778A6AD2DC43CD24","fpkonlbialedjgeegikdallckpnliboc":"BB67D1DFF0762F2A037F95CF57D823C058AC63058BE2B824B1A893584DF02616","gfdkimpbcpahaombhbimeihdjnejgicl":"F39BF635C131E5FC268B1AD0B2F40C1AEE17EC113CD87BDACF76B4C362325247","hejdjfkjocmfhfkmgopockjpnomenhpd":"B7087F66C1CBE693DB0C2EB8662DD73544B659F9E36B12F30873AB81C515A1ED","kmendfapggjehodndflmmgagdbamhnfd":"169F4DC589E08F20AA87139B842A30BD1A5F2678F2EC6A8F3A445B9F4A4D4594","lccekmodgklaepjeofjdjpbminllajkg":"C9252136361AB15F95B9624A90FEEF9D1B7C3896C80155429E1DC7306F2548FD","lifbcibllhkdhoafpjfnlhfpfgnpldfl":"946661CD116CB127D8F7270622F6E95FD124EB0AE8C093A2098A0F3F0EF29D30","lojpenhmoajbiciapkjkiekmobleogjc":"6487E357A5F10921B607FDBC140CCE807FAD2C62E3D1C816CBEB153E3C2EA9D9","mfehgcgbbipciphmccgaenjidiccnmng":"E2A0998707A837BE8B168A1F3729FB3F7A75448BA90B8061F8249822312AEFCB","mfffpogegjflfpflabcdkioaeobkgjik":"DEBB7BE8D1AAB62F3B6FB1EF1FA8404718A91ABB33692A1ACDF7DBAF89D3CE2A","mgndgikekgjfcpckkfioiadnlibdjbkf":"188D316CAC217B4888F567A9607C06EDB9B1B86CA760F0C7EF360D1826AF24D9","mhjfbmdgcfjbbpaeojofohoefgiehjai":"BEA50EE83BDEC518CAD65D0A31F6965A3316C5786C731BB2BC384AEAFBE0134C","nbpagnldghgfoolbancepceaanlmhfmd":"F6A503D72B5BE99B38E19140C5391445AD43F08E40DDE497F0AB19466DADC054","neajdppkdcdipfabeoofebfddakdcjhd":"49A429C8C5E695781E515554572F2B13FE25524D0A8B6D24EE3C8F48F98C4742","nkeimhogjdpnpccoofpliimaahmaaome":"13099D764AD45EDA3836DC5CF887FE12EA403446096BC58CFE507018C542F7A7","nmmhkkegccagdldgiimedpiccmgmieda":"423A0008A38C13F6FF09A02B312ED172790F001FB3EB62AD8EC45EFD1AF63E33","ogminpmldncgcmokldnmmapddoccmhfl":"EEA71D97430F29AD5C9727B69234DB1B9794EC197FEC45FFE060F9012230B60C","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"D383AFF5977810F0DF65B70DB5E9D33AD0FDD53EA98323258F0768966282BDB9","pfhldcakmgpmglboaclpfdedehjblalp":"A45BC7CD09F8699BB6401F9AA1D23A8EFFD8AEDF8B83E131A0EC65C384CBBA65","pjkljhegncpnkpknbcohdijeoejaedia":"B8DAEE0AAE2157789281264DCC63355ABECB99ED8A0C626018DC8D6D3208D72E"}},"google":{"services":{"last_username":"01D060C0DBE5D0D56D3BFE57A275C922A9844E4EC1EDD554D4EAFA63583DE11B","username":"CCFBDCF45D764877AE83623220C12DCED3D67126D7171A30DB699363A32FA486"}},"homepage":"75BD2AAB0526AF47E17120FFBB845B599DB8A1CEBF18C8313F6C61AB710A6BFE","homepage_is_newtabpage":"6E915DD577825A0C478676066FEAFDD3CEE1870D376B23DDC91DF7E4EED03232","pinned_tabs":"560A6372E6A7AFD9E8B603CA3E8B7219862C93402B943AA574E2EEB388482F53","prefs":{"preference_reset_time":"8168A563AA79C319388A71EFC89588D134FAB5F6B0754287A7CB09856E27E316"},"profile":{"reset_prompt_memento":"331064235310467AB337B8D8CD75EA9EC0D0A032230DA17B393D115A9F242F12"},"safebrowsing":{"incidents_sent":"97EB1F8110E1B6B356A9E2725195AAA0015B555BBBA833FE7A28F6413C046379"},"search_provider_overrides":"32842064213CF2F033006B84729C10F3024B55B2E262715E8A8378E74D42FB36","session":{"restore_on_startup":"6CFA16688BEA487684DF11935591E2806F54EBDF8E7B621A4D83130F2AC1D5A2","startup_urls":"9A41615792B2789F6E61601AF2DF91C3E9627BB795C495E2D8B40A4BABDF414F"},"software_reporter":{"prompt_reason":"3AAACCCBC3D77363D9D7DDA31C0B1A4F0D69B22378136C17C64DB6762FF0F8BC","prompt_seed":"EF4DBBC8A23BE8CC88C3CD2E95BA93A70633AF370771EA735B71840CEE2A4252","prompt_version":"2FC609E7EFA851D7A4363CB85E87B1419D797BB192C4C29718FBBA78D400D40A"},"sync":{"remaining_rollback_tries":"95325EE26D769FFB7E51266CAE68AFC2CC39CC2250FC3238033A8F2A6ECFFC05"}},"super_mac":"93FD37C89C3E7E81C173C5B75A79868F8DC2E6607EAF2F809016E94ED17BE2B5"},"session":{"restore_on_startup":5,"startup_urls":["hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=093013","hxxp://www.delta-search.com/?affID=121240&tt=gc_&babsrc=HP_ss&mntrId=0C85207C8F81D7E1
[C:\Users\Crystal Narine\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Startup_URLs] : 9A41615792B2789F6E61601AF2DF91C3E9627BB795C495E2D8B40A4BABDF414F"},"software_reporter":{"prompt_reason":"3AAACCCBC3D77363D9D7DDA31C0B1A4F0D69B22378136C17C64DB6762FF0F8BC","prompt_seed":"EF4DBBC8A23BE8CC88C3CD2E95BA93A70633AF370771EA735B71840CEE2A4252","prompt_version":"2FC609E7EFA851D7A4363CB85E87B1419D797BB192C4C29718FBBA78D400D40A"},"sync":{"remaining_rollback_tries":"95325EE26D769FFB7E51266CAE68AFC2CC39CC2250FC3238033A8F2A6ECFFC05"}},"super_mac":"93FD37C89C3E7E81C173C5B75A79868F8DC2E6607EAF2F809016E94ED17BE2B5"},"session":{"restore_on_startup":5,"startup_urls":["hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=093013","hxxp://www.delta-search.com/?affID=121240&tt=gc_&babsrc=HP_ss&mntrId=0C85207C8F81D7E1

*************************

AdwCleaner[R0].txt - [10272 bytes] - [13/07/2015 19:39:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10332 bytes] ##########


  • 0

#8
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Great thanks :)

 

Let's remove those nasties it found.

 

First...
 

adwcleaner.png Re-run AdwCleaner

Close all open windows and browsers.

  • Right click the adwcleaner.png AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

 

Next...

 

Next...
Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here (or re-run it if you already have it installed)

Install the program and select update
Once it has updated select Settings > Detection and Protection >Tick Scan for rootkits
mbam21-detectionandprotection.jpg
Go back to the Dashboard and select Scan Now
mbam21-console.jpg
mbam21-scaninprogress.jpg
If threats are detected, click the Remove Selected button, MBAM will ask for a reboot
mbam21-removeselected.jpg
On completion of the scan (or after the reboot) select Save Results
mbam21-saveresults.jpg
Select text file and save to the desktop.
mbam21-successfullyexported.jpg
Please post that log for my review.


Then...

Please run a free online scan with the ESET Online Scanner

<< Please disable any existing anti virus product before performing the following. >>

  • Click Run Eset Online Scanner


Runscan.png


Note: You will need to use Internet Explorer or Firefox (You will be prompted to install a helper program if you use firefox)for this scan.
Important: Please disable your existing AV software for the duration of the scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Enable detection of potentially unwanted applications is checked
  • Next click on Advanced Settings and select:

eset-selections.png

  • Make sure that the option Remove found threats is NOT checked
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology


eset-selections.png

  • Click Start, the virus database will update, this may take a while depending on your internet connection.
  • Once updated, the online scan will begin. (This scan can take several hours, so please be patient)
  • Once the scan is completed, click Finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic


Items I need to see in your next post:

  • ADWcleaner clean report
  • MalwareBytes Log
  • ESET Log
  • How are things looking now?


  • 0

#9
GTech

GTech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

ADWcleaner clean report

 

# AdwCleaner v4.208 - Logfile created 15/07/2015 at 22:07:45
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Crystal Narine - CRYSTALNARINE
# Running from : C:\Users\Crystal Narine\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\{85bbeade-1781-c9ee-85bb-beade178ab78}
Folder Deleted : C:\Program Files (x86)\PerIceMinus

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\5b55d6dcb135e845
Key Deleted : HKLM\SOFTWARE\886b1649-80f9-f344-9bcc-fb2ee0290f9f
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{6135ae48}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{862ff8a7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4DDEC9FF-96A3-4B1B-ADCA-0B31EC700151}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{917A80E3-C425-4F5F-B8D3-4804A0CCA924}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3112BDB8-7DB9-279D-EC5F-30BC1ABC266C}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Google Chrome v43.0.2357.130

[C:\Users\Crystal Narine\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&affID=121240&tt=gc_&babsrc=SP_ss&mntrId=0C85207C8F81D7E1
[C:\Users\Crystal Narine\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Crystal Narine\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Crystal Narine\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.goodforsearch.info/?l=1&q={searchTerms}&pid=22394&r=2015/05/18&hid=17415996016154432536&lg=EN&cc=CA&unqvl=86
[C:\Users\Crystal Narine\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] :
[C:\Users\Crystal Narine\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : 9A41615792B2789F6E61601AF2DF91C3E9627BB795C495E2D8B40A4BABDF414F"},"software_reporter":{"prompt_reason":"3AAACCCBC3D77363D9D7DDA31C0B1A4F0D69B22378136C17C64DB6762FF0F8BC","prompt_seed":"EF4DBBC8A23BE8CC88C3CD2E95BA93A70633AF370771EA735B71840CEE2A4252","prompt_version":"2FC609E7EFA851D7A4363CB85E87B1419D797BB192C4C29718FBBA78D400D40A"},"sync":{"remaining_rollback_tries":"95325EE26D769FFB7E51266CAE68AFC2CC39CC2250FC3238033A8F2A6ECFFC05"}},"super_mac":"93FD37C89C3E7E81C173C5B75A79868F8DC2E6607EAF2F809016E94ED17BE2B5"},"session":{"restore_on_startup":5,"startup_urls":["hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=093013","hxxp://www.delta-search.com/?affID=121240&tt=gc_&babsrc=HP_ss&mntrId=0C85207C8F81D7E1

*************************

AdwCleaner[R0].txt - [10432 bytes] - [13/07/2015 19:39:08]
AdwCleaner[R1].txt - [10488 bytes] - [15/07/2015 22:02:25]
AdwCleaner[S0].txt - [4971 bytes] - [15/07/2015 22:07:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5030  bytes] ##########

 

MalwareBytes Log (NOTE: After the scan, the computer rebooted and I didn't have the chance to save the results and get the log. So after the reboot I had to go to the archives and export the scan report. Hopefully this is the right one. If not, let me know)

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 16/07/2015
Scan Time: 1:30 AM
Logfile: scan log.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.15.07
Rootkit Database: v2015.07.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Crystal Narine

Scan Type: Threat Scan
Result: Cancelled
Objects Scanned: 0
(No malicious items detected)
Time Elapsed: 0 min, 52 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

ESET Log

 

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# EOSSerial=9a7165464fbb6042b7bf811582538ae0
# end=init
# utc_time=2015-07-16 05:38:31
# local_time=2015-07-16 01:38:31 (-0500, Eastern Daylight Time)
# country="Canada"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24824
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# EOSSerial=9a7165464fbb6042b7bf811582538ae0
# end=updated
# utc_time=2015-07-16 05:42:56
# local_time=2015-07-16 01:42:56 (-0500, Eastern Daylight Time)
# country="Canada"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=9a7165464fbb6042b7bf811582538ae0
# engine=24824
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-16 08:48:46
# local_time=2015-07-16 04:48:46 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 188579976 0 0
# scanned=197625
# found=3
# cleaned=0
# scan_time=11149
sh=AA0E845D8E982470A084C704CEB86BD105BC273B ft=1 fh=c71c0011f9bce422 vn="a variant of Win32/Adware.MultiPlug.JY application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PerIceMinus\PerIceMinus.exe.vir"
sh=F56585308EA38AE4FEA37B859E35162B28D4A919 ft=1 fh=c71c00115be22354 vn="a variant of Win32/Adware.MultiPlug.IX application" ac=I fn="C:\FRST\Quarantine\c\Program Files (x86)\SustainerPlus\SustainerPlus.dll"
sh=9EF723854C792F3DC3433E23C1FF5C42DB2DA0CC ft=1 fh=c71c0011102fbbd4 vn="a variant of Win32/Adware.MultiPlug.KP application" ac=I fn="C:\FRST\Quarantine\c\programdata\{6601f041-7013-da3a-6601-1f041701c105}\backuptrans iphone whatsapp transfer.exe"
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# EOSSerial=9a7165464fbb6042b7bf811582538ae0
# end=init
# utc_time=2015-07-16 08:56:10
# local_time=2015-07-16 04:56:10 (-0500, Eastern Daylight Time)
# country="Canada"
# osver=6.1.7601 NT Service Pack 1
 

 

 

 

My computer is running fine right now. The ads are gone and that was the biggest issue. It doesn't seem to be that slow either.


  • 0

#10
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi, really sorry. I didn't see your reply - for some reason I must have missed the notification.

 

That's great to hear - let's clean up :)

 

 

Good news, it looks like your system is now clean. A good workman cleans up after himself so let's now attend to that :D

Tool Removal

We need to remove the tools we've used during cleaning your machine

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Activate UAC
    • Create registry backup
    • Purge system restore
    • Reset System Settings

    delfix-select.png
  • Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

We need to uninstall a program
Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.
Select the following programs from the list below, one at a time and click Uninstall.
  • ESET Online Scanner

Delete the following Files and Folders (If Present):
C:\Program Files (x86)\ESET
Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.



Keep your machine updated

Due to the ever-present tide of malware, it is important to ensure your computer is kept up-to-date to minimize the risk of future infection. An important step is to ensure that automatic updates are enabled.


To enable automatic updates:

Windows 7
To turn on Automatic Updates yourself, follow these steps:
  • Click Start, type Windows update in the search box, and then click Windows Update in the Programs list.
  • In the left pane, click Change settings.
  • Select the option that you want.
  • Under Recommended updates, select the Give me recommended updates the same way I receive important updates or Include recommended updates when downloading, installing, or notifying me about updates check box, and then click OK.



It is recommended to install an anti-malware to help prevent reinfection.
Below are some free ones that can help keep you clean.

Malwarebytes AntiMalware

As you have installed Malwarebytes, I recommend that you keep this program and use it to help you stay clean.

The free version will scan your computer and fix the problems it finds but will not provide real-time protection. You must scan regularly to find any threats.
Consider purchasing the full version for active monitoring of threats.

JAVA Advice
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:
  • For Firefox, install the NoScript add-on.
  • For Chrome, install the ScriptSafe add-on.
    -->IMPORTANT<--: After installing the add-ons you will need to tell them that the site you are visiting is allowed to run Javascript. If you don't, the sites won't work properly. Or not at all. You can go to the NoScript home page here to learn how to use the add-on.
  • Disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser or How to unplug Java from the browser)

If you still want to update your Java, follow the instructions below:

A.
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:
  • Download the latest version of the Java Runtime Environment (JRE) Version from Here and save it to your desktop.
  • Look for "Java Platform, Standard Edition". You will see the current Java version and update number under listed under the heading. Example: The newest update is Java SE 8u25
  • Click the "Download button under "JRE".
  • On the Java SE Runtime Environment page, click the button to "Accept License Agreement".
  • Under the Java SE Runtime Environment 8u25 heading:
    To install the version for your system:
    • For Windows 64bit systems, look for Windows x64 - 88.37MB, click the jre-8u25-windows-64.exe file and save it to your desktop. Do Not run it from the Java site.

  • Close any programs you may have running - especially your web browser.

B.
Uninstall all versions of Java
  • Click Start > Control Panel > Add/Remove Programs. The list of installed programs will populate.
  • Click the Start Orb, then Control Panel. Under the Programs or Programs and Features section click Uninstall a program. The list of installed programs will populate.
  • Remove all older versions of Java. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE or J2SE
    The versions I see on the computer are:
    • Java 7 Update
    • Java 8 (64-bit)
    • Java SE Development Kit 8

  • Right click each program and click Uninstall and follow the on screen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.

C.
Install the latest JAVA

Back on your desktop:
  • Right click the  jre-8u25-windows-x64.exe file, click Run as Administrator and OK the UAC prompt to install the newest version.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

[Note:] The Java Quick Starter (JQS.exe) adds a service to improve the initial start up time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > You will have to be in Classic View to see Java(It looks like a coffee cup). Double-click on Java click the Advanced Tab click Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.


Update Adobe Flash Player

NOTE: Depending on your settings, you may have to temporarily disable your antivirus software and firewall.
  • Please click here to go to the FlashPlayer Installation page.
  • In the first column, Adobe Flash Player, make sure the system version (64bit) and the browser are correct.
    • Note: If you use IE and other browsers you will need to install both Flash Player for IE and Flash Player for Other Browsers.

  • In the middle column, Optional offer:, UNCHECK the box next to Yes, install free McAfee Security Scan Plus
  • Click the Install now button. A download window for the install_flashplayer15x64_mssd_aaa_aih.exe file will open. Save it to the desktop.
  • Close the browser and all open windows.
  • Back on the desktop, right click the install_flashplayer15x64_mssd_aaa_aih.exe file and click Run as Administrator to install Flash Player.


Cryptolocker Warning
Go here for information about CryptoLocker Ransomeware.
The main thing with this infection is ~ Backup.
If you're using an external hard drive, keep it unplugged from the computer when you're not backing up files or using it. This will prevent the infection from getting to your backed up files if you ever do come across it.

Recommended Programs
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.
Cryptoprevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system.
Web Of Trust is a browser add-on designed to alert the user before interacting with a potentially malicious website. It will highlight green if a site is known to be safe.

Adblock is a firefox browser add-on that blocks annoying banners, pop-ups and video ads.

General Advice
  • When browsing the internet, look closely at the links you click on. Some aren't always what they seem
  • Avoid Peer to Peer file sharing utilities, these are a minefield of malware infections.
  • Don't open email attachments unless you are expecting them. Even an email from your best friend can be infected, they might not have sent it.
  • Pay attention when installing a program to your computer, particularly to any check boxes that may appear during installation, it is common for unwanted software to be installed in this way.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP