Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Utorrent Mouse Click Sounds

utorrent malware

  • Please log in to reply

#1
daba

daba

    Member

  • Member
  • PipPipPip
  • 142 posts

Greetings Geeks,

 

Whenever I open utorrent, whether I watch a torrent or not, I hear mouse-click sounds intermittently. I'm worried that someone has hacked my computer or something. Plus, it's darned annoying. Any ideas? Thank you very much in advance for any help or feedback.

 

Daba


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #3
    daba

    daba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 142 posts

    RKinner hello,

     

    Thanks for your help. I was unable to complete the instructions because when ADWCleaner started up again, rather than opening a logfile, it bizarrely opened VLC media player - no file. The other files are below:

     

    a~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.6 (04.25.2016)
    Operating System: Windows 7 Ultimate x86
    Ran by David (Administrator) on Wed 06/01/2016 at 11:44:35.86
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 308

    Failed to delete: C:\Program Files\sogouinput (Folder)
    Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
    Successfully deleted: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\extensions\{bbfec13e-8cb4-53f4-c852-999eb2a852cb}.xpi (File)
    Successfully deleted: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\searchplugins\startpage-hxxps.xml (File)
    Successfully deleted: C:\Windows\System32\Tasks\AliUpdater{BFB49972-2B22-4EB5-B8AB-3B3C56457457} (Task)
    Successfully deleted: C:\Windows\System32\Tasks\AliUpdater{DA0F475E-D2CE-41E0-A230-18FBEED57AC3} (Task)
    Successfully deleted: C:\Windows\Tasks\AliUpdater{BFB49972-2B22-4EB5-B8AB-3B3C56457457}.job (Task)
    Successfully deleted: C:\Windows\Tasks\AliUpdater{DA0F475E-D2CE-41E0-A230-18FBEED57AC3}.job (Task)
    Successfully deleted: C:\Windows\wininit.ini (File)
    Successfully deleted: C:\Program Files\alipay (Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\048WRIHH (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\07XAPSXH (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08X5DCP8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09EIZO6B (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UPOKL50 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\113WBBLM (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\123ZX0K9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16CH8HN3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\17Y04JX7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GOQFRO8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21D836R5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\23F0V9R5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\29YKJ8VD (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EV66DSP (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2GZV9J6M (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2S1XJNBB (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UBQ8ACP (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Z7XUKU6 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\36OGWMZE (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3D33FB59 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3KOUWF2K (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3N9WWSZD (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48M1IP0K (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\49JZWCV1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4D6WK9T2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SRS2UVI (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5FKWPZAW (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5I6UMU1M (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6KIG8M8E (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5QEX88 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77834XYL (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78S250VJ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7HYF9SSB (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7J3CVCP9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7K707OFC (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7RCLEHKV (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\80L6WE1W (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\83VLU425 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\87E0274E (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8GSP18SV (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8O4A2V6T (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8S80ZX2R (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8UPWQWQR (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\97J2I29B (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9H3P1U9W (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9KCW713M (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9LFA4RU1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MDM24J8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AX1I5WVO (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2X48GQ9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7Q4762X (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BA4MHSS8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHFFG90X (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BJVX28ON (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLS1CD0Y (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNOG0HKC (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQI84KGM (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRB169U4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTOSFAXR (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BY5FFL74 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4S8XQEM (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CRXO4AB1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CSFTWD0Y (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZVHEZNZ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1N2SG1F (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E4BM29MM (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E688HFRQ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EM819CHH (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ESW7E03N (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EVQ3V1GW (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXFH4J30 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYOH94RH (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7H2MZMQ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F9RL9TH8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G3NKLKG9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G8M0K1SK (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GI50WZJ7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJGISJ0K (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GOD0SQ5N (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H2T5RSO8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HBV4F279 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEO571N6 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HN7AQEG4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IGHBA171 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEDVQ0S2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEOFJLRY (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIKXBTDG (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9NX8G94 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KMFCW2Z0 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KQOT0YRV (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LCGNF8AL (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LOU5HU3Q (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV7OI9D2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0YW2S6U (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MGDS121E (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKV59NGA (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MQE533F1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N1P0TZK4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N345H2NR (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N9ARG5VK (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NFUZDVO6 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NN06GOM6 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSMV8V98 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NTCMVZJ9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O3CR9Q52 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O3P4UHZ4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OE7B0BZ3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQFSYLOU (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OW9G0W2L (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDZYYG3P (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PEZL5OTA (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLOIUBE1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\POQ1PEFE (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PP0P0E5R (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS0SQ338 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QUVFTEIA (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R11U2HY2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RBOGH3W3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RK7FDZUL (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SG8AJ924 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SI3J99VG (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM57F94J (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZINP3SS (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TKQ125FF (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TS96GZ7V (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UL42YJ9Z (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UM1U57XE (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWG9I4GP (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UXACWXMW (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1GL00LJ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3RXT3KW (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5UX7YEQ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCUQMQS6 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDJYTEEP (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEC0YXTS (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W0LXJ36B (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1VJ7RF2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WDD2PDWX (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WGR7IA3I (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUA8GELJ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X29XPHQV (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XGI7M3X7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8N1DRIX (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YI7SBM3X (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YWR2GRGZ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z3XRLCIK (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z9YKYO2B (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZR6L17DC (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZF33K81 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\048WRIHH (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\07XAPSXH (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08X5DCP8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09EIZO6B (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UPOKL50 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\113WBBLM (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\123ZX0K9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16CH8HN3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\17Y04JX7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GOQFRO8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21D836R5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\23F0V9R5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\29YKJ8VD (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EV66DSP (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2GZV9J6M (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2S1XJNBB (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UBQ8ACP (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Z7XUKU6 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\36OGWMZE (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3D33FB59 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3KOUWF2K (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3N9WWSZD (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48M1IP0K (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\49JZWCV1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4D6WK9T2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SRS2UVI (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5FKWPZAW (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5I6UMU1M (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6KIG8M8E (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5QEX88 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77834XYL (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78S250VJ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7HYF9SSB (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7J3CVCP9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7K707OFC (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7RCLEHKV (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\80L6WE1W (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\83VLU425 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\87E0274E (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8GSP18SV (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8O4A2V6T (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8S80ZX2R (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8UPWQWQR (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\97J2I29B (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9H3P1U9W (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9KCW713M (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9LFA4RU1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MDM24J8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AX1I5WVO (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2X48GQ9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7Q4762X (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BA4MHSS8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHFFG90X (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BJVX28ON (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLS1CD0Y (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNOG0HKC (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQI84KGM (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRB169U4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTOSFAXR (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BY5FFL74 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4S8XQEM (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CRXO4AB1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CSFTWD0Y (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZVHEZNZ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1N2SG1F (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E4BM29MM (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E688HFRQ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EM819CHH (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ESW7E03N (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EVQ3V1GW (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXFH4J30 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYOH94RH (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7H2MZMQ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F9RL9TH8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G3NKLKG9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G8M0K1SK (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GI50WZJ7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJGISJ0K (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GOD0SQ5N (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H2T5RSO8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HBV4F279 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEO571N6 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HN7AQEG4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IGHBA171 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEDVQ0S2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEOFJLRY (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIKXBTDG (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9NX8G94 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KMFCW2Z0 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KQOT0YRV (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LCGNF8AL (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LOU5HU3Q (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV7OI9D2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0YW2S6U (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MGDS121E (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKV59NGA (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MQE533F1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N1P0TZK4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N345H2NR (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N9ARG5VK (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NFUZDVO6 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NN06GOM6 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSMV8V98 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NTCMVZJ9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O3CR9Q52 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O3P4UHZ4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OE7B0BZ3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQFSYLOU (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OW9G0W2L (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDZYYG3P (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PEZL5OTA (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLOIUBE1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\POQ1PEFE (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PP0P0E5R (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS0SQ338 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QUVFTEIA (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R11U2HY2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RBOGH3W3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RK7FDZUL (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SG8AJ924 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SI3J99VG (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM57F94J (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZINP3SS (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TKQ125FF (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TS96GZ7V (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UL42YJ9Z (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UM1U57XE (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWG9I4GP (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UXACWXMW (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1GL00LJ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3RXT3KW (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5UX7YEQ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCUQMQS6 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDJYTEEP (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEC0YXTS (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W0LXJ36B (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1VJ7RF2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WDD2PDWX (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WGR7IA3I (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUA8GELJ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X29XPHQV (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XGI7M3X7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8N1DRIX (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YI7SBM3X (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YWR2GRGZ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z3XRLCIK (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z9YKYO2B (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZR6L17DC (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZF33K81 (Temporary Internet Files Folder)



    Registry: 6

    Successfully deleted: HKLM\Software\MozillaPlugins\@alibaba.com/npwangwang;version=1.0 (Registry Key)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D324CCA8-121A-4A83-9D29-DD22139B7073} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{067DF9EC-26B7-40DC-8DB8-CD8BE85AE367} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 06/01/2016 at 11:47:48.55
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:29-05-2016 02
    Ran by David (administrator) on DAVID-PC (01-06-2016 11:50:33)
    Running from C:\Users\David\Desktop
    Loaded Profiles: David (Available Profiles: David)
    Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Astrill) C:\Program Files\Astrill\ASOvpnSvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files\Microsoft Device Health\DhMachineSvc.exe
    () C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Astrill) C:\Program Files\Astrill\ASProxy.exe
    (Alibaba Group) C:\Program Files\Alibaba\wwbizsrv\wwbizsrv.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [814608 2016-05-31] (Avira Operations GmbH & Co. KG)
    HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-05-04] (Avira Operations GmbH & Co. KG)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-12-17] (Apple Inc.)
    HKLM\...\Run: [Antirun] => G:\Antirun\antirun.exe
    HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1980416 2013-12-18] (Wondershare)
    HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\Run: [ctfmon] => C:\Windows\system32\ctfmon.exe [8704 2009-07-14] (Microsoft Corporation)
    HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\Run: [TouchpadBlocker.exe] => C:\Program Files\Touchpad Blocker\TouchpadBlocker.exe [881152 2013-04-17] (KARPOLAN)
    HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\Run: [uTorrent] => C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-17] (BitTorrent Inc.)
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-01-05] (Microsoft Corporation)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [S-1-5-21-1483477416-240000409-50094224-1000] => Proxy is enabled.
    ProxyServer: [S-1-5-21-1483477416-240000409-50094224-1000] => http=127.0.0.1:3213;https=127.0.0.1:3213
    AutoConfigURL: [S-1-5-21-1483477416-240000409-50094224-1000] => http=127.0.0.1:3213;https=127.0.0.1:3213
    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
    Tcpip\..\Interfaces\{0C4906D3-3EB2-4CF9-9E98-BB59F23E3143}: [NameServer] 8.8.8.8,8.8.4.4
    Tcpip\..\Interfaces\{2D015853-30E6-4AAC-8DDF-75E114F734F8}: [DhcpNameServer] 198.18.24.1
    Tcpip\..\Interfaces\{2E0B22CA-3CDF-4399-8F09-35325D02A04F}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{B69EE329-2CA7-4807-B85B-14C2398B23F2}: [NameServer] 221.7.128.68 221.7.136.68

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-1483477416-240000409-50094224-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: ICBC Anti-Phishing class -> {BB4491A2-D11A-4c6b-91C0-B53246A3122B} -> C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll [2014-06-20] (中国工商银行)
    Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 -  No File

    FireFox:
    ========
    FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881
    FF DefaultSearchEngine: StartPage - English
    FF SearchEngineOrder.3: Bing
    FF SelectedSearchEngine: Bing
    FF Homepage: hxxp://startpage.com
    FF Keyword.URL: hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q=
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-14] ()
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin: @icbc.com/npChromeClientBinding,ver=1.0.0.0 -> C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeClientBinding.dll [2013-12-05] (ICBC)
    FF Plugin: @icbc.com/npChromeFullScreen,ver=1.0.0.1 -> C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeFullScreen.dll [2013-12-05] (ICBC)
    FF Plugin: @icbc.com/npChromeSubmit,ver=1.0.0.3 -> C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeSubmit.dll [2016-02-24] (ICBC)
    FF Plugin: @icbc.com/npChromeXXin,ver=1.0.0.4 -> C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeXXin.dll [2016-02-25] (Industrial and Commercial Bank of China)
    FF Plugin: @icbc/icbc_ms_npClCache,Version=1.0.0.2 -> C:\Program Files\ICBCEbankTools\FirefoxPlugins\npClCache.dll [2014-07-29] ()
    FF Plugin: @icbc/icbc_ms_npClientBinding,Version=1.0.0.2 -> C:\Program Files\ICBCEbankTools\FirefoxPlugins\npClientBinding.dll [2014-07-29] ( )
    FF Plugin: @icbc/icbc_ms_npFullScreen,Version=1.0.0.2 -> C:\Program Files\ICBCEbankTools\FirefoxPlugins\npFullScreen.dll [2014-07-29] ()
    FF Plugin: @icbc/icbc_ms_npsubmit,Version=1.0.0.9 -> C:\Program Files\ICBCEbankTools\FirefoxPlugins\npsubmit.dll [2016-02-24] ( )
    FF Plugin: @icbc/icbc_ms_npxxin,Version=1.0.0.12 -> C:\Program Files\ICBCEbankTools\FirefoxPlugins\npxxin.dll [2016-03-02] ( )
    FF Plugin: @icbc/npAssistComm,Version=1.0.0.1 -> C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\npAssistComm.dll [2013-12-17] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
    FF Plugin HKU\.DEFAULT: @alipay.com/npalicert -> C:\Windows\system32\config\systemprofile\AppData\Roaming\alipay\cf\npalicdo.dll [2014-09-03] (alipay.com)
    FF Plugin HKU\S-1-5-21-1483477416-240000409-50094224-1000: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files\AliQinTao\1.90.05U\npAliSSOLogin.dll [2016-01-22] (Alibaba software (Shanghai) Corporation.)
    FF Plugin HKU\S-1-5-21-1483477416-240000409-50094224-1000: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files\AliQinTao\1.90.05U\npwangwang.dll [2016-01-22] ( )
    FF SearchPlugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\searchplugins\bing-.xml [2015-11-11]
    FF SearchPlugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\searchplugins\startpage---english.xml [2015-09-06]
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\startpage-https.xml [2014-04-08]
    FF Extension: Empty Cache Button - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2016-04-28]
    FF Extension: No Name - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\extensions\{bbfec13e-8cb4-53f4-c852-999eb2a852cb}.xpi [not found]
    FF Extension: TubeBuddy - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\Extensions\[email protected] [2016-05-28]
    FF Extension: ICBCClrCache - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\Extensions\[email protected] [2014-12-07] [not signed]
    FF Extension: Lightbeam - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\Extensions\[email protected] [2016-04-30]
    FF Extension: YouTube™ Downloader Plus - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\Extensions\[email protected] [2015-12-12]
    FF Extension: Youtube Best Video Downloader 2 - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\Extensions\{170503FA-3349-4F17-BC86-001888A5C8E2}.xpi [2016-05-12]
    FF Extension: Adblock Plus - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
    FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-12-15] [not signed]
    FF HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files\WordWeb\WCaptureMoz
    FF Extension: WordWeb one-click lookup - C:\Program Files\WordWeb\WCaptureMoz [2014-01-03] [not signed]
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\npcryptokit_certenrollment_boc_plugins.js [2014-01-09]

    Chrome:
    =======
    CHR HomePage: Default -> hxxps://search.yahoo.com/?type=937811&fr=yo-yhp-ch
    CHR StartupUrls: Default -> "hxxps://startpage.com/eng/"
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\50.0.2661.94\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\50.0.2661.94\gcswf32.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll => No File
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\50.0.2661.94\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\50.0.2661.94\pdf.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll => No File
    CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    CHR Plugin: (client binding plugin for fsi) - C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeClientBinding.dll (ICBC)
    CHR Plugin: (full screen plugin for fsi) - C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeFullScreen.dll (ICBC)
    CHR Plugin: (submit plugin for fsi) - C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeSubmit.dll (ICBC)
    CHR Plugin: (npxxin input plugin for fsi) - C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeXXin.dll (Industrial and Commercial Bank of China)
    CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll => No File
    CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    CHR Plugin: (Wandoujia Plugin) - C:\Program Files\WandouLabs\npWandoujiaHelper.dll => No File
    CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (npalicdo plugin) - C:\Users\David\AppData\Roaming\alipay\cf\npalicdo.dll => No File
    CHR Plugin: (Alipay Security Control 3) - C:\Windows\system32\aliedit\3.8.0.0\npAliSecCtrl.dll => No File
    CHR Plugin: (Alipay webmod control) - C:\Windows\system32\aliedit\3.8.0.0\npalidcp.dll => No File
    CHR Plugin: (Alipay security control) - C:\Windows\system32\aliedit\3.8.0.0\npaliedit.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\50.0.2661.94\pdf.dll => No File
    CHR Plugin: (AliWangWang Plug-In For Firefox and Netscape) - C:\Program Files\AliWangWang\8.00.34C\npwangwang.dll => No File
    CHR Plugin: (iTrusChina iTrusPTA,XEnroll,iEnroll,hwPTA,UKeyInstalls Firefox Plugin) - C:\Windows\system32\itruscert\NPComBrg701.dll => No File
    CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Spotify VK Downloader) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\baggnalhgbpeanbhedjlbndhjgmimmhl [2016-05-04]
    CHR Extension: (Zhongwen: Chinese-English Dictionary) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkmlkkjojmombglmlpbpapmhcaljjkde [2016-05-04]
    CHR Extension: (ICBCChromeExtension) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lehjanbmddecbhgnnncapflmglinppcj [2014-08-06]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-04]
    CHR HKLM\...\Chrome\Extension: [ajmecfihhnibjmmihpecefjjckgbmedh] - C:\Program Files\ICBCEbankTools\ICBCNewChromeExtension\ICBCNewChromeExtension.crx [2015-12-01]
    CHR HKLM\...\Chrome\Extension: [ebfkjhegjojpombijlnbkmjoabfgohkb] - C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\ICBCAssistChromeExtension.crx [2015-12-01]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [lehjanbmddecbhgnnncapflmglinppcj] - C:\Program Files\ICBCEbankTools\ICBCChromeExtension\ICBCChromeExtension.crx [2013-07-02]

    Opera:
    =======
    OPR StartupUrls: "hxxp://startpage.com/"
    OPR Extension: (AdBlock) - C:\Users\David\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2016-03-04]
    OPR Extension: (AdBlock) - C:\Users\David\AppData\Roaming\Opera Software\Opera Stable\Extensions\kgjdldamaclconkgicdehfijmmkplcih [2015-08-25]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-13] (SUPERAntiSpyware.com)
    S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [970656 2016-05-31] (Avira Operations GmbH & Co. KG)
    R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [467016 2016-05-31] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [467016 2016-05-31] (Avira Operations GmbH & Co. KG)
    S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1435704 2016-05-31] (Avira Operations GmbH & Co. KG)
    R2 ASOVPNHelper; C:\Program Files\Astrill\ASOvpnSvc.exe [602136 2015-11-19] (Astrill)
    R3 ASProxy; C:\Program Files\Astrill\ASProxy.exe [2607640 2015-09-03] (Astrill)
    R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [276424 2016-05-04] (Avira Operations GmbH & Co. KG)
    R2 DeviceHealth; C:\Program Files\Microsoft Device Health\DhMachineSvc.exe [85664 2014-06-06] ()
    R2 ICBC Daemon Service; C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe [370824 2014-06-20] ()
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
    R2 wwbizsrv; C:\Program Files\Alibaba\wwbizsrv\wwbizsrv.exe [2159464 2015-10-22] (Alibaba Group)
    S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11832 2014-05-21] (Advanced Micro Devices Inc.)
    R3 asvpndrv; C:\Windows\System32\DRIVERS\asvpndrv.sys [25856 2014-05-17] (Astrill)
    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [109016 2016-03-10] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137240 2016-05-31] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-24] (Avira Operations GmbH & Co. KG)
    R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [60088 2016-05-31] (Avira Operations GmbH & Co. KG)
    S3 D-Vitec; C:\Windows\System32\DRIVERS\dvitdcnt.sys [281344 2012-07-26] (D-vitec)
    R2 giveio; C:\Windows\system32\giveio.sys [5248 1996-04-04] () [File not signed]
    R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [204432 2014-06-23] (Realtek Semiconductor Corp.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R2 speedfan; C:\Windows\system32\speedfan.sys [24184 2012-12-30] (Almico Software)
    R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-16] (Avira Operations GmbH & Co. KG)
    R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-07-01] (The OpenVPN Project)
    S3 catchme; \??\C:\Users\David\AppData\Local\Temp\catchme.sys [X]
    S3 massfilter; system32\drivers\massfilter.sys [X]
    S1 qutmipc; \??\C:\Windows\system32\drivers\qutmipc.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
    S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
    S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-06-01 11:50 - 2016-06-01 11:51 - 00020206 _____ C:\Users\David\Desktop\FRST.txt
    2016-06-01 11:49 - 2016-06-01 11:50 - 00000000 ____D C:\FRST
    2016-06-01 11:47 - 2016-06-01 11:47 - 00051121 _____ C:\Users\David\Desktop\JRT.txt
    2016-06-01 11:35 - 2016-06-01 11:35 - 01734656 _____ (Farbar) C:\Users\David\Desktop\FRST.exe
    2016-06-01 11:28 - 2016-06-01 11:28 - 01610816 _____ (Malwarebytes) C:\Users\David\Desktop\JRT.exe
    2016-06-01 10:50 - 2016-06-01 10:53 - 00000000 ____D C:\AdwCleaner
    2016-06-01 10:45 - 2016-06-01 10:46 - 03677248 _____ C:\Users\David\Desktop\AdwCleaner.exe
    2016-05-31 17:29 - 2016-05-31 17:30 - 15799179 _____ C:\Users\David\Desktop\Black _ White Heads On Nose Part 2.mp4
    2016-05-31 17:28 - 2016-05-31 17:28 - 05114754 _____ C:\Users\David\Desktop\Infowars to enter the Heart of SJW Tyranny.mp4
    2016-05-30 18:25 - 2016-05-30 18:26 - 15957519 _____ C:\Users\David\Desktop\Nose Full Of Blackheads.mp4
    2016-05-30 16:27 - 2016-05-30 16:28 - 00026112 _____ C:\Users\David\Desktop\David (1).xls
    2016-05-27 20:25 - 2016-05-27 20:30 - 48729072 _____ C:\Users\David\Desktop\THE DUMBEST GENERATION THE SAD TRUTH THEY DONT WANT YOU TO KNOW.mp4
    2016-05-24 18:30 - 2016-05-24 18:33 - 28019641 _____ C:\Users\David\Desktop\Funny Dogs - A Funny Dog Videos Compilation 2015.mp4
    2016-05-23 22:01 - 2016-06-01 10:58 - 00000000 ____D C:\Users\David\AppData\LocalLow\uTorrent
    2016-05-18 17:35 - 2016-05-18 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2016-05-18 16:36 - 2016-06-01 10:58 - 00000000 ____D C:\Users\David\AppData\Roaming\vlc
    2016-05-16 17:35 - 2016-05-16 17:39 - 18806428 _____ C:\Users\David\Desktop\Mozart - Soundtrack - Out of Africa.mp4
    2016-05-14 08:35 - 2016-05-14 08:35 - 20381888 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
    2016-05-06 12:51 - 2016-05-08 17:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2016-05-04 20:50 - 2016-05-04 20:50 - 00000000 ____D C:\Users\David\AppData\Roaming\Wondershare AllMyTube
    2016-05-04 20:48 - 2016-05-04 20:48 - 00000000 ____D C:\Users\David\AppData\Local\Wondershare
    2016-05-04 20:48 - 2016-05-04 20:48 - 00000000 ____D C:\Program Files\Common Files\Wondershare
    2016-05-04 20:47 - 2016-05-04 21:06 - 00000000 ____D C:\Program Files\Wondershare
    2016-05-04 20:47 - 2016-05-04 21:05 - 00000000 ____D C:\ProgramData\Wondershare AllMyTube
    2016-05-04 20:47 - 2016-05-04 20:47 - 00000000 ____D C:\ProgramData\Wondershare Application Common Data
    2016-05-04 20:45 - 2016-05-04 20:46 - 00000000 ____D C:\Users\Public\Documents\Wondershare

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-06-01 11:47 - 2014-08-06 10:10 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-06-01 11:41 - 2014-03-18 15:03 - 00000398 _____ C:\Windows\Tasks\WpsUpdateTask_David.job
    2016-06-01 11:41 - 2014-03-18 15:03 - 00000398 _____ C:\Windows\Tasks\WpsNotifyTask_David.job
    2016-06-01 11:34 - 2016-01-20 10:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-06-01 11:06 - 2016-04-28 18:53 - 00003792 _____ C:\Windows\system32\ASProxyOff.ini
    2016-06-01 11:05 - 2009-07-14 12:34 - 00021024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-06-01 11:05 - 2009-07-14 12:34 - 00021024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-06-01 10:59 - 2014-01-02 23:20 - 00000000 ____D C:\Users\David\AppData\Roaming\uTorrent
    2016-06-01 10:57 - 2014-08-06 10:10 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-06-01 10:56 - 2009-07-14 12:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-06-01 10:55 - 2014-01-03 16:37 - 00000000 ____D C:\Program Files\Subliminal Power
    2016-05-31 16:59 - 2015-03-03 17:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    2016-05-31 16:56 - 2015-03-03 17:14 - 00137240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
    2016-05-31 16:56 - 2015-03-03 17:14 - 00060088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
    2016-05-30 18:40 - 2014-01-10 10:43 - 00388386 _____ C:\Windows\system32\prfh0804.dat
    2016-05-30 18:40 - 2014-01-10 10:43 - 00123864 _____ C:\Windows\system32\prfc0804.dat
    2016-05-30 18:40 - 2014-01-02 22:20 - 01276504 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-05-30 18:40 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\inf
    2016-05-30 09:44 - 2015-02-09 11:20 - 00000000 ____D C:\Users\David\Downloads\Ant Videos
    2016-05-29 08:01 - 2015-08-26 13:00 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
    2016-05-25 18:04 - 2014-01-02 22:41 - 00000000 ____D C:\ProgramData\Package Cache
    2016-05-23 21:54 - 2014-01-02 22:31 - 00000000 ____D C:\Program Files\Opera
    2016-05-18 17:35 - 2014-01-03 16:53 - 00000000 ____D C:\Program Files\VideoLAN
    2016-05-18 17:19 - 2014-08-04 11:11 - 00000000 ____D C:\Users\David\Desktop\Desktopstuff
    2016-05-15 21:38 - 2014-01-02 23:40 - 00000000 ____D C:\Users\David\Documents\Calibre Library
    2016-05-14 08:35 - 2014-01-02 23:19 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2016-05-14 08:35 - 2014-01-02 23:19 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2016-05-13 07:50 - 2014-08-06 10:17 - 00002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-05-09 20:21 - 2016-04-28 18:44 - 00000000 ____D C:\Users\David\AppData\Roaming\Astrill
    2016-05-08 17:05 - 2014-01-03 10:11 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2016-05-07 19:06 - 2014-08-17 16:41 - 00000000 ____D C:\Users\David\AppData\Local\aef
    2016-05-06 17:11 - 2015-11-11 17:51 - 00000000 ____D C:\Program Files\AliQinTao
    2016-05-03 12:09 - 2015-01-31 10:28 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-05-03 08:58 - 2014-01-03 18:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2016-05-02 22:43 - 2016-04-30 10:05 - 00000000 ____D C:\Users\David\Downloads\Youtubes

    ==================== Files in the root of some directories =======

    2016-04-28 18:44 - 2015-05-05 11:56 - 1701390 _____ () C:\Users\David\AppData\Roaming\addr2line.exe
    2014-01-04 09:32 - 2014-06-23 21:40 - 0001078 _____ () C:\Users\David\AppData\Roaming\base64.cer
    2014-07-20 18:02 - 2014-07-22 11:31 - 1411790 _____ () C:\ProgramData\TestPreferences

    Files to move or delete:
    ====================
    C:\ProgramData\999.dat


    Some files in TEMP:
    ====================
    C:\Users\David\AppData\Local\temp\avgnt.exe
    C:\Users\David\AppData\Local\temp\libeay32.dll
    C:\Users\David\AppData\Local\temp\msvcr120.dll
    C:\Users\David\AppData\Local\temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-05-29 08:02

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:29-05-2016 02
    Ran by David (2016-06-01 11:51:30)
    Running from C:\Users\David\Desktop
    Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2014-01-02 12:13:05)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1483477416-240000409-50094224-500 - Administrator - Disabled)
    David (S-1-5-21-1483477416-240000409-50094224-1000 - Administrator - Enabled) => C:\Users\David
    Guest (S-1-5-21-1483477416-240000409-50094224-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1483477416-240000409-50094224-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
    AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
    7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
    Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
    Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
    Adobe Flash Player 21 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
    Alipay Cert Component 2.5.0.0 (HKU\.DEFAULT\...\AlipayCert) (Version: 2.5.0.0 - Alipay.com Co., Ltd.)
    Anki (HKLM\...\Anki) (Version:  - )
    Apple Application Support (32-bit) (HKLM\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{9A629DCB-415D-4A50-85B9-5C2E4F8F74A8}) (Version: 9.1.0.6 - Apple Inc.)
    Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    Astrill (HKLM\...\{A77BCF74-A5A3-441B-9923-305EAD8B7976}_is1) (Version:  - Astrill)
    Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG)
    Avira Launcher (HKLM\...\{28d41884-9b36-4f54-bed2-92863f08e65d}) (Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG)
    Avira Launcher (Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG) Hidden
    Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
    calibre (HKLM\...\{50179884-9D17-4BC1-A685-3E99E55CE918}) (Version: 2.54.0 - Kovid Goyal)
    CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
    Flickr Uploadr for Windows (HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\FlickrUploadrWindows) (Version: 0.9.98.280 - Flickr)
    Google Chrome (HKLM\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
    Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
    icbc_netbank_client_controls (HKLM\...\{93156467-FD99-4A30-9CA5-8563F4BB8DB3}) (Version: 2010.11.17.0 - ICBC)
    ICBCChromeExtension (HKLM\...\{619AF9F4-3B8F-4989-B65F-67E45D0F4AF0}) (Version: 1.0.6.0 - ICBC) <==== ATTENTION
    ICBCEBankAssist (HKLM\...\{2FEC1C6E-CA95-43CF-8597-0979DBF2F5FD}) (Version: 1.6.3.0 - Industrial and Commercial Bank of China)
    ICBCEbankPlugins (HKLM\...\{605A7036-A19C-4289-8966-760D708C33E1}) (Version: 1.0.7.0 - icbc)
    ICBCNewChromeExtension (HKLM\...\{93BEAF31-0215-489B-A7A6-9B4831C9F572}) (Version: 1.0.2.0 - ICBC) <==== ATTENTION
    iTunes (HKLM\...\{2C741651-87E0-4479-9703-6DD0D7988B84}) (Version: 12.3.2.35 - Apple Inc.)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office Excel 2007 Help ¸üР(KB963678) (HKLM\...\{90120000-0016-0804-0000-0000000FF1CE}_PROPLUS_{CECF0828-8F1F-4205-86B9-61683BAF0321}) (Version:  - Microsoft)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Outlook 2007 Help ¸üР(KB963677) (HKLM\...\{90120000-001A-0804-0000-0000000FF1CE}_PROPLUS_{CB739C4F-6ABE-4CB2-BC90-57583893094F}) (Version:  - Microsoft)
    Microsoft Office Powerpoint 2007 Help ¸üР(KB963669) (HKLM\...\{90120000-0018-0804-0000-0000000FF1CE}_PROPLUS_{833A1F95-EEEB-47D3-B13F-3243AB2E7FA5}) (Version:  - Microsoft)
    Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Word 2007 Help ¸üР(KB963665) (HKLM\...\{90120000-001B-0804-0000-0000000FF1CE}_PROPLUS_{53A3BCC0-3278-4729-8718-D17DEC19DE48}) (Version:  - Microsoft)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Mozilla Firefox 46.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
    Opera Stable 37.0.2178.43 (HKLM\...\Opera 37.0.2178.43) (Version: 37.0.2178.43 - Opera Software)
    PhotoScape (HKLM\...\PhotoScape) (Version:  - )
    QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
    Realtek HDMI Audio Driver for ATI (HKLM\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
    Security Task Manager 1.8c (HKLM\...\Security Task Manager) (Version: 1.8c - Neuber Software)
    Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
    SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1118 - SUPERAntiSpyware.com)
    Touchpad Blocker (HKLM\...\Touchpad Blocker) (Version: 2.9 - KARPOLAN)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
    WordWeb (HKLM\...\WordWeb) (Version: 6 - WordWeb Software)
    WPS Office (9.1.0.4746) (HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\WPS Office) (Version: 9.1.0.4746 - Kingsoft Corp.)
    中国工商银行防钓鱼软件 (HKLM\...\{D8903816-37A7-4F23-8614-0246473D5CE9}) (Version: 2.2.8 - 中国工商银行)
    亲淘 (HKLM\...\亲淘) (Version:  - 阿里巴巴(中国)有限公司)
    支付宝安全控件 5.3.0.3807 (HKLM\...\alieditplus) (Version: 5.3.0.3807 - Alipay.com Co., Ltd.)
    谷歌拼音输入法 2.7 (HKLM\...\GooglePinyin2) (Version:  - Google Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{00020906-0000-4b30-A977-D214852036FF}\localserver32 -> C:\Users\David\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
    CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{000209F0-0000-4b30-A977-D214852036FF}\InprocServer32 ->  => No File
    CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{000209FF-0000-4b30-A977-D214852036FF}\localserver32 -> C:\Users\David\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
    CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{0002CE21-0000-0000-C000-000000000046}\localserver32 -> C:\Users\David\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\ksee\EqnEdit.exe (Design Science, Inc.)
    CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{017CE1A6-416F-4684-AE6A-02064420B30A}\InprocServer32 -> C:\Program Files\AliQinTao\1.90.05U\AliIMSSOLogin.dll (阿里巴巴(中国)有限公司)
    CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{26C3F8B0-0217-46A1-AB2D-A1B494E71402}\InprocServer32 -> C:\Program Files\AliQinTao\1.90.05U\AliIMSSOLogin.dll (阿里巴巴(中国)有限公司)
    CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{44720441-94BF-4940-926D-4F38FECF2A48}\localserver32 -> C:\Users\David\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
    CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{44720444-94BF-4940-926D-4F38FECF2A48}\localserver32 -> C:\Users\David\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
    CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{45540001-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Users\David\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
    CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{45540003-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Users\David\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
    CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{45540086-5750-5300-4B49-4E47534F4655}\InprocServer32 ->  => No File
    CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{45540086-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Users\David\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
    CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{4D4E0078-1386-4536-BD05-3E1013F17116}\InprocServer32 -> C:\Users\David\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\office6\oledefaulthandler.dll (Zhuhai Kingsoft Office Software Co.,Ltd)
    CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}\InprocServer32 -> C:\Program Files\AliQinTao\1.90.05U\AliIMX.dll (Alibaba software (Shanghai) Corporation.)
    CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{91493443-94BF-4940-926D-4F38FECF2A48}\InprocServer32 ->  => No File
    CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{E81FB43C-B144-4D30-8033-C9338AA0ECB8}\InprocServer32 -> C:\Program Files\AliQinTao\1.90.05U\AliIMSSOLogin.dll (阿里巴巴(中国)有限公司)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0537FEF0-7887-4533-8433-3AFCEA6BA5E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
    Task: {077EC099-51A0-4190-B3D3-8BAE4BFA378E} - System32\Tasks\{6D67EFA5-C130-489A-935A-915148DC62B6} => pcalua.exe -a "I:\TOP+TIPS+音频光盘\TOP TIPS\Top Tips for IELTS Academic.exe" -d "I:\TOP+TIPS+音频光盘\TOP TIPS"
    Task: {102F9216-B08F-45E4-BF0D-6AE533CB44F7} - System32\Tasks\{B67B8CC1-F228-48B1-BA26-88B15E065A4E} => C:\Users\David\Desktop\翻墙\翻墙\lantern-installer-beta.exe
    Task: {18456E94-B31C-4BCD-8B13-DC283320E9BE} - System32\Tasks\WpsNotifyTask_David => C:\Users\David\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsnotify.exe [2014-09-21] (Zhuhai Kingsoft Office Software Co.,Ltd)
    Task: {7334C863-C12A-4CB6-9BF5-81100623DD83} - System32\Tasks\JetBoost_AutoUpdate => C:\Program Files\BlueSprig\JetBoost\AutoUpdate.exe [2012-11-27] (BlueSprig)
    Task: {749E2F91-A6BA-4773-A965-306EB87B983F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
    Task: {8837428D-F94D-4EB4-8F57-B35CC830F20B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_21_0_0_242_pepper.exe [2016-05-14] (Adobe Systems Incorporated)
    Task: {8D194B8A-CA11-4DB4-ACBA-3815F4B817EC} - System32\Tasks\JetCleanLoginCheckUpdate => C:\Program Files\BlueSprig\JetClean\AutoUpdate.exe [2013-05-14] (BlueSprig)
    Task: {8E97C2CE-D9F8-464D-A496-B6144FB4F2BE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-18] (Piriform Ltd)
    Task: {9040215C-0B01-4F8C-8DC1-F4A3045B0E23} - System32\Tasks\{DC26780C-3E21-410D-B5BC-4431176DA68B} => pcalua.exe -a "C:\Program Files\Clavis Sinica 5.0\Uninstall Clavis Sinica 5.0.exe" -d "H:\Seagate Dashboard 2.0\PC-201208301640\Administrator\Backup\ff4c811b-d4f6-4805-96c1-1923aeba5bfc\20131231_122040_Administrator\E\c盘程序\Clavis Sinica 5.0\Cst" -c "H:\Seagate Dashboard 2.0\PC-201208301640\Administrator\Backup (the data entry has 105 more characters).
    Task: {93131162-8B8D-46E5-A623-4873F2D3A739} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
    Task: {97CA5C8A-BFEA-4278-8E2C-995A347630DE} - System32\Tasks\WpsUpdateTask_David => C:\Users\David\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsupdate.exe [2016-03-22] (Zhuhai Kingsoft Office Software Co.,Ltd)
    Task: {B098A572-28DD-4F7D-99A4-DBA0A9FEB5D2} - System32\Tasks\Opera scheduled Autoupdate 1388673118 => C:\Program Files\Opera\launcher.exe [2016-05-09] (Opera Software)
    Task: {C1181472-CB58-45D4-8C1B-97F7214C58CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-14] (Adobe Systems Incorporated)
    Task: {C358ADC3-709D-4A8F-9D79-3E05470242E1} - System32\Tasks\Boot Trigger ICBC Task => C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\RunEBank.exe [2013-12-17] ()
    Task: {C67B2910-4FB0-4F20-B351-F1BCD15F2484} - System32\Tasks\Google Pinyin Daemon => C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe [2015-10-16] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_21_0_0_242_pepper.exe
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\WpsNotifyTask_David.job => C:\Users\David\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsnotify.exe
    Task: C:\Windows\Tasks\WpsUpdateTask_David.job => C:\Users\David\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsupdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-06-06 21:36 - 2014-06-06 21:36 - 00085664 _____ () C:\Program Files\Microsoft Device Health\DhMachineSvc.exe
    2014-06-06 21:36 - 2014-06-06 21:36 - 00064672 _____ () C:\Program Files\Microsoft Device Health\Collectors\system_collector.dll
    2014-06-06 21:36 - 2014-06-06 21:36 - 00023200 _____ () C:\Program Files\Microsoft Device Health\Collectors\user_collector.dll
    2014-06-06 21:36 - 2014-06-06 21:36 - 00020640 _____ () C:\Program Files\Microsoft Device Health\Actuators\win_update_actuator.dll
    2014-06-20 17:22 - 2014-06-20 17:22 - 00370824 _____ () C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ASProxy => ""="service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\.DEFAULT\...\alipay.com -> hxxps://alipay.com
    IE trusted site: HKU\.DEFAULT\...\alipay.com -> hxxp://alipay.com
    IE trusted site: HKU\.DEFAULT\...\alisoft.com -> hxxps://alisoft.com
    IE trusted site: HKU\.DEFAULT\...\alisoft.com -> hxxp://alisoft.com
    IE trusted site: HKU\.DEFAULT\...\taobao.com -> hxxps://taobao.com
    IE trusted site: HKU\.DEFAULT\...\taobao.com -> hxxp://taobao.com
    IE trusted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\cfca.com.cn -> hxxp://www.cfca.com.cn
    IE trusted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\cfca.com.cn -> hxxps://www.cfca.com.cn
    IE trusted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\google.com -> hxxps://www.google.com
    IE trusted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\icbc.com.cn -> hxxps://www.icbc.com.cn
    IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\01i.info -> 01i.info
    IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\05p.com -> 05p.com
    IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\0calories.net -> 0calories.net
    IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\0cj.net -> 0cj.net
    IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
    IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\1-se.com -> 1-se.com

    There are 11402 more sites.


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 10:04 - 2015-07-25 08:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1       localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1483477416-240000409-50094224-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 221.7.128.68 - 221.7.136.68
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is disabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^wandoujia_helper.lnk => C:\Windows\pss\wandoujia_helper.lnk.Startup
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
    MSCONFIG\startupreg: FlickrUploadr => "C:\Users\David\AppData\Local\FlickrUploadrWindows\Update.exe" --processStart Flickr.exe
    MSCONFIG\startupreg: Microsoft Pinyin IME Migration => c:\progra~1\common~1\micros~1\ime12\imesc\imscmig.exe /install
    MSCONFIG\startupreg: qintao => "C:\Program Files\AliQinTao\AliQinTao.exe" /run:auto
    MSCONFIG\startupreg: QuickTime Task =>
    MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    MSCONFIG\startupreg: uTorrent => "C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [TCP Query User{7D08AAC0-040F-41E2-B261-F98873049CA9}C:\users\david\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\david\appdata\roaming\utorrent\utorrent.exe
    FirewallRules: [UDP Query User{355CA210-D0AD-4C9B-A85A-CC463BA219DE}C:\users\david\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\david\appdata\roaming\utorrent\utorrent.exe
    FirewallRules: [{A513B0C2-1CB7-4A3A-8060-1645BC1A959D}] => (Allow) C:\users\david\appdata\roaming\utorrent\utorrent.exe
    FirewallRules: [{AE18DA7C-6C34-4894-A34C-2FDD1EB7C1BA}] => (Allow) C:\users\david\appdata\roaming\utorrent\utorrent.exe
    FirewallRules: [{4853FE5B-4EDF-4875-9EC7-080E1FFB7EEF}] => (Allow) C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{CC8638B0-2AD0-4805-95E9-62921D097371}] => (Allow) C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{BEA9A16F-B26B-4EA0-A0C6-6CBC1147778E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
    FirewallRules: [{6DD37402-3CF5-4581-85ED-14FC73AAE47A}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
    FirewallRules: [{4EED0625-61DE-454D-8002-9EA2F9A0F93C}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
    FirewallRules: [{8F7551FE-DEF8-43E6-8A37-D5B66139F8C7}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
    FirewallRules: [{8E69ACF1-D9F1-420E-99F0-4BA9C03CB10D}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
    FirewallRules: [{630BE3CA-023D-4B7D-A70C-2FD24514C234}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
    FirewallRules: [{317985DB-B63B-475D-9460-9F70A467EAB7}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
    FirewallRules: [{9CE1F0B0-17E0-4D93-BA33-5502A66C1A2B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{8E6B7A31-2763-4D25-941F-36A72747983E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{D8F698F3-07C5-4C8C-BCA7-175B5FA24E05}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{D98DF725-E5DC-4D9F-A423-B2E6BE535A8C}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
    FirewallRules: [{7D52FB9E-D063-4CDE-A4B7-2C7144AB7536}] => (Allow) C:\Users\David\AppData\Local\Temp\nso8C14.tmp\Installer-10004574.exe
    FirewallRules: [{AFB7BFBC-3D7D-42DC-881E-093F423391F9}] => (Allow) C:\Users\David\AppData\Local\Temp\nso8C14.tmp\Installer-10004574.exe
    FirewallRules: [{A035916A-55D7-4D1C-BC16-9F0A2EE50177}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{25981C77-8490-49B3-9B5A-E14D379E1C42}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{192AF1AC-13A1-4CAF-9573-4C4BE4CCB226}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{A600380F-D1EC-4020-BB69-827687F4783F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{2A17B181-030C-46B1-9D45-EE9A5E634CFF}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{1E1623E3-E4DD-4868-B205-0B4FDEB9FBFB}] => (Allow) C:\Program Files\Identity Cloaker\openvpnportable\app\bin\openvpn.exe
    FirewallRules: [{0A2FFDEB-0126-48D4-80C2-E0AB25A93615}] => (Allow) C:\Program Files\Identity Cloaker\Privoxy\privoxy.exe
    FirewallRules: [{C671ECB1-C6A7-480E-B2E3-8F935170D6A1}] => (Allow) C:\Program Files\Identity Cloaker\idc2.exe
    FirewallRules: [{139535FE-A1C5-47D4-A628-3E1759BDD926}] => (Allow) C:\Program Files\Identity Cloaker\Privoxy\privoxy.exe
    FirewallRules: [{1C00876D-AF04-40DA-9D86-53F815AA498D}] => (Allow) C:\Program Files\Identity Cloaker\idc2.exe
    FirewallRules: [{BC2CCCD3-FC92-4D0B-A812-DD8F9968885F}] => (Allow) C:\Program Files\Identity Cloaker\openvpnportable\app\bin\openvpn.exe
    FirewallRules: [TCP Query User{32B20F8D-E908-4178-8A06-B8D9535AC7A6}H:\seagate dashboard 2.0\pc-201208301640\administrator\backup\ff4c811b-d4f6-4805-96c1-1923aeba5bfc\20131231_122040_administrator\d\downloads\vpn live\fg732p.exe] => (Allow) H:\seagate dashboard 2.0\pc-201208301640\administrator\backup\ff4c811b-d4f6-4805-96c1-1923aeba5bfc\20131231_122040_administrator\d\downloads\vpn live\fg732p.exe
    FirewallRules: [UDP Query User{28256B38-7529-4E33-9449-986EDD04883B}H:\seagate dashboard 2.0\pc-201208301640\administrator\backup\ff4c811b-d4f6-4805-96c1-1923aeba5bfc\20131231_122040_administrator\d\downloads\vpn live\fg732p.exe] => (Allow) H:\seagate dashboard 2.0\pc-201208301640\administrator\backup\ff4c811b-d4f6-4805-96c1-1923aeba5bfc\20131231_122040_administrator\d\downloads\vpn live\fg732p.exe
    FirewallRules: [TCP Query User{797F4173-C990-438B-BAF3-57FC9EE8566A}C:\users\david\appdata\local\microsoft\windows\temporary internet files\content.ie5\o3p4uhz4\fg758p.exe] => (Allow) C:\users\david\appdata\local\microsoft\windows\temporary internet files\content.ie5\o3p4uhz4\fg758p.exe
    FirewallRules: [UDP Query User{80EE8705-6A3B-43AC-B6C8-2EFC559285C8}C:\users\david\appdata\local\microsoft\windows\temporary internet files\content.ie5\o3p4uhz4\fg758p.exe] => (Allow) C:\users\david\appdata\local\microsoft\windows\temporary internet files\content.ie5\o3p4uhz4\fg758p.exe
    FirewallRules: [{AF675EB6-C78B-440D-B8AB-E1826BE8BE21}] => (Block) C:\users\david\appdata\local\microsoft\windows\temporary internet files\content.ie5\o3p4uhz4\fg758p.exe
    FirewallRules: [{D04DE344-60F6-483C-BB04-2D22D0E0362E}] => (Block) C:\users\david\appdata\local\microsoft\windows\temporary internet files\content.ie5\o3p4uhz4\fg758p.exe
    FirewallRules: [TCP Query User{F92CAB8B-5C74-45F2-84DA-948403BABAC8}C:\program files\wondershare\youtube-downloader\allmytube.exe] => (Block) C:\program files\wondershare\youtube-downloader\allmytube.exe
    FirewallRules: [UDP Query User{D9E269F6-7793-4129-9001-0B866F363ED5}C:\program files\wondershare\youtube-downloader\allmytube.exe] => (Block) C:\program files\wondershare\youtube-downloader\allmytube.exe
    FirewallRules: [{2CE5EDEE-9897-440A-8365-6FD75F615E5E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
    FirewallRules: [TCP Query User{AA8C8186-E4DB-4958-97A6-292D7934BD6B}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
    FirewallRules: [UDP Query User{3FC0A336-6F6C-4483-9373-69EC477884A7}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe

    ==================== Restore Points =========================

    28-02-2016 19:00:48 Windows Backup
    06-03-2016 19:00:58 Windows Backup
    13-03-2016 19:00:54 Windows Backup
    16-03-2016 15:22:30 Installed Identity Cloaker
    27-03-2016 19:00:40 Windows Backup
    03-04-2016 19:01:22 Windows Backup
    05-04-2016 16:23:24 Removed Identity Cloaker
    05-04-2016 16:25:54 Installed Identity Cloaker
    06-04-2016 09:17:39 Removed Identity Cloaker
    09-04-2016 09:23:10 Installed calibre
    10-04-2016 19:00:56 Windows Backup
    17-04-2016 19:00:59 Windows Backup
    24-04-2016 19:54:05 Windows Backup
    01-05-2016 19:00:55 Windows Backup
    08-05-2016 19:53:55 Windows Backup
    15-05-2016 19:01:08 Windows Backup
    22-05-2016 19:23:38 Windows Backup
    29-05-2016 19:01:00 Windows Backup
    01-06-2016 11:44:47 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============

    Name: qutmipc
    Description: qutmipc
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: qutmipc
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Base System Device
    Description: Base System Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Base System Device
    Description: Base System Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/01/2016 09:50:12 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iTunes.exe, version: 12.3.2.35, time stamp: 0x56739d90
    Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
    Exception code: 0xc0000005
    Fault offset: 0x0003bd41
    Faulting process id: 0x18f8
    Faulting application start time: 0xiTunes.exe0
    Faulting application path: iTunes.exe1
    Faulting module path: iTunes.exe2
    Report Id: iTunes.exe3

    Error: (06/01/2016 08:06:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 26860611

    Error: (06/01/2016 08:06:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 26860611

    Error: (06/01/2016 08:06:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (06/01/2016 08:06:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 26859504

    Error: (06/01/2016 08:06:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 26859504

    Error: (06/01/2016 08:06:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (06/01/2016 08:06:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 26858490

    Error: (06/01/2016 08:06:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 26858490

    Error: (06/01/2016 08:06:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    System errors:
    =============
    Error: (06/01/2016 11:45:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Ati External Event Utility service terminated unexpectedly.  It has done this 1 time(s).

    Error: (06/01/2016 10:57:36 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    qutmipc

    Error: (06/01/2016 10:56:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The LiveUpdate service failed to start due to the following error:
    %%2

    Error: (06/01/2016 10:54:49 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\Windows\System32\bcmihvsrv.dll

    Error: (06/01/2016 10:54:49 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\Windows\System32\bcmihvsrv.dll

    Error: (06/01/2016 10:54:28 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\Windows\System32\bcmihvsrv.dll

    Error: (06/01/2016 10:53:32 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
    %%1056

    Error: (06/01/2016 10:53:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The wwbizsrv service terminated unexpectedly.  It has done this 1 time(s).

    Error: (06/01/2016 10:53:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The ASProxy service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 200 milliseconds: Restart the service.

    Error: (06/01/2016 10:53:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).


    CodeIntegrity:
    ===================================
      Date: 2014-02-03 20:03:47.755
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\David\AppData\Local\Temp\0399523\kldw.exe because the set of per-page image hashes could not be found on the system.

      Date: 2014-02-03 20:03:47.241
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\David\AppData\Local\Temp\0399523\kldw.exe because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: AMD Athlon™ 64 X2 Dual-Core Processor TK-57
    Percentage of memory in use: 39%
    Total physical RAM: 1918 MB
    Available physical RAM: 1165.03 MB
    Total Virtual: 3836.01 MB
    Available Virtual: 2717.84 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:97.65 GB) (Free:14.12 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: () (Fixed) (Total:68.36 GB) (Free:42.23 GB) NTFS
    Drive e: () (Fixed) (Total:66.86 GB) (Free:24.28 GB) NTFS
    Drive h: (Seagate Backup Plus Drive) (Fixed) (Total:931.51 GB) (Free:371.71 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: EF08263A)
    Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=135.2 GB) - (Type=OF Extended)

    ========================================================
    Disk: 1 (Size: 931.5 GB) (Disk ID: 99C46DCD)
    Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================


    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,001 posts
    • MVP
    Not sure what happened with ADWCLEANER.  You did save it and then right click and Run As Admin?
     
    I'm assuming that the proxy you have is legit.  Normally I remove all proxies but since it appears you are in China you probably need it.
     
    I don't see any real malware.  Just Wondershare which sneaks in riding on other programs.  I'm going to remove it and a lot of deadwood with FRST:
     
     
    Download the attached fixlist.txt to the same location as FRST
     
    Attached File  fixlist.txt   4.67KB   108 downloads
     
    Run FRST and press Fix
    A fix log will be generated please post that 
     
    Probably easiest to post each log as you get them.
     
    You have two devices that are lacking drivers.  Right click on Computer and select Manage then click on Device Manager.  View, Show Hidden Devices.  In the right pane you should see some entries with yellow flags.  Right click on each and select Properties then the Details tab.  Change the Property to Hardware IDs then click on the top entry.  (Looks something like this:  PCI\VEN_1814&DEV_3090&SUBSYS_663211AD&REV_00) and right click and Copy.  Paste that into your Reply.  Repeat for all yellow flagged devices.
     

     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
    sfc  /scannow
     
    (This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
     
     

    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Save the file. Attach the file to your next post.
     
     
     

    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
     
     
     

    Download aswMBR.exe  to your desktop.
    Right click the aswMBR.exe and Run As Admin.
    uncheck trace disk IO calls
    Change the QuickScan to C:
    Click the "Scan" button to start scan (Allow the Avast Engine download if asked)
    On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply.
     
     
     
     
     
     
     
     
     

    • 0

    #5
    daba

    daba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 142 posts

    Hi and thanks for your patience,

     

    Regarding the ADWCleaner issue, just now when I tried to save Fixlist a window opens asking me what should firefox do with this file. There were two options: the first said open with (default VLC) or save. Perhaps that explains why the logfile opened in VLC. Either way, I don't know what a preferable default file opener should be; kindly advise. Anyway I saved it to desktop and will run and post the log now.

     

    Oops! Well, when I tried to open the file it opened in VLC (as it would since that's the selected default). So then I opened it with Notepad. But I couldn't run it because it's not .exe but .txt. There was nothing to 'run'. Please help. I don't understand. Thanks and apologies for being thick.

     

    Daba

     

    PS I re-read the instruction. When you said download to the same location I understood that to mean to desktop. But perhaps it means to the FRST location: thing is I don't know how to do that. Assuming that you want me to somehow download this and put it inside FRST, how would I do that step by step please. Or is it something else entirely?


    Edited by daba, 08 June 2016 - 08:44 PM.

    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,001 posts
    • MVP

    When you download AdwCleaner make sure you click on the button that the arrow points to in the following picture.

     

    adw.jpg

     

    It's not uncommon for ads to mimic the download button so that you download something else:

     

    Since you are using Firefox, tell it Save then when the Download Arrow indicates it has completed, click on the download arrow and then on the little folder icon to the right of the file name.  (Open Containing Folder).  This will open a new window.  Right click on the downloaded file and Run As Admin.

     

    When you right click on FRST and press Fix it will only look in the same folder where FRST lives.

     

    FRST says it is Running from C:\Users\David\Desktop

    so that's where we need the FixList.txt file.  The Default for Firefox is the Downloads folder.  If you haven't changed it then download the fixlist, click on the download arrow and then on the little folder icon to the right of the file name.  (Open Containing Folder).  This will open a new window.  Right click on the downloaded file and Copy.  Now slide up to the top where you should see Desktop.  Click on it and then right click and Paste.  That should put the FixList on the desktop.

     

     


    • 0

    #7
    daba

    daba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 142 posts

    Hi,

     

    Look I'm sorry we're a bit bogged down here. You have misunderstood my issue. ADWCLeaner and the fixlist.txt are both already on my desktop: that is not the issue. The issues, as I tried to explain in my earlier response, was that the logfile which ADWCleaner generated after running it, tried to open in VLC Media Player, rather than in clipboard or something which could capture it for forwarding to you. The second isssue is that fixlist is a textfile and so I don't understand who to run it since there is seemingly nothing to run.

     

    Daba


    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,001 posts
    • MVP

    Please attach the adwcleaner log:  Click on More Reply Options, Choose File, point it at the log, Open.

    Attach This File.  That way you needn't open it.

     

    Right click on FRST.exe or FRST64.exe and Run As Admin.  When the program comes up you will see a Fix button.  Press it.  That should generate a fixlog.txt.  IF you can't open it then attach it too.


    • 0

    #9
    daba

    daba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 142 posts

    Thanks for trying to help me. I cannot attach the adwcleaner log because it does not generate. The program says it needs to restart in order to generate the logfile but then upon restart that file tries to open using VLC, which is naturally unsuitable and so the process stalls at that point. I successfully ran FRST. It automatically generated and opened a logfile upon restart in Notepad and so I can attach it but I'll paste it out of fear of somehow losing it. So quite why ADWCLeaner wants to use VLC but FRST works in Notepad I have zero clue. Thank you for your persistence.

     

    Fix result of Farbar Recovery Scan Tool (x86) Version:13-06-2016
    Ran by David (2016-06-14 10:14:02) Run:1
    Running from C:\Users\David\Desktop
    Loaded Profiles: David (Available Profiles: David)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1980416 2013-12-18] (Wondershare)
    FF Extension: No Name - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\extensions\{bbfec13e-8cb4-53f4-c852-999eb2a852cb}.xpi [not found]
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\50.0.2661.94\gcswf32.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll => No File
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\50.0.2661.94\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\50.0.2661.94\pdf.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll => No File
    CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll => No File
    CHR Plugin: (Wandoujia Plugin) - C:\Program Files\WandouLabs\npWandoujiaHelper.dll => No File
    CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (npalicdo plugin) - C:\Users\David\AppData\Roaming\alipay\cf\npalicdo.dll => No File
    CHR Plugin: (Alipay Security Control 3) - C:\Windows\system32\aliedit\3.8.0.0\npAliSecCtrl.dll => No File
    CHR Plugin: (Alipay webmod control) - C:\Windows\system32\aliedit\3.8.0.0\npalidcp.dll => No File
    CHR Plugin: (Alipay security control) - C:\Windows\system32\aliedit\3.8.0.0\npaliedit.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\50.0.2661.94\pdf.dll => No File
    CHR Plugin: (AliWangWang Plug-In For Firefox and Netscape) - C:\Program Files\AliWangWang\8.00.34C\npwangwang.dll => No File
    CHR Plugin: (iTrusChina iTrusPTA,XEnroll,iEnroll,hwPTA,UKeyInstalls Firefox Plugin) - C:\Windows\system32\itruscert\NPComBrg701.dll => No File
    S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]
    S3 catchme; \??\C:\Users\David\AppData\Local\Temp\catchme.sys [X]
    S3 massfilter; system32\drivers\massfilter.sys [X]
    S1 qutmipc; \??\C:\Windows\system32\drivers\qutmipc.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
    S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
    S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
    2016-05-04 20:50 - 2016-05-04 20:50 - 00000000 ____D C:\Users\David\AppData\Roaming\Wondershare AllMyTube
    2016-05-04 20:48 - 2016-05-04 20:48 - 00000000 ____D C:\Users\David\AppData\Local\Wondershare
    2016-05-04 20:48 - 2016-05-04 20:48 - 00000000 ____D C:\Program Files\Common Files\Wondershare
    2016-05-04 20:47 - 2016-05-04 21:06 - 00000000 ____D C:\Program Files\Wondershare
    2016-05-04 20:47 - 2016-05-04 21:05 - 00000000 ____D C:\ProgramData\Wondershare AllMyTube
    2016-05-04 20:47 - 2016-05-04 20:47 - 00000000 ____D C:\ProgramData\Wondershare Application Common Data
    2016-05-04 20:45 - 2016-05-04 20:46 - 00000000 ____D C:\Users\Public\Documents\Wondershare
    FirewallRules: [TCP Query User{F92CAB8B-5C74-45F2-84DA-948403BABAC8}C:\program files\wondershare\youtube-downloader\allmytube.exe] => (Block) C:\program files\wondershare\youtube-downloader\allmytube.exe
    FirewallRules: [UDP Query User{D9E269F6-7793-4129-9001-0B866F363ED5}C:\program files\wondershare\youtube-downloader\allmytube.exe] => (Block) C:\program files\wondershare\youtube-downloader\allmytube.exe
    CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{45540086-5750-5300-4B49-4E47534F4655}\InprocServer32 ->  => No File
    CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{91493443-94BF-4940-926D-4F38FECF2A48}\InprocServer32 ->  => No File













    *****************

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe => value removed successfully.
    C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\extensions\{bbfec13e-8cb4-53f4-c852-999eb2a852cb}.xpi => moved successfully
    C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\extensions\{bbfec13e-8cb4-53f4-c852-999eb2a852cb}.xpi => path removed successfully.
    C:\Program Files\Google\Chrome\Application\50.0.2661.94\gcswf32.dll => not found.
    C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll => not found.
    C:\Program Files\Google\Chrome\Application\50.0.2661.94\ppGoogleNaClPluginChrome.dll => not found.
    C:\Program Files\Google\Chrome\Application\50.0.2661.94\pdf.dll => not found.
    C:\Program Files\QuickTime\plugins\npqtplugin.dll => not found.
    C:\Program Files\QuickTime\plugins\npqtplugin2.dll => not found.
    C:\Program Files\QuickTime\plugins\npqtplugin3.dll => not found.
    C:\Program Files\QuickTime\plugins\npqtplugin4.dll => not found.
    C:\Program Files\QuickTime\plugins\npqtplugin5.dll => not found.
    C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll => not found.
    C:\Program Files\WandouLabs\npWandoujiaHelper.dll => not found.
    C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll => moved successfully
    C:\Users\David\AppData\Roaming\alipay\cf\npalicdo.dll => not found.
    C:\Windows\system32\aliedit\3.8.0.0\npAliSecCtrl.dll => not found.
    C:\Windows\system32\aliedit\3.8.0.0\npalidcp.dll => not found.
    C:\Windows\system32\aliedit\3.8.0.0\npaliedit.dll => not found.
    C:\Program Files\Google\Chrome\Application\50.0.2661.94\pdf.dll => not found.
    C:\Program Files\AliWangWang\8.00.34C\npwangwang.dll => not found.
    C:\Windows\system32\itruscert\NPComBrg701.dll => not found.
    LiveUpdateSvc => service removed successfully.
    catchme => service removed successfully.
    massfilter => service removed successfully.
    qutmipc => service removed successfully.
    Synth3dVsc => service removed successfully.
    tsusbhub => service removed successfully.
    VGPU => service removed successfully.
    ZTEusbmdm6k => service removed successfully.
    ZTEusbnmea => service removed successfully.
    ZTEusbser6k => service removed successfully.
    C:\Users\David\AppData\Roaming\Wondershare AllMyTube => moved successfully
    C:\Users\David\AppData\Local\Wondershare => moved successfully

    "C:\Program Files\Common Files\Wondershare" folder move:

    Could not move "C:\Program Files\Common Files\Wondershare" => Scheduled to move on reboot.

    C:\Program Files\Wondershare => moved successfully
    C:\ProgramData\Wondershare AllMyTube => moved successfully
    C:\ProgramData\Wondershare Application Common Data => moved successfully
    C:\Users\Public\Documents\Wondershare => moved successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F92CAB8B-5C74-45F2-84DA-948403BABAC8}C:\program files\wondershare\youtube-downloader\allmytube.exe => value removed successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D9E269F6-7793-4129-9001-0B866F363ED5}C:\program files\wondershare\youtube-downloader\allmytube.exe => value removed successfully.
    "HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}" => key removed successfully.
    "HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{45540086-5750-5300-4B49-4E47534F4655}" => key removed successfully.
    "HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}" => key removed successfully.
    "HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}" => key removed successfully.
    "HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{91493443-94BF-4940-926D-4F38FECF2A48}" => key removed successfully.

    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-06-14 10:18:45)

    C:\Program Files\Common Files\Wondershare => is moved successfully

    ==== End of Fixlog 10:18:45 ====


    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,001 posts
    • MVP

    OK.  That worked.  Continue with the rest of the instructions.  Once we are done with them I'll try to figure out what is wrong with your adwcleaner logs.


    • 0

    Advertisements


    #11
    daba

    daba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 142 posts

    Thanks for sticking with me. I'm attaching the logs that I was able to produce. I could not do this: 'Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.'  for the simple reason that  when I click on Accessories, Command Prompt does not appear in the list, it's just not there. I cannot open any of the logs because VLC is the default file opening program, so I've attached them. The ADWCleaner log does not even generate. It's there but again VLC wants to open it.

     

    PCI\VEN_1180&DEV_0843&SUBSYS_02301028&REV_12

    PCI\VEN_1180&DEV_0843&SUBSYS_02301028

    PCI\VEN_1180&DEV_0843&CC_088000

    PCI\VEN_1180&DEV_0843&CC_0880

     

     

    Attached Files


    • 0

    #12
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,001 posts
    • MVP

    The missing device is a Ricoh 5-in-1 card reader.  You can try this driver:

     

    http://support.lenov...nloads/ds014960

     

     

    Still missing the latest FRST log.  

     

    Right click on one of the logs, say JRT.txt.  Click on Open With.  Click on Choose Default Program.  Normally Notepad will be in the top under recommended programs.  First make sure there is a check in front of:

     

    Always use the select Programs to open this kind of files 

     

    Then select Notepad and OK.  If Notepad is not in the top then click on Browse and navigate to C:\Windows and find notepad.exe and click on it then Open.

     

    Now see if you can open txt files OK.


    • 0

    #13
    daba

    daba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 142 posts

    Thanks for your patience. I've installed the driver, so far the mouse is working ok, so thank you very much - I'd forgotten how much easier it was using the mouse to the touchpad. I followed your instruction re the default program. Weird thing is that Notepad was already pre-selected as the default and 'Always use the select Programs to open this kind of files' was already checked. I was, however, able to open the txt files and include the missing FRST. Hope it's the right one and that it's ok. After sending this, I'll have another try with ADWCleaner. Thank you.

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-06-2016 01
    Ran by David (administrator) on DAVID-PC (22-06-2016 11:02:19)
    Running from C:\Users\David\Desktop
    Loaded Profiles: David (Available Profiles: David)
    Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Astrill) C:\Program Files\Astrill\ASOvpnSvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files\Microsoft Device Health\DhMachineSvc.exe
    () C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe
    (Alibaba Group) C:\Program Files\Alibaba\wwbizsrv\wwbizsrv.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (KARPOLAN) C:\Program Files\Touchpad Blocker\TouchpadBlocker.exe
    (Google Inc.) C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
    () C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
    (Astrill) C:\Program Files\Astrill\astrill.exe
    (Astrill) C:\Program Files\Astrill\ASProxy.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [814608 2016-05-31] (Avira Operations GmbH & Co. KG)
    HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-05-19] (Avira Operations GmbH & Co. KG)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-12-17] (Apple Inc.)
    HKLM\...\Run: [Antirun] => G:\Antirun\antirun.exe
    HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\Run: [ctfmon] => C:\Windows\system32\ctfmon.exe [8704 2009-07-14] (Microsoft Corporation)
    HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\Run: [TouchpadBlocker.exe] => C:\Program Files\Touchpad Blocker\TouchpadBlocker.exe [881152 2013-04-17] (KARPOLAN)
    HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\Run: [uTorrent] => C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-17] (BitTorrent Inc.)
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-01-05] (Microsoft Corporation)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [S-1-5-21-1483477416-240000409-50094224-1000] => Proxy is enabled.
    ProxyServer: [S-1-5-21-1483477416-240000409-50094224-1000] => http=127.0.0.1:3213;https=127.0.0.1:3213
    AutoConfigURL: [S-1-5-21-1483477416-240000409-50094224-1000] => http=127.0.0.1:3213;https=127.0.0.1:3213
    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\..\Interfaces\{0C4906D3-3EB2-4CF9-9E98-BB59F23E3143}: [NameServer] 8.8.8.8,8.8.4.4
    Tcpip\..\Interfaces\{2D015853-30E6-4AAC-8DDF-75E114F734F8}: [DhcpNameServer] 198.18.24.1
    Tcpip\..\Interfaces\{2E0B22CA-3CDF-4399-8F09-35325D02A04F}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{B69EE329-2CA7-4807-B85B-14C2398B23F2}: [NameServer] 221.7.128.68 221.7.136.68
    ManualProxies: 1http=127.0.0.1:3213;https=127.0.0.1:3213

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-1483477416-240000409-50094224-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-1483477416-240000409-50094224-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: ICBC Anti-Phishing class -> {BB4491A2-D11A-4c6b-91C0-B53246A3122B} -> C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll [2014-06-20] (中国工商银行)
    Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 -  No File

    FireFox:
    ========
    FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881
    FF DefaultSearchEngine: StartPage - English
    FF SearchEngineOrder.3: Bing
    FF SelectedSearchEngine: Bing
    FF Homepage: hxxp://startpage.com
    FF Keyword.URL: hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q=
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-18] ()
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin: @icbc.com/npChromeClientBinding,ver=1.0.0.0 -> C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeClientBinding.dll [2013-12-05] (ICBC)
    FF Plugin: @icbc.com/npChromeFullScreen,ver=1.0.0.1 -> C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeFullScreen.dll [2013-12-05] (ICBC)
    FF Plugin: @icbc.com/npChromeSubmit,ver=1.0.0.3 -> C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeSubmit.dll [2016-02-24] (ICBC)
    FF Plugin: @icbc.com/npChromeXXin,ver=1.0.0.4 -> C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeXXin.dll [2016-02-25] (Industrial and Commercial Bank of China)
    FF Plugin: @icbc/icbc_ms_npClCache,Version=1.0.0.2 -> C:\Program Files\ICBCEbankTools\FirefoxPlugins\npClCache.dll [2014-07-29] ()
    FF Plugin: @icbc/icbc_ms_npClientBinding,Version=1.0.0.2 -> C:\Program Files\ICBCEbankTools\FirefoxPlugins\npClientBinding.dll [2014-07-29] ( )
    FF Plugin: @icbc/icbc_ms_npFullScreen,Version=1.0.0.2 -> C:\Program Files\ICBCEbankTools\FirefoxPlugins\npFullScreen.dll [2014-07-29] ()
    FF Plugin: @icbc/icbc_ms_npsubmit,Version=1.0.0.9 -> C:\Program Files\ICBCEbankTools\FirefoxPlugins\npsubmit.dll [2016-02-24] ( )
    FF Plugin: @icbc/icbc_ms_npxxin,Version=1.0.0.12 -> C:\Program Files\ICBCEbankTools\FirefoxPlugins\npxxin.dll [2016-03-02] ( )
    FF Plugin: @icbc/npAssistComm,Version=1.0.0.1 -> C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\npAssistComm.dll [2013-12-17] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
    FF Plugin HKU\.DEFAULT: @alipay.com/npalicert -> C:\Windows\system32\config\systemprofile\AppData\Roaming\alipay\cf\npalicdo.dll [2014-09-03] (alipay.com)
    FF Plugin HKU\S-1-5-21-1483477416-240000409-50094224-1000: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files\AliQinTao\1.90.05U\npAliSSOLogin.dll [2016-01-22] (Alibaba software (Shanghai) Corporation.)
    FF Plugin HKU\S-1-5-21-1483477416-240000409-50094224-1000: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files\AliQinTao\1.90.05U\npwangwang.dll [2016-01-22] ( )
    FF SearchPlugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\searchplugins\bing-.xml [2015-11-11]
    FF SearchPlugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\searchplugins\startpage---english.xml [2015-09-06]
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\startpage-https.xml [2014-04-08]
    FF Extension: Empty Cache Button - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2016-04-28]
    FF Extension: Zhong Wen - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\extensions\{bbfec13e-8cb4-53f4-c852-999eb2a852cb}.xpi [2016-06-14]
    FF Extension: Youtube Downloader - 4K Download - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\extensions\[email protected] [2016-06-20]
    FF Extension: TubeBuddy - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\Extensions\[email protected] [2016-06-18]
    FF Extension: ICBCClrCache - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\Extensions\[email protected] [2014-12-07] [not signed]
    FF Extension: Lightbeam - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\Extensions\[email protected] [2016-04-30]
    FF Extension: YouTube™ Downloader Plus - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\Extensions\[email protected] [2015-12-12]
    FF Extension: Adblock Plus - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
    FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-12-15] [not signed]
    FF HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files\WordWeb\WCaptureMoz
    FF Extension: WordWeb one-click lookup - C:\Program Files\WordWeb\WCaptureMoz [2014-01-03] [not signed]

    Chrome:
    =======
    CHR HomePage: Default -> hxxps://search.yahoo.com/?type=937811&fr=yo-yhp-ch
    CHR StartupUrls: Default -> "hxxps://startpage.com/eng/"
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\50.0.2661.102\gcswf32.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll => No File
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll => No File
    CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    CHR Plugin: (client binding plugin for fsi) - C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeClientBinding.dll (ICBC)
    CHR Plugin: (full screen plugin for fsi) - C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeFullScreen.dll (ICBC)
    CHR Plugin: (submit plugin for fsi) - C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeSubmit.dll (ICBC)
    CHR Plugin: (npxxin input plugin for fsi) - C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeXXin.dll (Industrial and Commercial Bank of China)
    CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll => No File
    CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    CHR Plugin: (Wandoujia Plugin) - C:\Program Files\WandouLabs\npWandoujiaHelper.dll => No File
    CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll => No File
    CHR Plugin: (npalicdo plugin) - C:\Users\David\AppData\Roaming\alipay\cf\npalicdo.dll => No File
    CHR Plugin: (Alipay Security Control 3) - C:\Windows\system32\aliedit\3.8.0.0\npAliSecCtrl.dll => No File
    CHR Plugin: (Alipay webmod control) - C:\Windows\system32\aliedit\3.8.0.0\npalidcp.dll => No File
    CHR Plugin: (Alipay security control) - C:\Windows\system32\aliedit\3.8.0.0\npaliedit.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
    CHR Plugin: (AliWangWang Plug-In For Firefox and Netscape) - C:\Program Files\AliWangWang\8.00.34C\npwangwang.dll => No File
    CHR Plugin: (iTrusChina iTrusPTA,XEnroll,iEnroll,hwPTA,UKeyInstalls Firefox Plugin) - C:\Windows\system32\itruscert\NPComBrg701.dll => No File
    CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Spotify VK Downloader) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\baggnalhgbpeanbhedjlbndhjgmimmhl [2016-05-04]
    CHR Extension: (Zhongwen: Chinese-English Dictionary) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkmlkkjojmombglmlpbpapmhcaljjkde [2016-05-04]
    CHR Extension: (ICBCChromeExtension) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lehjanbmddecbhgnnncapflmglinppcj [2014-08-06]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-04]
    CHR HKLM\...\Chrome\Extension: [ajmecfihhnibjmmihpecefjjckgbmedh] - C:\Program Files\ICBCEbankTools\ICBCNewChromeExtension\ICBCNewChromeExtension.crx [2015-12-01]
    CHR HKLM\...\Chrome\Extension: [ebfkjhegjojpombijlnbkmjoabfgohkb] - C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\ICBCAssistChromeExtension.crx [2015-12-01]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [lehjanbmddecbhgnnncapflmglinppcj] - C:\Program Files\ICBCEbankTools\ICBCChromeExtension\ICBCChromeExtension.crx [2013-07-02]

    Opera:
    =======
    OPR StartupUrls: "hxxp://startpage.com/"
    OPR Extension: (AdBlock) - C:\Users\David\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2016-03-04]
    OPR Extension: (AdBlock) - C:\Users\David\AppData\Roaming\Opera Software\Opera Stable\Extensions\kgjdldamaclconkgicdehfijmmkplcih [2015-08-25]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-13] (SUPERAntiSpyware.com)
    S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [970656 2016-05-31] (Avira Operations GmbH & Co. KG)
    R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [467016 2016-05-31] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [467016 2016-05-31] (Avira Operations GmbH & Co. KG)
    S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1435704 2016-05-31] (Avira Operations GmbH & Co. KG)
    R2 ASOVPNHelper; C:\Program Files\Astrill\ASOvpnSvc.exe [602136 2015-11-19] (Astrill)
    R3 ASProxy; C:\Program Files\Astrill\ASProxy.exe [2607640 2015-09-03] (Astrill)
    R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [285176 2016-05-19] (Avira Operations GmbH & Co. KG)
    R2 DeviceHealth; C:\Program Files\Microsoft Device Health\DhMachineSvc.exe [85664 2014-06-06] ()
    R2 ICBC Daemon Service; C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe [370824 2014-06-20] ()
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
    R2 wwbizsrv; C:\Program Files\Alibaba\wwbizsrv\wwbizsrv.exe [2159464 2015-10-22] (Alibaba Group)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11832 2014-05-21] (Advanced Micro Devices Inc.)
    R3 asvpndrv; C:\Windows\System32\DRIVERS\asvpndrv.sys [25856 2014-05-17] (Astrill)
    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [109016 2016-03-10] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137240 2016-05-31] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-24] (Avira Operations GmbH & Co. KG)
    R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [60088 2016-05-31] (Avira Operations GmbH & Co. KG)
    S3 D-Vitec; C:\Windows\System32\DRIVERS\dvitdcnt.sys [281344 2012-07-26] (D-vitec)
    R2 giveio; C:\Windows\system32\giveio.sys [5248 1996-04-04] () [File not signed]
    R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [204432 2014-06-23] (Realtek Semiconductor Corp.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R2 speedfan; C:\Windows\system32\speedfan.sys [24184 2012-12-30] (Almico Software)
    R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-16] (Avira Operations GmbH & Co. KG)
    R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-07-01] (The OpenVPN Project)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-06-22 11:02 - 2016-06-22 11:03 - 00019942 _____ C:\Users\David\Desktop\FRST.txt
    2016-06-22 11:02 - 2016-06-22 11:02 - 00000000 ____D C:\Users\David\Desktop\FRST-OlderVersion
    2016-06-21 13:02 - 2016-06-22 10:55 - 00019456 _____ C:\Users\David\Desktop\DavidL.xls
    2016-06-21 09:08 - 2016-06-21 19:11 - 00000000 ____D C:\Users\David\Desktop\Kidssinging
    2016-06-20 11:11 - 2016-06-20 11:11 - 03703360 _____ C:\Users\David\Desktop\AdwCleaner.exe
    2016-06-20 11:11 - 2016-06-20 11:11 - 00004786 _____ C:\Users\David\Desktop\fixlist.txt
    2016-06-20 11:10 - 2016-06-20 11:10 - 01610816 _____ (Malwarebytes) C:\Users\David\Desktop\JRT.exe
    2016-06-20 11:09 - 2016-06-22 11:02 - 01738240 _____ (Farbar) C:\Users\David\Desktop\FRST.exe
    2016-06-16 10:28 - 2016-06-16 10:34 - 97844560 _____ (Kaspersky Lab ZAO) C:\Users\David\Desktop\KVRT.exe
    2016-06-11 11:26 - 2016-06-11 11:26 - 00000000 ____D C:\Users\David\AppData\Local\ESET
    2016-06-11 10:35 - 2016-06-11 10:35 - 00001061 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2016-06-11 10:30 - 2016-06-11 10:30 - 00242136 _____ C:\Users\David\Downloads\Firefox Setup Stub 47.0.exe
    2016-06-10 10:25 - 2016-06-11 10:35 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2016-06-01 11:49 - 2016-06-22 11:02 - 00000000 ____D C:\FRST
    2016-06-01 10:50 - 2016-06-20 11:15 - 00000000 ____D C:\AdwCleaner

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-06-22 10:51 - 2009-07-14 12:34 - 00021024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-06-22 10:51 - 2009-07-14 12:34 - 00021024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-06-22 10:47 - 2014-08-06 10:10 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-06-22 10:46 - 2014-01-02 23:20 - 00000000 ____D C:\Users\David\AppData\Roaming\uTorrent
    2016-06-22 10:45 - 2014-01-02 22:31 - 00000000 ____D C:\Program Files\Opera
    2016-06-22 10:42 - 2016-04-28 18:53 - 00003792 _____ C:\Windows\system32\ASProxyOff.ini
    2016-06-22 10:41 - 2014-03-18 15:03 - 00000398 _____ C:\Windows\Tasks\WpsUpdateTask_David.job
    2016-06-22 10:41 - 2014-03-18 15:03 - 00000398 _____ C:\Windows\Tasks\WpsNotifyTask_David.job
    2016-06-22 10:40 - 2014-08-06 10:10 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-06-22 10:39 - 2009-07-14 12:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-06-21 22:34 - 2016-01-20 10:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-06-21 22:26 - 2016-05-18 16:36 - 00000000 ____D C:\Users\David\AppData\Roaming\vlc
    2016-06-20 16:20 - 2014-01-10 10:43 - 00388386 _____ C:\Windows\system32\prfh0804.dat
    2016-06-20 16:20 - 2014-01-10 10:43 - 00123864 _____ C:\Windows\system32\prfc0804.dat
    2016-06-20 16:20 - 2014-01-02 22:20 - 01276504 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-06-20 16:20 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\inf
    2016-06-20 11:17 - 2014-01-03 16:37 - 00000000 ____D C:\Program Files\Subliminal Power
    2016-06-19 08:01 - 2015-08-26 13:00 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
    2016-06-18 23:41 - 2014-01-02 23:19 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2016-06-18 23:41 - 2014-01-02 23:19 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2016-06-18 08:14 - 2014-08-06 10:17 - 00002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-06-17 10:15 - 2015-02-09 11:20 - 00000000 ____D C:\Users\David\Downloads\Ant Videos
    2016-06-12 09:44 - 2014-01-03 10:11 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2016-06-12 02:23 - 2016-04-28 18:44 - 00000000 ____D C:\Users\David\AppData\Roaming\Astrill
    2016-06-12 02:23 - 2015-06-01 20:14 - 00000000 ___SD C:\Windows\system32\GWX
    2016-06-12 02:23 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\registration
    2016-06-11 22:07 - 2014-01-02 22:41 - 00000000 ____D C:\ProgramData\Package Cache
    2016-06-11 22:06 - 2015-03-03 17:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    2016-06-11 10:52 - 2015-01-31 10:28 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-06-11 10:35 - 2014-01-03 10:11 - 00001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-06-11 10:24 - 2014-01-02 20:13 - 00000000 ____D C:\Users\David
    2016-06-04 08:19 - 2014-01-03 18:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2016-05-31 16:56 - 2015-03-03 17:14 - 00137240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
    2016-05-31 16:56 - 2015-03-03 17:14 - 00060088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

    ==================== Files in the root of some directories =======

    2016-04-28 18:44 - 2015-05-05 11:56 - 1701390 _____ () C:\Users\David\AppData\Roaming\addr2line.exe
    2014-01-04 09:32 - 2014-06-23 21:40 - 0001078 _____ () C:\Users\David\AppData\Roaming\base64.cer
    2014-07-20 18:02 - 2014-07-22 11:31 - 1411790 _____ () C:\ProgramData\TestPreferences

    Files to move or delete:
    ====================
    C:\ProgramData\999.dat


    Some files in TEMP:
    ====================
    C:\Users\David\AppData\Local\temp\avgnt.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-06-21 17:23

    ==================== End of FRST.txt ============================


    • 0

    #14
    daba

    daba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 142 posts

    This time ADWCleaner generated a log....yet I promise you I didn't touch the settings at all, nothing! How do you explain that? Anyway, here it is:

    # AdwCleaner v5.201 - Logfile created 03/07/2016 at 10:06:43
    # Updated 30/06/2016 by ToolsLib
    # Database : 2016-07-01.1 [Server]
    # Operating system : Windows 7 Ultimate Service Pack 1 (X86)
    # Username : David - DAVID-PC
    # Running from : C:\Users\David\Desktop\adwcleaner_5.201.exe
    # Option : Clean
    # Support : https://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\extensions\[email protected]

    ***** [ Files ] *****


    ***** [ DLLs ] *****


    ***** [ WMI ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKCU\Software\360Chrome

    ***** [ Web browsers ] *****


    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [3422 bytes] - [01/06/2016 10:53:08]
    C:\AdwCleaner\AdwCleaner[C2].txt - [1405 bytes] - [12/06/2016 09:42:06]
    C:\AdwCleaner\AdwCleaner[C3].txt - [1379 bytes] - [14/06/2016 10:00:35]
    C:\AdwCleaner\AdwCleaner[C4].txt - [1528 bytes] - [20/06/2016 11:15:05]
    C:\AdwCleaner\AdwCleaner[C5].txt - [1206 bytes] - [03/07/2016 10:06:43]
    C:\AdwCleaner\AdwCleaner[S1].txt - [3445 bytes] - [01/06/2016 10:50:36]
    C:\AdwCleaner\AdwCleaner[S2].txt - [1225 bytes] - [11/06/2016 11:14:03]
    C:\AdwCleaner\AdwCleaner[S3].txt - [1211 bytes] - [14/06/2016 09:58:15]
    C:\AdwCleaner\AdwCleaner[S4].txt - [1360 bytes] - [20/06/2016 11:13:27]
    C:\AdwCleaner\AdwCleaner[S5].txt - [1629 bytes] - [03/07/2016 10:03:09]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [1644 bytes] ##########
     


    • 0

    #15
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,001 posts
    • MVP

    Sometimes going in like we did will rewrite the correct info in the registry.

     

    Try uninstalling Touchpad Blocker.  If you are using a real mouse you don't need it and I've never seen it before.

     

    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
    Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
    File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
    (It will be near the top about 10 lines down.) Save the file.  Attach the file to your next post.  (More Reply Options, Choose File, Open, Attach This File)

    • 0






    Similar Topics


    Also tagged with one or more of these keywords: utorrent, malware

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP