RKinner hello,
Thanks for your help. I was unable to complete the instructions because when ADWCleaner started up again, rather than opening a logfile, it bizarrely opened VLC media player - no file. The other files are below:
a~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Ultimate x86
Ran by David (Administrator) on Wed 06/01/2016 at 11:44:35.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 308
Failed to delete: C:\Program Files\sogouinput (Folder)
Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\extensions\{bbfec13e-8cb4-53f4-c852-999eb2a852cb}.xpi (File)
Successfully deleted: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\searchplugins\startpage-hxxps.xml (File)
Successfully deleted: C:\Windows\System32\Tasks\AliUpdater{BFB49972-2B22-4EB5-B8AB-3B3C56457457} (Task)
Successfully deleted: C:\Windows\System32\Tasks\AliUpdater{DA0F475E-D2CE-41E0-A230-18FBEED57AC3} (Task)
Successfully deleted: C:\Windows\Tasks\AliUpdater{BFB49972-2B22-4EB5-B8AB-3B3C56457457}.job (Task)
Successfully deleted: C:\Windows\Tasks\AliUpdater{DA0F475E-D2CE-41E0-A230-18FBEED57AC3}.job (Task)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Program Files\alipay (Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\048WRIHH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\07XAPSXH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08X5DCP8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09EIZO6B (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UPOKL50 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\113WBBLM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\123ZX0K9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16CH8HN3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\17Y04JX7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GOQFRO8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21D836R5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\23F0V9R5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\29YKJ8VD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EV66DSP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2GZV9J6M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2S1XJNBB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UBQ8ACP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Z7XUKU6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\36OGWMZE (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3D33FB59 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3KOUWF2K (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3N9WWSZD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48M1IP0K (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\49JZWCV1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4D6WK9T2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SRS2UVI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5FKWPZAW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5I6UMU1M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6KIG8M8E (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5QEX88 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77834XYL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78S250VJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7HYF9SSB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7J3CVCP9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7K707OFC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7RCLEHKV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\80L6WE1W (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\83VLU425 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\87E0274E (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8GSP18SV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8O4A2V6T (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8S80ZX2R (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8UPWQWQR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\97J2I29B (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9H3P1U9W (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9KCW713M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9LFA4RU1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MDM24J8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AX1I5WVO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2X48GQ9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7Q4762X (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BA4MHSS8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHFFG90X (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BJVX28ON (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLS1CD0Y (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNOG0HKC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQI84KGM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRB169U4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTOSFAXR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BY5FFL74 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4S8XQEM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CRXO4AB1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CSFTWD0Y (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZVHEZNZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1N2SG1F (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E4BM29MM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E688HFRQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EM819CHH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ESW7E03N (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EVQ3V1GW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXFH4J30 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYOH94RH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7H2MZMQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F9RL9TH8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G3NKLKG9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G8M0K1SK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GI50WZJ7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJGISJ0K (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GOD0SQ5N (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H2T5RSO8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HBV4F279 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEO571N6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HN7AQEG4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IGHBA171 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEDVQ0S2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEOFJLRY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIKXBTDG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9NX8G94 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KMFCW2Z0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KQOT0YRV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LCGNF8AL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LOU5HU3Q (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV7OI9D2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0YW2S6U (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MGDS121E (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKV59NGA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MQE533F1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N1P0TZK4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N345H2NR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N9ARG5VK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NFUZDVO6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NN06GOM6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSMV8V98 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NTCMVZJ9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O3CR9Q52 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O3P4UHZ4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OE7B0BZ3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQFSYLOU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OW9G0W2L (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDZYYG3P (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PEZL5OTA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLOIUBE1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\POQ1PEFE (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PP0P0E5R (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS0SQ338 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QUVFTEIA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R11U2HY2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RBOGH3W3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RK7FDZUL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SG8AJ924 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SI3J99VG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM57F94J (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZINP3SS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TKQ125FF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TS96GZ7V (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UL42YJ9Z (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UM1U57XE (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWG9I4GP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UXACWXMW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1GL00LJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3RXT3KW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5UX7YEQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCUQMQS6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDJYTEEP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEC0YXTS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W0LXJ36B (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1VJ7RF2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WDD2PDWX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WGR7IA3I (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUA8GELJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X29XPHQV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XGI7M3X7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8N1DRIX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YI7SBM3X (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YWR2GRGZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z3XRLCIK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z9YKYO2B (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZR6L17DC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZF33K81 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\048WRIHH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\07XAPSXH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08X5DCP8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09EIZO6B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UPOKL50 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\113WBBLM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\123ZX0K9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16CH8HN3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\17Y04JX7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GOQFRO8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21D836R5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\23F0V9R5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\29YKJ8VD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EV66DSP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2GZV9J6M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2S1XJNBB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UBQ8ACP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Z7XUKU6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\36OGWMZE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3D33FB59 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3KOUWF2K (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3N9WWSZD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48M1IP0K (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\49JZWCV1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4D6WK9T2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SRS2UVI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5FKWPZAW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5I6UMU1M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6KIG8M8E (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5QEX88 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77834XYL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78S250VJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7HYF9SSB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7J3CVCP9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7K707OFC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7RCLEHKV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\80L6WE1W (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\83VLU425 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\87E0274E (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8GSP18SV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8O4A2V6T (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8S80ZX2R (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8UPWQWQR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\97J2I29B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9H3P1U9W (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9KCW713M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9LFA4RU1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MDM24J8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AX1I5WVO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2X48GQ9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7Q4762X (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BA4MHSS8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHFFG90X (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BJVX28ON (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLS1CD0Y (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNOG0HKC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQI84KGM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRB169U4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTOSFAXR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BY5FFL74 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4S8XQEM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CRXO4AB1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CSFTWD0Y (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZVHEZNZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1N2SG1F (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E4BM29MM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E688HFRQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EM819CHH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ESW7E03N (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EVQ3V1GW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXFH4J30 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYOH94RH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7H2MZMQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F9RL9TH8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G3NKLKG9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G8M0K1SK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GI50WZJ7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJGISJ0K (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GOD0SQ5N (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H2T5RSO8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HBV4F279 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEO571N6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HN7AQEG4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IGHBA171 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEDVQ0S2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEOFJLRY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIKXBTDG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9NX8G94 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KMFCW2Z0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KQOT0YRV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LCGNF8AL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LOU5HU3Q (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV7OI9D2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0YW2S6U (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MGDS121E (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKV59NGA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MQE533F1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N1P0TZK4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N345H2NR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N9ARG5VK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NFUZDVO6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NN06GOM6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSMV8V98 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NTCMVZJ9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O3CR9Q52 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O3P4UHZ4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OE7B0BZ3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQFSYLOU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OW9G0W2L (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDZYYG3P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PEZL5OTA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLOIUBE1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\POQ1PEFE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PP0P0E5R (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS0SQ338 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QUVFTEIA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R11U2HY2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RBOGH3W3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RK7FDZUL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SG8AJ924 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SI3J99VG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM57F94J (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZINP3SS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TKQ125FF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TS96GZ7V (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UL42YJ9Z (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UM1U57XE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWG9I4GP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UXACWXMW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1GL00LJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3RXT3KW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5UX7YEQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCUQMQS6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDJYTEEP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEC0YXTS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W0LXJ36B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1VJ7RF2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WDD2PDWX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WGR7IA3I (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUA8GELJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X29XPHQV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XGI7M3X7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8N1DRIX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YI7SBM3X (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YWR2GRGZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z3XRLCIK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z9YKYO2B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZR6L17DC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZF33K81 (Temporary Internet Files Folder)
Registry: 6
Successfully deleted: HKLM\Software\MozillaPlugins\@alibaba.com/npwangwang;version=1.0 (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D324CCA8-121A-4A83-9D29-DD22139B7073} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{067DF9EC-26B7-40DC-8DB8-CD8BE85AE367} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 06/01/2016 at 11:47:48.55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:29-05-2016 02
Ran by David (administrator) on DAVID-PC (01-06-2016 11:50:33)
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: David)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Astrill) C:\Program Files\Astrill\ASOvpnSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Microsoft Device Health\DhMachineSvc.exe
() C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Astrill) C:\Program Files\Astrill\ASProxy.exe
(Alibaba Group) C:\Program Files\Alibaba\wwbizsrv\wwbizsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [814608 2016-05-31] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-05-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-12-17] (Apple Inc.)
HKLM\...\Run: [Antirun] => G:\Antirun\antirun.exe
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1980416 2013-12-18] (Wondershare)
HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\Run: [ctfmon] => C:\Windows\system32\ctfmon.exe [8704 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\Run: [TouchpadBlocker.exe] => C:\Program Files\Touchpad Blocker\TouchpadBlocker.exe [881152 2013-04-17] (KARPOLAN)
HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\Run: [uTorrent] => C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-17] (BitTorrent Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-01-05] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-1483477416-240000409-50094224-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-1483477416-240000409-50094224-1000] => http=127.0.0.1:3213;https=127.0.0.1:3213
AutoConfigURL: [S-1-5-21-1483477416-240000409-50094224-1000] => http=127.0.0.1:3213;https=127.0.0.1:3213
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\..\Interfaces\{0C4906D3-3EB2-4CF9-9E98-BB59F23E3143}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2D015853-30E6-4AAC-8DDF-75E114F734F8}: [DhcpNameServer] 198.18.24.1
Tcpip\..\Interfaces\{2E0B22CA-3CDF-4399-8F09-35325D02A04F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B69EE329-2CA7-4807-B85B-14C2398B23F2}: [NameServer] 221.7.128.68 221.7.136.68
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1483477416-240000409-50094224-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ICBC Anti-Phishing class -> {BB4491A2-D11A-4c6b-91C0-B53246A3122B} -> C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll [2014-06-20] (中国工商银行)
Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 - No File
FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881
FF DefaultSearchEngine: StartPage - English
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://startpage.com
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-14] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @icbc.com/npChromeClientBinding,ver=1.0.0.0 -> C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeClientBinding.dll [2013-12-05] (ICBC)
FF Plugin: @icbc.com/npChromeFullScreen,ver=1.0.0.1 -> C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeFullScreen.dll [2013-12-05] (ICBC)
FF Plugin: @icbc.com/npChromeSubmit,ver=1.0.0.3 -> C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeSubmit.dll [2016-02-24] (ICBC)
FF Plugin: @icbc.com/npChromeXXin,ver=1.0.0.4 -> C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeXXin.dll [2016-02-25] (Industrial and Commercial Bank of China)
FF Plugin: @icbc/icbc_ms_npClCache,Version=1.0.0.2 -> C:\Program Files\ICBCEbankTools\FirefoxPlugins\npClCache.dll [2014-07-29] ()
FF Plugin: @icbc/icbc_ms_npClientBinding,Version=1.0.0.2 -> C:\Program Files\ICBCEbankTools\FirefoxPlugins\npClientBinding.dll [2014-07-29] ( )
FF Plugin: @icbc/icbc_ms_npFullScreen,Version=1.0.0.2 -> C:\Program Files\ICBCEbankTools\FirefoxPlugins\npFullScreen.dll [2014-07-29] ()
FF Plugin: @icbc/icbc_ms_npsubmit,Version=1.0.0.9 -> C:\Program Files\ICBCEbankTools\FirefoxPlugins\npsubmit.dll [2016-02-24] ( )
FF Plugin: @icbc/icbc_ms_npxxin,Version=1.0.0.12 -> C:\Program Files\ICBCEbankTools\FirefoxPlugins\npxxin.dll [2016-03-02] ( )
FF Plugin: @icbc/npAssistComm,Version=1.0.0.1 -> C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\npAssistComm.dll [2013-12-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin HKU\.DEFAULT: @alipay.com/npalicert -> C:\Windows\system32\config\systemprofile\AppData\Roaming\alipay\cf\npalicdo.dll [2014-09-03] (alipay.com)
FF Plugin HKU\S-1-5-21-1483477416-240000409-50094224-1000: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files\AliQinTao\1.90.05U\npAliSSOLogin.dll [2016-01-22] (Alibaba software (Shanghai) Corporation.)
FF Plugin HKU\S-1-5-21-1483477416-240000409-50094224-1000: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files\AliQinTao\1.90.05U\npwangwang.dll [2016-01-22] ( )
FF SearchPlugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\searchplugins\bing-.xml [2015-11-11]
FF SearchPlugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\searchplugins\startpage---english.xml [2015-09-06]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\startpage-https.xml [2014-04-08]
FF Extension: Empty Cache Button - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2016-04-28]
FF Extension: No Name - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\extensions\{bbfec13e-8cb4-53f4-c852-999eb2a852cb}.xpi [not found]
FF Extension: TubeBuddy - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\Extensions\[email protected] [2016-05-28]
FF Extension: ICBCClrCache - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\Extensions\[email protected] [2014-12-07] [not signed]
FF Extension: Lightbeam - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\Extensions\[email protected] [2016-04-30]
FF Extension: YouTube™ Downloader Plus - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\Extensions\[email protected] [2015-12-12]
FF Extension: Youtube Best Video Downloader 2 - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\Extensions\{170503FA-3349-4F17-BC86-001888A5C8E2}.xpi [2016-05-12]
FF Extension: Adblock Plus - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\towcca1s.default-1416752358881\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-12-15] [not signed]
FF HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files\WordWeb\WCaptureMoz [2014-01-03] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\npcryptokit_certenrollment_boc_plugins.js [2014-01-09]
Chrome:
=======
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=937811&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://startpage.com/eng/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\50.0.2661.94\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\50.0.2661.94\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\50.0.2661.94\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\50.0.2661.94\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (client binding plugin for fsi) - C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeClientBinding.dll (ICBC)
CHR Plugin: (full screen plugin for fsi) - C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeFullScreen.dll (ICBC)
CHR Plugin: (submit plugin for fsi) - C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeSubmit.dll (ICBC)
CHR Plugin: (npxxin input plugin for fsi) - C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeXXin.dll (Industrial and Commercial Bank of China)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Wandoujia Plugin) - C:\Program Files\WandouLabs\npWandoujiaHelper.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (npalicdo plugin) - C:\Users\David\AppData\Roaming\alipay\cf\npalicdo.dll => No File
CHR Plugin: (Alipay Security Control 3) - C:\Windows\system32\aliedit\3.8.0.0\npAliSecCtrl.dll => No File
CHR Plugin: (Alipay webmod control) - C:\Windows\system32\aliedit\3.8.0.0\npalidcp.dll => No File
CHR Plugin: (Alipay security control) - C:\Windows\system32\aliedit\3.8.0.0\npaliedit.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\50.0.2661.94\pdf.dll => No File
CHR Plugin: (AliWangWang Plug-In For Firefox and Netscape) - C:\Program Files\AliWangWang\8.00.34C\npwangwang.dll => No File
CHR Plugin: (iTrusChina iTrusPTA,XEnroll,iEnroll,hwPTA,UKeyInstalls Firefox Plugin) - C:\Windows\system32\itruscert\NPComBrg701.dll => No File
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Spotify VK Downloader) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\baggnalhgbpeanbhedjlbndhjgmimmhl [2016-05-04]
CHR Extension: (Zhongwen: Chinese-English Dictionary) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkmlkkjojmombglmlpbpapmhcaljjkde [2016-05-04]
CHR Extension: (ICBCChromeExtension) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lehjanbmddecbhgnnncapflmglinppcj [2014-08-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-04]
CHR HKLM\...\Chrome\Extension: [ajmecfihhnibjmmihpecefjjckgbmedh] - C:\Program Files\ICBCEbankTools\ICBCNewChromeExtension\ICBCNewChromeExtension.crx [2015-12-01]
CHR HKLM\...\Chrome\Extension: [ebfkjhegjojpombijlnbkmjoabfgohkb] - C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\ICBCAssistChromeExtension.crx [2015-12-01]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lehjanbmddecbhgnnncapflmglinppcj] - C:\Program Files\ICBCEbankTools\ICBCChromeExtension\ICBCChromeExtension.crx [2013-07-02]
Opera:
=======
OPR StartupUrls: "hxxp://startpage.com/"
OPR Extension: (AdBlock) - C:\Users\David\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2016-03-04]
OPR Extension: (AdBlock) - C:\Users\David\AppData\Roaming\Opera Software\Opera Stable\Extensions\kgjdldamaclconkgicdehfijmmkplcih [2015-08-25]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-13] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [970656 2016-05-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [467016 2016-05-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [467016 2016-05-31] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1435704 2016-05-31] (Avira Operations GmbH & Co. KG)
R2 ASOVPNHelper; C:\Program Files\Astrill\ASOvpnSvc.exe [602136 2015-11-19] (Astrill)
R3 ASProxy; C:\Program Files\Astrill\ASProxy.exe [2607640 2015-09-03] (Astrill)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [276424 2016-05-04] (Avira Operations GmbH & Co. KG)
R2 DeviceHealth; C:\Program Files\Microsoft Device Health\DhMachineSvc.exe [85664 2014-06-06] ()
R2 ICBC Daemon Service; C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe [370824 2014-06-20] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 wwbizsrv; C:\Program Files\Alibaba\wwbizsrv\wwbizsrv.exe [2159464 2015-10-22] (Alibaba Group)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11832 2014-05-21] (Advanced Micro Devices Inc.)
R3 asvpndrv; C:\Windows\System32\DRIVERS\asvpndrv.sys [25856 2014-05-17] (Astrill)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [109016 2016-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137240 2016-05-31] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [60088 2016-05-31] (Avira Operations GmbH & Co. KG)
S3 D-Vitec; C:\Windows\System32\DRIVERS\dvitdcnt.sys [281344 2012-07-26] (D-vitec)
R2 giveio; C:\Windows\system32\giveio.sys [5248 1996-04-04] () [File not signed]
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [204432 2014-06-23] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 speedfan; C:\Windows\system32\speedfan.sys [24184 2012-12-30] (Almico Software)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-16] (Avira Operations GmbH & Co. KG)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-07-01] (The OpenVPN Project)
S3 catchme; \??\C:\Users\David\AppData\Local\Temp\catchme.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S1 qutmipc; \??\C:\Windows\system32\drivers\qutmipc.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-01 11:50 - 2016-06-01 11:51 - 00020206 _____ C:\Users\David\Desktop\FRST.txt
2016-06-01 11:49 - 2016-06-01 11:50 - 00000000 ____D C:\FRST
2016-06-01 11:47 - 2016-06-01 11:47 - 00051121 _____ C:\Users\David\Desktop\JRT.txt
2016-06-01 11:35 - 2016-06-01 11:35 - 01734656 _____ (Farbar) C:\Users\David\Desktop\FRST.exe
2016-06-01 11:28 - 2016-06-01 11:28 - 01610816 _____ (Malwarebytes) C:\Users\David\Desktop\JRT.exe
2016-06-01 10:50 - 2016-06-01 10:53 - 00000000 ____D C:\AdwCleaner
2016-06-01 10:45 - 2016-06-01 10:46 - 03677248 _____ C:\Users\David\Desktop\AdwCleaner.exe
2016-05-31 17:29 - 2016-05-31 17:30 - 15799179 _____ C:\Users\David\Desktop\Black _ White Heads On Nose Part 2.mp4
2016-05-31 17:28 - 2016-05-31 17:28 - 05114754 _____ C:\Users\David\Desktop\Infowars to enter the Heart of SJW Tyranny.mp4
2016-05-30 18:25 - 2016-05-30 18:26 - 15957519 _____ C:\Users\David\Desktop\Nose Full Of Blackheads.mp4
2016-05-30 16:27 - 2016-05-30 16:28 - 00026112 _____ C:\Users\David\Desktop\David (1).xls
2016-05-27 20:25 - 2016-05-27 20:30 - 48729072 _____ C:\Users\David\Desktop\THE DUMBEST GENERATION THE SAD TRUTH THEY DONT WANT YOU TO KNOW.mp4
2016-05-24 18:30 - 2016-05-24 18:33 - 28019641 _____ C:\Users\David\Desktop\Funny Dogs - A Funny Dog Videos Compilation 2015.mp4
2016-05-23 22:01 - 2016-06-01 10:58 - 00000000 ____D C:\Users\David\AppData\LocalLow\uTorrent
2016-05-18 17:35 - 2016-05-18 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-05-18 16:36 - 2016-06-01 10:58 - 00000000 ____D C:\Users\David\AppData\Roaming\vlc
2016-05-16 17:35 - 2016-05-16 17:39 - 18806428 _____ C:\Users\David\Desktop\Mozart - Soundtrack - Out of Africa.mp4
2016-05-14 08:35 - 2016-05-14 08:35 - 20381888 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2016-05-06 12:51 - 2016-05-08 17:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-05-04 20:50 - 2016-05-04 20:50 - 00000000 ____D C:\Users\David\AppData\Roaming\Wondershare AllMyTube
2016-05-04 20:48 - 2016-05-04 20:48 - 00000000 ____D C:\Users\David\AppData\Local\Wondershare
2016-05-04 20:48 - 2016-05-04 20:48 - 00000000 ____D C:\Program Files\Common Files\Wondershare
2016-05-04 20:47 - 2016-05-04 21:06 - 00000000 ____D C:\Program Files\Wondershare
2016-05-04 20:47 - 2016-05-04 21:05 - 00000000 ____D C:\ProgramData\Wondershare AllMyTube
2016-05-04 20:47 - 2016-05-04 20:47 - 00000000 ____D C:\ProgramData\Wondershare Application Common Data
2016-05-04 20:45 - 2016-05-04 20:46 - 00000000 ____D C:\Users\Public\Documents\Wondershare
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-01 11:47 - 2014-08-06 10:10 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-01 11:41 - 2014-03-18 15:03 - 00000398 _____ C:\Windows\Tasks\WpsUpdateTask_David.job
2016-06-01 11:41 - 2014-03-18 15:03 - 00000398 _____ C:\Windows\Tasks\WpsNotifyTask_David.job
2016-06-01 11:34 - 2016-01-20 10:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-01 11:06 - 2016-04-28 18:53 - 00003792 _____ C:\Windows\system32\ASProxyOff.ini
2016-06-01 11:05 - 2009-07-14 12:34 - 00021024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-01 11:05 - 2009-07-14 12:34 - 00021024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-01 10:59 - 2014-01-02 23:20 - 00000000 ____D C:\Users\David\AppData\Roaming\uTorrent
2016-06-01 10:57 - 2014-08-06 10:10 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-01 10:56 - 2009-07-14 12:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-01 10:55 - 2014-01-03 16:37 - 00000000 ____D C:\Program Files\Subliminal Power
2016-05-31 16:59 - 2015-03-03 17:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-05-31 16:56 - 2015-03-03 17:14 - 00137240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-05-31 16:56 - 2015-03-03 17:14 - 00060088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-05-30 18:40 - 2014-01-10 10:43 - 00388386 _____ C:\Windows\system32\prfh0804.dat
2016-05-30 18:40 - 2014-01-10 10:43 - 00123864 _____ C:\Windows\system32\prfc0804.dat
2016-05-30 18:40 - 2014-01-02 22:20 - 01276504 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-30 18:40 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\inf
2016-05-30 09:44 - 2015-02-09 11:20 - 00000000 ____D C:\Users\David\Downloads\Ant Videos
2016-05-29 08:01 - 2015-08-26 13:00 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-05-25 18:04 - 2014-01-02 22:41 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-23 21:54 - 2014-01-02 22:31 - 00000000 ____D C:\Program Files\Opera
2016-05-18 17:35 - 2014-01-03 16:53 - 00000000 ____D C:\Program Files\VideoLAN
2016-05-18 17:19 - 2014-08-04 11:11 - 00000000 ____D C:\Users\David\Desktop\Desktopstuff
2016-05-15 21:38 - 2014-01-02 23:40 - 00000000 ____D C:\Users\David\Documents\Calibre Library
2016-05-14 08:35 - 2014-01-02 23:19 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-05-14 08:35 - 2014-01-02 23:19 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-05-13 07:50 - 2014-08-06 10:17 - 00002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-09 20:21 - 2016-04-28 18:44 - 00000000 ____D C:\Users\David\AppData\Roaming\Astrill
2016-05-08 17:05 - 2014-01-03 10:11 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-05-07 19:06 - 2014-08-17 16:41 - 00000000 ____D C:\Users\David\AppData\Local\aef
2016-05-06 17:11 - 2015-11-11 17:51 - 00000000 ____D C:\Program Files\AliQinTao
2016-05-03 12:09 - 2015-01-31 10:28 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-03 08:58 - 2014-01-03 18:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-05-02 22:43 - 2016-04-30 10:05 - 00000000 ____D C:\Users\David\Downloads\Youtubes
==================== Files in the root of some directories =======
2016-04-28 18:44 - 2015-05-05 11:56 - 1701390 _____ () C:\Users\David\AppData\Roaming\addr2line.exe
2014-01-04 09:32 - 2014-06-23 21:40 - 0001078 _____ () C:\Users\David\AppData\Roaming\base64.cer
2014-07-20 18:02 - 2014-07-22 11:31 - 1411790 _____ () C:\ProgramData\TestPreferences
Files to move or delete:
====================
C:\ProgramData\999.dat
Some files in TEMP:
====================
C:\Users\David\AppData\Local\temp\avgnt.exe
C:\Users\David\AppData\Local\temp\libeay32.dll
C:\Users\David\AppData\Local\temp\msvcr120.dll
C:\Users\David\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-05-29 08:02
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:29-05-2016 02
Ran by David (2016-06-01 11:51:30)
Running from C:\Users\David\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2014-01-02 12:13:05)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1483477416-240000409-50094224-500 - Administrator - Disabled)
David (S-1-5-21-1483477416-240000409-50094224-1000 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-1483477416-240000409-50094224-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1483477416-240000409-50094224-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Alipay Cert Component 2.5.0.0 (HKU\.DEFAULT\...\AlipayCert) (Version: 2.5.0.0 - Alipay.com Co., Ltd.)
Anki (HKLM\...\Anki) (Version: - )
Apple Application Support (32-bit) (HKLM\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9A629DCB-415D-4A50-85B9-5C2E4F8F74A8}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Astrill (HKLM\...\{A77BCF74-A5A3-441B-9923-305EAD8B7976}_is1) (Version: - Astrill)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM\...\{28d41884-9b36-4f54-bed2-92863f08e65d}) (Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG)
Avira Launcher (Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG) Hidden
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
calibre (HKLM\...\{50179884-9D17-4BC1-A685-3E99E55CE918}) (Version: 2.54.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Flickr Uploadr for Windows (HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\FlickrUploadrWindows) (Version: 0.9.98.280 - Flickr)
Google Chrome (HKLM\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
icbc_netbank_client_controls (HKLM\...\{93156467-FD99-4A30-9CA5-8563F4BB8DB3}) (Version: 2010.11.17.0 - ICBC)
ICBCChromeExtension (HKLM\...\{619AF9F4-3B8F-4989-B65F-67E45D0F4AF0}) (Version: 1.0.6.0 - ICBC) <==== ATTENTION
ICBCEBankAssist (HKLM\...\{2FEC1C6E-CA95-43CF-8597-0979DBF2F5FD}) (Version: 1.6.3.0 - Industrial and Commercial Bank of China)
ICBCEbankPlugins (HKLM\...\{605A7036-A19C-4289-8966-760D708C33E1}) (Version: 1.0.7.0 - icbc)
ICBCNewChromeExtension (HKLM\...\{93BEAF31-0215-489B-A7A6-9B4831C9F572}) (Version: 1.0.2.0 - ICBC) <==== ATTENTION
iTunes (HKLM\...\{2C741651-87E0-4479-9703-6DD0D7988B84}) (Version: 12.3.2.35 - Apple Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Excel 2007 Help ¸üР(KB963678) (HKLM\...\{90120000-0016-0804-0000-0000000FF1CE}_PROPLUS_{CECF0828-8F1F-4205-86B9-61683BAF0321}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook 2007 Help ¸üР(KB963677) (HKLM\...\{90120000-001A-0804-0000-0000000FF1CE}_PROPLUS_{CB739C4F-6ABE-4CB2-BC90-57583893094F}) (Version: - Microsoft)
Microsoft Office Powerpoint 2007 Help ¸üР(KB963669) (HKLM\...\{90120000-0018-0804-0000-0000000FF1CE}_PROPLUS_{833A1F95-EEEB-47D3-B13F-3243AB2E7FA5}) (Version: - Microsoft)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word 2007 Help ¸üР(KB963665) (HKLM\...\{90120000-001B-0804-0000-0000000FF1CE}_PROPLUS_{53A3BCC0-3278-4729-8718-D17DEC19DE48}) (Version: - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
Opera Stable 37.0.2178.43 (HKLM\...\Opera 37.0.2178.43) (Version: 37.0.2178.43 - Opera Software)
PhotoScape (HKLM\...\PhotoScape) (Version: - )
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek HDMI Audio Driver for ATI (HKLM\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Security Task Manager 1.8c (HKLM\...\Security Task Manager) (Version: 1.8c - Neuber Software)
Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1118 - SUPERAntiSpyware.com)
Touchpad Blocker (HKLM\...\Touchpad Blocker) (Version: 2.9 - KARPOLAN)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WordWeb (HKLM\...\WordWeb) (Version: 6 - WordWeb Software)
WPS Office (9.1.0.4746) (HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\WPS Office) (Version: 9.1.0.4746 - Kingsoft Corp.)
中国工商银行防钓鱼软件 (HKLM\...\{D8903816-37A7-4F23-8614-0246473D5CE9}) (Version: 2.2.8 - 中国工商银行)
亲淘 (HKLM\...\亲淘) (Version: - 阿里巴巴(中国)有限公司)
支付宝安全控件 5.3.0.3807 (HKLM\...\alieditplus) (Version: 5.3.0.3807 - Alipay.com Co., Ltd.)
谷歌拼音输入法 2.7 (HKLM\...\GooglePinyin2) (Version: - Google Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{00020906-0000-4b30-A977-D214852036FF}\localserver32 -> C:\Users\David\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{000209F0-0000-4b30-A977-D214852036FF}\InprocServer32 -> => No File
CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{000209FF-0000-4b30-A977-D214852036FF}\localserver32 -> C:\Users\David\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{0002CE21-0000-0000-C000-000000000046}\localserver32 -> C:\Users\David\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\ksee\EqnEdit.exe (Design Science, Inc.)
CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{017CE1A6-416F-4684-AE6A-02064420B30A}\InprocServer32 -> C:\Program Files\AliQinTao\1.90.05U\AliIMSSOLogin.dll (阿里巴巴(中国)有限公司)
CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{26C3F8B0-0217-46A1-AB2D-A1B494E71402}\InprocServer32 -> C:\Program Files\AliQinTao\1.90.05U\AliIMSSOLogin.dll (阿里巴巴(中国)有限公司)
CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{44720441-94BF-4940-926D-4F38FECF2A48}\localserver32 -> C:\Users\David\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{44720444-94BF-4940-926D-4F38FECF2A48}\localserver32 -> C:\Users\David\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{45540001-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Users\David\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{45540003-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Users\David\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{45540086-5750-5300-4B49-4E47534F4655}\InprocServer32 -> => No File
CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{45540086-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Users\David\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{4D4E0078-1386-4536-BD05-3E1013F17116}\InprocServer32 -> C:\Users\David\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\office6\oledefaulthandler.dll (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}\InprocServer32 -> C:\Program Files\AliQinTao\1.90.05U\AliIMX.dll (Alibaba software (Shanghai) Corporation.)
CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{91493443-94BF-4940-926D-4F38FECF2A48}\InprocServer32 -> => No File
CustomCLSID: HKU\S-1-5-21-1483477416-240000409-50094224-1000_Classes\CLSID\{E81FB43C-B144-4D30-8033-C9338AA0ECB8}\InprocServer32 -> C:\Program Files\AliQinTao\1.90.05U\AliIMSSOLogin.dll (阿里巴巴(中国)有限公司)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0537FEF0-7887-4533-8433-3AFCEA6BA5E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {077EC099-51A0-4190-B3D3-8BAE4BFA378E} - System32\Tasks\{6D67EFA5-C130-489A-935A-915148DC62B6} => pcalua.exe -a "I:\TOP+TIPS+音频光盘\TOP TIPS\Top Tips for IELTS Academic.exe" -d "I:\TOP+TIPS+音频光盘\TOP TIPS"
Task: {102F9216-B08F-45E4-BF0D-6AE533CB44F7} - System32\Tasks\{B67B8CC1-F228-48B1-BA26-88B15E065A4E} => C:\Users\David\Desktop\翻墙\翻墙\lantern-installer-beta.exe
Task: {18456E94-B31C-4BCD-8B13-DC283320E9BE} - System32\Tasks\WpsNotifyTask_David => C:\Users\David\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsnotify.exe [2014-09-21] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {7334C863-C12A-4CB6-9BF5-81100623DD83} - System32\Tasks\JetBoost_AutoUpdate => C:\Program Files\BlueSprig\JetBoost\AutoUpdate.exe [2012-11-27] (BlueSprig)
Task: {749E2F91-A6BA-4773-A965-306EB87B983F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {8837428D-F94D-4EB4-8F57-B35CC830F20B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_21_0_0_242_pepper.exe [2016-05-14] (Adobe Systems Incorporated)
Task: {8D194B8A-CA11-4DB4-ACBA-3815F4B817EC} - System32\Tasks\JetCleanLoginCheckUpdate => C:\Program Files\BlueSprig\JetClean\AutoUpdate.exe [2013-05-14] (BlueSprig)
Task: {8E97C2CE-D9F8-464D-A496-B6144FB4F2BE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-18] (Piriform Ltd)
Task: {9040215C-0B01-4F8C-8DC1-F4A3045B0E23} - System32\Tasks\{DC26780C-3E21-410D-B5BC-4431176DA68B} => pcalua.exe -a "C:\Program Files\Clavis Sinica 5.0\Uninstall Clavis Sinica 5.0.exe" -d "H:\Seagate Dashboard 2.0\PC-201208301640\Administrator\Backup\ff4c811b-d4f6-4805-96c1-1923aeba5bfc\20131231_122040_Administrator\E\c盘程序\Clavis Sinica 5.0\Cst" -c "H:\Seagate Dashboard 2.0\PC-201208301640\Administrator\Backup (the data entry has 105 more characters).
Task: {93131162-8B8D-46E5-A623-4873F2D3A739} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {97CA5C8A-BFEA-4278-8E2C-995A347630DE} - System32\Tasks\WpsUpdateTask_David => C:\Users\David\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsupdate.exe [2016-03-22] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {B098A572-28DD-4F7D-99A4-DBA0A9FEB5D2} - System32\Tasks\Opera scheduled Autoupdate 1388673118 => C:\Program Files\Opera\launcher.exe [2016-05-09] (Opera Software)
Task: {C1181472-CB58-45D4-8C1B-97F7214C58CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-14] (Adobe Systems Incorporated)
Task: {C358ADC3-709D-4A8F-9D79-3E05470242E1} - System32\Tasks\Boot Trigger ICBC Task => C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\RunEBank.exe [2013-12-17] ()
Task: {C67B2910-4FB0-4F20-B351-F1BCD15F2484} - System32\Tasks\Google Pinyin Daemon => C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe [2015-10-16] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_21_0_0_242_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WpsNotifyTask_David.job => C:\Users\David\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsnotify.exe
Task: C:\Windows\Tasks\WpsUpdateTask_David.job => C:\Users\David\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsupdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-06 21:36 - 2014-06-06 21:36 - 00085664 _____ () C:\Program Files\Microsoft Device Health\DhMachineSvc.exe
2014-06-06 21:36 - 2014-06-06 21:36 - 00064672 _____ () C:\Program Files\Microsoft Device Health\Collectors\system_collector.dll
2014-06-06 21:36 - 2014-06-06 21:36 - 00023200 _____ () C:\Program Files\Microsoft Device Health\Collectors\user_collector.dll
2014-06-06 21:36 - 2014-06-06 21:36 - 00020640 _____ () C:\Program Files\Microsoft Device Health\Actuators\win_update_actuator.dll
2014-06-20 17:22 - 2014-06-20 17:22 - 00370824 _____ () C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ASProxy => ""="service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\alipay.com -> hxxps://alipay.com
IE trusted site: HKU\.DEFAULT\...\alipay.com -> hxxp://alipay.com
IE trusted site: HKU\.DEFAULT\...\alisoft.com -> hxxps://alisoft.com
IE trusted site: HKU\.DEFAULT\...\alisoft.com -> hxxp://alisoft.com
IE trusted site: HKU\.DEFAULT\...\taobao.com -> hxxps://taobao.com
IE trusted site: HKU\.DEFAULT\...\taobao.com -> hxxp://taobao.com
IE trusted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\cfca.com.cn -> hxxp://www.cfca.com.cn
IE trusted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\cfca.com.cn -> hxxps://www.cfca.com.cn
IE trusted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\google.com -> hxxps://www.google.com
IE trusted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\icbc.com.cn -> hxxps://www.icbc.com.cn
IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\1-se.com -> 1-se.com
There are 11402 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 10:04 - 2015-07-25 08:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1483477416-240000409-50094224-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 221.7.128.68 - 221.7.136.68
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^wandoujia_helper.lnk => C:\Windows\pss\wandoujia_helper.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: FlickrUploadr => "C:\Users\David\AppData\Local\FlickrUploadrWindows\Update.exe" --processStart Flickr.exe
MSCONFIG\startupreg: Microsoft Pinyin IME Migration => c:\progra~1\common~1\micros~1\ime12\imesc\imscmig.exe /install
MSCONFIG\startupreg: qintao => "C:\Program Files\AliQinTao\AliQinTao.exe" /run:auto
MSCONFIG\startupreg: QuickTime Task =>
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{7D08AAC0-040F-41E2-B261-F98873049CA9}C:\users\david\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\david\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{355CA210-D0AD-4C9B-A85A-CC463BA219DE}C:\users\david\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\david\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{A513B0C2-1CB7-4A3A-8060-1645BC1A959D}] => (Allow) C:\users\david\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{AE18DA7C-6C34-4894-A34C-2FDD1EB7C1BA}] => (Allow) C:\users\david\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{4853FE5B-4EDF-4875-9EC7-080E1FFB7EEF}] => (Allow) C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CC8638B0-2AD0-4805-95E9-62921D097371}] => (Allow) C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BEA9A16F-B26B-4EA0-A0C6-6CBC1147778E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{6DD37402-3CF5-4581-85ED-14FC73AAE47A}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{4EED0625-61DE-454D-8002-9EA2F9A0F93C}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{8F7551FE-DEF8-43E6-8A37-D5B66139F8C7}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{8E69ACF1-D9F1-420E-99F0-4BA9C03CB10D}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{630BE3CA-023D-4B7D-A70C-2FD24514C234}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{317985DB-B63B-475D-9460-9F70A467EAB7}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{9CE1F0B0-17E0-4D93-BA33-5502A66C1A2B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8E6B7A31-2763-4D25-941F-36A72747983E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{D8F698F3-07C5-4C8C-BCA7-175B5FA24E05}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D98DF725-E5DC-4D9F-A423-B2E6BE535A8C}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{7D52FB9E-D063-4CDE-A4B7-2C7144AB7536}] => (Allow) C:\Users\David\AppData\Local\Temp\nso8C14.tmp\Installer-10004574.exe
FirewallRules: [{AFB7BFBC-3D7D-42DC-881E-093F423391F9}] => (Allow) C:\Users\David\AppData\Local\Temp\nso8C14.tmp\Installer-10004574.exe
FirewallRules: [{A035916A-55D7-4D1C-BC16-9F0A2EE50177}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{25981C77-8490-49B3-9B5A-E14D379E1C42}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{192AF1AC-13A1-4CAF-9573-4C4BE4CCB226}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A600380F-D1EC-4020-BB69-827687F4783F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2A17B181-030C-46B1-9D45-EE9A5E634CFF}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{1E1623E3-E4DD-4868-B205-0B4FDEB9FBFB}] => (Allow) C:\Program Files\Identity Cloaker\openvpnportable\app\bin\openvpn.exe
FirewallRules: [{0A2FFDEB-0126-48D4-80C2-E0AB25A93615}] => (Allow) C:\Program Files\Identity Cloaker\Privoxy\privoxy.exe
FirewallRules: [{C671ECB1-C6A7-480E-B2E3-8F935170D6A1}] => (Allow) C:\Program Files\Identity Cloaker\idc2.exe
FirewallRules: [{139535FE-A1C5-47D4-A628-3E1759BDD926}] => (Allow) C:\Program Files\Identity Cloaker\Privoxy\privoxy.exe
FirewallRules: [{1C00876D-AF04-40DA-9D86-53F815AA498D}] => (Allow) C:\Program Files\Identity Cloaker\idc2.exe
FirewallRules: [{BC2CCCD3-FC92-4D0B-A812-DD8F9968885F}] => (Allow) C:\Program Files\Identity Cloaker\openvpnportable\app\bin\openvpn.exe
FirewallRules: [TCP Query User{32B20F8D-E908-4178-8A06-B8D9535AC7A6}H:\seagate dashboard 2.0\pc-201208301640\administrator\backup\ff4c811b-d4f6-4805-96c1-1923aeba5bfc\20131231_122040_administrator\d\downloads\vpn live\fg732p.exe] => (Allow) H:\seagate dashboard 2.0\pc-201208301640\administrator\backup\ff4c811b-d4f6-4805-96c1-1923aeba5bfc\20131231_122040_administrator\d\downloads\vpn live\fg732p.exe
FirewallRules: [UDP Query User{28256B38-7529-4E33-9449-986EDD04883B}H:\seagate dashboard 2.0\pc-201208301640\administrator\backup\ff4c811b-d4f6-4805-96c1-1923aeba5bfc\20131231_122040_administrator\d\downloads\vpn live\fg732p.exe] => (Allow) H:\seagate dashboard 2.0\pc-201208301640\administrator\backup\ff4c811b-d4f6-4805-96c1-1923aeba5bfc\20131231_122040_administrator\d\downloads\vpn live\fg732p.exe
FirewallRules: [TCP Query User{797F4173-C990-438B-BAF3-57FC9EE8566A}C:\users\david\appdata\local\microsoft\windows\temporary internet files\content.ie5\o3p4uhz4\fg758p.exe] => (Allow) C:\users\david\appdata\local\microsoft\windows\temporary internet files\content.ie5\o3p4uhz4\fg758p.exe
FirewallRules: [UDP Query User{80EE8705-6A3B-43AC-B6C8-2EFC559285C8}C:\users\david\appdata\local\microsoft\windows\temporary internet files\content.ie5\o3p4uhz4\fg758p.exe] => (Allow) C:\users\david\appdata\local\microsoft\windows\temporary internet files\content.ie5\o3p4uhz4\fg758p.exe
FirewallRules: [{AF675EB6-C78B-440D-B8AB-E1826BE8BE21}] => (Block) C:\users\david\appdata\local\microsoft\windows\temporary internet files\content.ie5\o3p4uhz4\fg758p.exe
FirewallRules: [{D04DE344-60F6-483C-BB04-2D22D0E0362E}] => (Block) C:\users\david\appdata\local\microsoft\windows\temporary internet files\content.ie5\o3p4uhz4\fg758p.exe
FirewallRules: [TCP Query User{F92CAB8B-5C74-45F2-84DA-948403BABAC8}C:\program files\wondershare\youtube-downloader\allmytube.exe] => (Block) C:\program files\wondershare\youtube-downloader\allmytube.exe
FirewallRules: [UDP Query User{D9E269F6-7793-4129-9001-0B866F363ED5}C:\program files\wondershare\youtube-downloader\allmytube.exe] => (Block) C:\program files\wondershare\youtube-downloader\allmytube.exe
FirewallRules: [{2CE5EDEE-9897-440A-8365-6FD75F615E5E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{AA8C8186-E4DB-4958-97A6-292D7934BD6B}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{3FC0A336-6F6C-4483-9373-69EC477884A7}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
==================== Restore Points =========================
28-02-2016 19:00:48 Windows Backup
06-03-2016 19:00:58 Windows Backup
13-03-2016 19:00:54 Windows Backup
16-03-2016 15:22:30 Installed Identity Cloaker
27-03-2016 19:00:40 Windows Backup
03-04-2016 19:01:22 Windows Backup
05-04-2016 16:23:24 Removed Identity Cloaker
05-04-2016 16:25:54 Installed Identity Cloaker
06-04-2016 09:17:39 Removed Identity Cloaker
09-04-2016 09:23:10 Installed calibre
10-04-2016 19:00:56 Windows Backup
17-04-2016 19:00:59 Windows Backup
24-04-2016 19:54:05 Windows Backup
01-05-2016 19:00:55 Windows Backup
08-05-2016 19:53:55 Windows Backup
15-05-2016 19:01:08 Windows Backup
22-05-2016 19:23:38 Windows Backup
29-05-2016 19:01:00 Windows Backup
01-06-2016 11:44:47 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name: qutmipc
Description: qutmipc
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: qutmipc
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/01/2016 09:50:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iTunes.exe, version: 12.3.2.35, time stamp: 0x56739d90
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x0003bd41
Faulting process id: 0x18f8
Faulting application start time: 0xiTunes.exe0
Faulting application path: iTunes.exe1
Faulting module path: iTunes.exe2
Report Id: iTunes.exe3
Error: (06/01/2016 08:06:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 26860611
Error: (06/01/2016 08:06:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 26860611
Error: (06/01/2016 08:06:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/01/2016 08:06:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 26859504
Error: (06/01/2016 08:06:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 26859504
Error: (06/01/2016 08:06:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/01/2016 08:06:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 26858490
Error: (06/01/2016 08:06:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 26858490
Error: (06/01/2016 08:06:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (06/01/2016 11:45:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ati External Event Utility service terminated unexpectedly. It has done this 1 time(s).
Error: (06/01/2016 10:57:36 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
qutmipc
Error: (06/01/2016 10:56:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LiveUpdate service failed to start due to the following error:
%%2
Error: (06/01/2016 10:54:49 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\bcmihvsrv.dll
Error: (06/01/2016 10:54:49 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\bcmihvsrv.dll
Error: (06/01/2016 10:54:28 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\bcmihvsrv.dll
Error: (06/01/2016 10:53:32 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056
Error: (06/01/2016 10:53:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The wwbizsrv service terminated unexpectedly. It has done this 1 time(s).
Error: (06/01/2016 10:53:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ASProxy service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.
Error: (06/01/2016 10:53:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).
CodeIntegrity:
===================================
Date: 2014-02-03 20:03:47.755
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\David\AppData\Local\Temp\0399523\kldw.exe because the set of per-page image hashes could not be found on the system.
Date: 2014-02-03 20:03:47.241
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\David\AppData\Local\Temp\0399523\kldw.exe because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: AMD Athlon 64 X2 Dual-Core Processor TK-57
Percentage of memory in use: 39%
Total physical RAM: 1918 MB
Available physical RAM: 1165.03 MB
Total Virtual: 3836.01 MB
Available Virtual: 2717.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:97.65 GB) (Free:14.12 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:68.36 GB) (Free:42.23 GB) NTFS
Drive e: () (Fixed) (Total:66.86 GB) (Free:24.28 GB) NTFS
Drive h: (Seagate Backup Plus Drive) (Fixed) (Total:931.51 GB) (Free:371.71 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: EF08263A)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=135.2 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 99C46DCD)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================