Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Clicked on an email link that required to sign in again to same email.


  • Please log in to reply

#1
goiasg

goiasg

    New Member

  • Member
  • Pip
  • 9 posts

Hi everybody,

 

First of all thanks for this service.

 

Also I'm a fifties person when it comes to the understanding of matters you dwell here and so I might not get easily the technical terms you might use to reply.

 

I got an email on my yahoo mail from a contact that had a link for me to read a message that could not appear otherwise. For some stupid reason I clicked and it appeared the window to sign in the password of the email I was using. I signed in - I again stupidly repeated this three times -  and was directed through and to sites and things such as :

 

249590.c19ac55dd7533bf1c3890dce9c64724esessioninboxmsg149671167.ssl-logs-u.com
 
 
 

 

uyoxzf.onlyonechance.club
 
uyoxzf.onlyonechance.club
 
991150.4f5fe264871b7fa24619cc8434305577sessioninboxmsg898513447.ssl-logs-u.com
 
 
 

 

  1.  
  2. screenaddict.thewhizproducts.com

  3. play.leadzupc.com
  4. Your page is loading...
    get.todaysoffers.online
  5. Loading...
    get.todaysoffers.online
  6. href.li
    924840.7410b409f65ec03bbd6e1de6e233bc42sessioninboxmsg83432936.ssl-logs-u.com
     
     
    1.  

    2. pt.toptvtab.com
    3. play.leadzupc.com
    4. Your page is loading...
      get.todaysoffers.online
    5. Loading...
      get.todaysoffers.online
    6. href.li
      href.li
       
       
    7.  

I did a full system scan with Norton. I used the Norton Power Eraser. Nothing - no risks detected - appeared in the full system scan or in the power eraser but I'm afraid some bad stuff might have passed after all I did click on the link and signed in to my own email on its instruction three times.

 

What do you think happened and or is happening with my computer?

 

Thank you again and I apologize for my ignorance.

 

Goiasg 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,999 posts
  • MVP

Basically you just gave your email password to some unknown people so that they can now use your account to send spam or read all of your email looking for sensitive info.

 

Change the password now!

 

It doesn't sound like it got you infected but let's take a look:

 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    •  
     
  • Get FRST from
  • You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
     
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Check the Addition.txt box
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #3
    goiasg

    goiasg

      New Member

    • Topic Starter
    • Member
    • Pip
    • 9 posts

    RKinner,

     

    Thank you very much for you prompt reply and assistance. Yes, I changed my password after the event.

     

    I ran all the software you provided. Here's the reports/logs:

     

    For ADWCleaner:

     

    # AdwCleaner v5.201 - Logfile created 07/08/2016 at 13:12:26

    # Updated 30/06/2016 by ToolsLib
    # Database : 2016-08-06.2 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (X64)
    # Username : owner - OWNER-PC
    # Running from : C:\Users\owner\Downloads\AdwCleaner.exe
    # Option : Clean
     
    ***** [ Services ] *****
     
    [-] Service Deleted : SProtection
     
    ***** [ Folders ] *****
     
    [-] Folder Deleted : C:\ProgramData\Babylon
    [-] Folder Deleted : C:\ProgramData\Iminent
    [-] Folder Deleted : C:\ProgramData\WPM
    [-] Folder Deleted : C:\ProgramData\Best Buy pc app
    [#] Folder Deleted : C:\ProgramData\Application Data\Babylon
    [#] Folder Deleted : C:\ProgramData\Application Data\Iminent
    [#] Folder Deleted : C:\ProgramData\Application Data\WPM
    [#] Folder Deleted : C:\ProgramData\Application Data\Best Buy pc app
    [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
    [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
    [-] Folder Deleted : C:\Program Files (x86)\Coupons
    [-] Folder Deleted : C:\Program Files (x86)\MediaPlayerplus
    [-] Folder Deleted : C:\Program Files (x86)\Smartdl
    [-] Folder Deleted : C:\Program Files (x86)\Freeven Pro 1.4
    [-] Folder Deleted : C:\Program Files (x86)\fst_br_102
    [#] Folder Deleted : C:\Program Files (x86)\fst_br_102
    [-] Folder Deleted : C:\Windows\Installer\{5CDCDBCD-119A-4AE1-9C55-B816DBBE4245}
    [-] Folder Deleted : C:\Users\owner\AppData\Local\fst_br_102
    [#] Folder Deleted : C:\Users\owner\AppData\Local\fst_br_102
    [-] Folder Deleted : C:\Users\owner\AppData\LocalLow\BabylonToolbar
    [-] Folder Deleted : C:\Users\owner\AppData\LocalLow\Claro LTD
    [-] Folder Deleted : C:\Users\owner\AppData\LocalLow\Minibar
    [-] Folder Deleted : C:\Users\owner\AppData\Roaming\Babylon
    [-] Folder Deleted : C:\Users\owner\AppData\Roaming\IClaro
    [-] Folder Deleted : C:\Users\owner\AppData\Roaming\Iminent
    [-] Folder Deleted : C:\Users\owner\AppData\Roaming\webssearches
     
    ***** [ Files ] *****
     
    [-] File Deleted : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.toptvtabsearch.com_0.localstorage
    [-] File Deleted : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.toptvtabsearch.com_0.localstorage-journal
    [-] File Deleted : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
    [-] File Deleted : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
    [-] File Deleted : C:\user.js
     
    ***** [ DLLs ] *****
     
     
    ***** [ WMI ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Scheduled tasks ] *****
     
     
    ***** [ Registry ] *****
     
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\f
    [-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
    [-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dmiifdbnlinfkcbohhdcfijbcipfndff
    [-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
    [-] Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
    [-] Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
    [-] Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
    [-] Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
    [-] Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    [-] Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    [-] Key Deleted : HKCU\Software\APN PIP
    [-] Key Deleted : HKCU\Software\Conduit
    [-] Key Deleted : HKCU\Software\InstallCore
    [-] Key Deleted : HKCU\Software\Softonic
    [-] Key Deleted : HKLM\SOFTWARE\Babylon
    [-] Key Deleted : HKLM\SOFTWARE\BabylonToolbar
    [-] Key Deleted : HKLM\SOFTWARE\Uniblue
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDCDBCD-119A-4AE1-9C55-B816DBBE4245}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{74AF34F6-ACF4-438C-9C7E-FA0307B60E45}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Best Buy pc app
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\6F43FA474FCAC834C9E7AF30706BE054
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\6F43FA474FCAC834C9E7AF30706BE054
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14C66209FCA938858B9729645C666684
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\206AF45B775E3A445B3B2273827DA85F
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225C3CBCEB850204D860A6C7CC7724AF
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29C79786B109AC443B0DC7BFD61B1896
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60ECC80C54085B141A40437A96CA2618
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87EC9ACEAFE8ECD52A529663CD35213F
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4223BBC9438CAD49BBE10B4E344B1DD
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDA2534BD056D1F44B6EC96AAA7F1F6E
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E05B987540A9E2849AAF9E5B06C27DA8
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6704141BAAF6884785EC6843143D6A7
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3038A20B9089EC34D8F74220191FAB30
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6F43FA474FCAC834C9E7AF30706BE054
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
    [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{9950688C-742B-431D-8C54-696CD2972849}]
    [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{0C2F2A0F-A969-4A77-A5DB-06EE902E7075}]
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}
    [-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
    [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
    [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
    [-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Iminent
     
    ***** [ Web browsers ] *****
     
    [-] [C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : bigseekpro.com
    [-] [C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : br.ask.com
    [-] [C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search here
    [-] [C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : dmiifdbnlinfkcbohhdcfijbcipfndff
     
    *************************
     
    :: "Tracing" keys deleted
    :: Winsock settings cleared
     
    *************************
     
    C:\AdwCleaner\AdwCleaner[C1].txt - [36415 bytes] - [07/08/2016 13:12:26]
    C:\AdwCleaner\AdwCleaner[S1].txt - [35581 bytes] - [07/08/2016 13:09:50]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [36563 bytes] ##########
     
     
     
    For JRT:
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.7 (07.03.2016)
    Operating System: Windows 7 Home Premium x64 
    Ran by owner (Administrator) on Sun 08/07/2016 at 13:32:21.43
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    File System: 99 
     
    Successfully deleted: C:\Users\owner\AppData\Local\{002604EF-F02C-4AF6-A39C-F66D26913E49} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{06B26296-9EDC-4595-AB1B-B0D5409593D0} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{0E12905A-6675-425F-B6ED-A4724C56FC9E} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{0E65C0BB-4C1D-453D-AC6C-13B80E9165CB} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{1DF17044-CD5C-465B-A2C3-F0D150E4B582} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{1E11A1F2-DEC1-4EDF-A542-41B2D66FB831} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{25965F5F-272E-4BB4-955F-923497562F44} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{319D147D-F0C2-4782-8187-5F5BA3EC9866} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{3BC1D298-A641-4901-8B3E-53F0A398C5FE} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{3EC55CF7-3215-4224-8748-D8BFE3D3DBC9} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{410C2EC0-623E-49B0-902C-CB58D357A634} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{43759237-40B5-40E5-9DB2-B5F7FC7AF8AC} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{491EDC4A-9CF2-410D-818B-3D6FDD0370B9} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{4C268005-A866-4050-8528-0F26B8687791} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{4EE433B7-2B37-4A66-A914-825E69A6A040} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{54052700-52A9-4072-B4A5-A862B3AE3AE4} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{55A59A45-2472-4AB8-BCD2-CE9E799CD408} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{55AA8427-7155-4B09-AB0F-D2E0DFE97DF7} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{60D55068-C9F4-4406-A05E-09EA4810D3E4} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{6BF1558D-CFC3-49C4-86D4-F52E140D8331} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{7C6EE3A7-8488-4BE6-AF51-026E5617E04D} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{7D593EA0-B012-44F5-ACD3-2E52152CF93E} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{7DA44356-DFFE-4B8F-8DFC-66A8B9B8BC83} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{871EF585-A181-4254-9DA2-A89C59E74130} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{8A9C708D-3D41-4F86-A485-DDF42A50528B} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{90991F56-156E-405D-B37A-8762BBBAD368} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{9EC095C0-86C1-4F1D-90AC-9C3221CD4EB3} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{A03FDCAD-F325-4AF4-AB0F-4E537041C259} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{A2D50D6E-DBBA-48EF-8C21-7E8B03FBFFCC} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{A4589BCE-5543-4D8A-AD9C-C89D07CD24D6} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{AA1275EB-0FFB-441D-B897-30C8E742670C} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{AE114603-7EC7-4DE3-BC2A-803D14FD4519} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{B296E7DD-BB6F-4313-8A94-C009E44643EB} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{B343CFB3-E25A-4C24-804E-B93E5CDBD977} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{B4FD4AFE-CBD5-416F-AE09-BFD749F8535C} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{B6482857-111A-444F-8AEA-D58F2ABF23B1} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{B77B1A5E-17FF-4857-9E13-B8A3635B0ABC} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{BA02BC7E-AC41-4590-8C38-73F9CBA66E3C} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{CBAA84AD-B16F-4711-A6E5-8590839905E3} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{CC254648-1C16-4E2C-8E25-901DA1EAE276} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{D4AD2F93-7EC8-4D39-82D2-D2BB75FAC478} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{D5CAC365-2078-4D76-883F-FA28375C36FA} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{DBC62AA5-ED06-4F83-98AF-C324971A333D} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{E195D192-F0D7-46EF-B715-99ADE1EFC426} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{F57F678C-C570-4215-92DF-C2460F6F09AA} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Local\{FE4F7C97-8798-4B70-8F74-16EBD77AE1A6} (Empty Folder)
    Successfully deleted: C:\Users\owner\AppData\Roaming\getrighttogo (Folder) 
    Successfully deleted: C:\Windows\couponprinter.ocx (File) 
    Successfully deleted: C:\Windows\system32\Tasks\EasySpeedUpManager (Task)
    Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2CJJXEVK (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2VLDAA0R (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3TMZDH9T (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\41C4VI62 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9SR0XCAP (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJPSZX91 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DL0HD6EV (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DLOXZXTU (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DP59LTE7 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EM9FUYTO (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EU5HUJYB (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZMUDIQR (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FNLCRZ1G (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H7GH8PYY (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ITE7088X (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLDOV28W (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ODQIPOXZ (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P1CCNHFU (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWI8OGT8 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SC7XOUAS (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SMXIZSTS (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2NYPPJP (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UJX8XEB6 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSXKXGHS (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2CJJXEVK (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2VLDAA0R (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3TMZDH9T (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\41C4VI62 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9SR0XCAP (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJPSZX91 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DL0HD6EV (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DLOXZXTU (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DP59LTE7 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EM9FUYTO (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EU5HUJYB (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZMUDIQR (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FNLCRZ1G (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H7GH8PYY (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ITE7088X (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLDOV28W (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ODQIPOXZ (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P1CCNHFU (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWI8OGT8 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SC7XOUAS (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SMXIZSTS (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2NYPPJP (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UJX8XEB6 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSXKXGHS (Temporary Internet Files Folder) 
     
     
     
    Registry: 0 
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 08/07/2016 at 13:38:31.19
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    For FRST:
     
     
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-08-2016
    Ran by owner (administrator) on OWNER-PC (07-08-2016 13:51:40)
    Running from C:\Users\owner\Downloads
    Loaded Profiles: owner (Available Profiles: owner)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 10 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\ns.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\ns.exe
     
     
    ==================== Registry (Whitelisted) ===========================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2581384 2010-08-31] (ELAN Microelectronics Corp.)
    HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
    HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [273544 2011-05-09] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1688672369-560665978-2355779204-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-27] (Skype Technologies S.A.)
    HKU\S-1-5-21-1688672369-560665978-2355779204-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
    HKU\S-1-5-21-1688672369-560665978-2355779204-1000\...\MountPoints2: {bb84e21b-74b7-11e0-b18e-e81132228e8e} - F:\LaunchU3.exe -a
    HKU\S-1-5-21-1688672369-560665978-2355779204-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2015-03-21]
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2015-03-21]
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
    Tcpip\..\Interfaces\{03163D81-0449-469F-AE22-A5B5AB6D604B}: [DhcpNameServer] 8.8.8.8 8.8.4.4
    Tcpip\..\Interfaces\{A1D97E98-42C4-4BDF-8890-881896C147BD}: [NameServer] 8.8.8.8,8.8.4.4
    Tcpip\..\Interfaces\{A1D97E98-42C4-4BDF-8890-881896C147BD}: [DhcpNameServer] 192.168.254.254
     
    Internet Explorer:
    ==================
    HKU\S-1-5-21-1688672369-560665978-2355779204-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll => No File
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
    BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-05-09] (RealPlayer)
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
    BHO-x32: W2PBrowser Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-09-17] ()
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
     
    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll [No File]
    FF Plugin-x32: @real.com/nppl3260;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2011-05-09] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprjplug;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2011-05-09] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2011-05-09] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-05-09] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll [2011-05-09] (RealNetworks, Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2012-01-13] (Veetle Inc)
    FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2012-01-13] (Veetle Inc)
    FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFAddon
    FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFAddon [2016-06-22]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2016-01-31] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFAddon
     
    Chrome: 
    =======
    CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
    CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
    CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
    CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
    CHR Extension: (Google Docs Offline) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
    CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-07-22]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
    CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
    CHR Extension: (Chrome Media Router) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-02]
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\Exts\Chrome.crx [2016-06-21]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\Exts\Chrome.crx [2016-06-21]
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-05-09]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
     
    ==================== Services (Whitelisted) ========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
    R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-08-31] (Red Bend Ltd.) [File not signed]
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-10-19] ()
    R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\NS.exe [289080 2016-06-17] (Symantec Corporation)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
    R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-09-01] (Intel® Corporation) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]
     
    ===================== Drivers (Whitelisted) ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
    R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\BASHDefs\20160802.002\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation)
    R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1607000.04C\ccSetx64.sys [174328 2016-06-02] (Symantec Corporation)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-05] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
    R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\IPSDefs\20160805.001\IDSvia64.sys [876760 2016-07-07] (Symantec Corporation)
    S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-02-15] (Windows ® 2003 DDK 3790 provider)
    R3 SRTSP; C:\Windows\System32\Drivers\NSx64\1607000.04C\SRTSP64.SYS [773368 2016-07-20] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1607000.04C\SRTSPX64.SYS [48888 2016-06-02] (Symantec Corporation)
    R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1607000.04C\SYMEFASI64.SYS [1627352 2016-06-02] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-06-21] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NSx64\1607000.04C\Ironx64.SYS [291056 2016-06-02] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1607000.04C\SYMNETS.SYS [567536 2016-06-02] (Symantec Corporation)
    S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\SDSDefs\20160621.009\ENG64.SYS [X]
    S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\SDSDefs\20160621.009\EX64.SYS [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== One Month Created files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2016-08-07 13:51 - 2016-08-07 13:52 - 00019258 _____ C:\Users\owner\Downloads\FRST.txt
    2016-08-07 13:46 - 2016-08-07 13:51 - 00000000 ____D C:\FRST
    2016-08-07 13:45 - 2016-08-07 13:45 - 02393600 _____ (Farbar) C:\Users\owner\Downloads\FRST64.exe
    2016-08-07 13:45 - 2016-08-07 13:45 - 01743872 _____ (Farbar) C:\Users\owner\Downloads\FRST.exe
    2016-08-07 13:38 - 2016-08-07 13:38 - 00013851 _____ C:\Users\owner\Desktop\JRT.txt
    2016-08-07 13:30 - 2016-08-07 13:30 - 01610560 _____ (Malwarebytes) C:\Users\owner\Downloads\JRT.exe
    2016-08-07 13:18 - 2016-08-07 13:18 - 00013351 _____ C:\Users\owner\Desktop\AdwCleaner - Shortcut.lnk
    2016-08-07 13:16 - 2016-08-07 13:16 - 00037107 _____ C:\Users\owner\Desktop\AdwCleaner[C1].txt
    2016-08-07 13:09 - 2016-08-07 13:12 - 00000000 ____D C:\AdwCleaner
    2016-08-07 13:07 - 2016-08-07 13:08 - 03712064 _____ C:\Users\owner\Downloads\AdwCleaner.exe
    2016-08-07 04:31 - 2016-08-07 04:31 - 03411640 _____ (Symantec Corporation) C:\Users\owner\Downloads\NPE (2).exe
    2016-08-07 04:27 - 2016-08-07 04:27 - 03411640 _____ (Symantec Corporation) C:\Users\owner\Downloads\NPE (1).exe
    2016-08-07 03:14 - 2016-08-07 04:19 - 904271872 _____ C:\Users\owner\Downloads\nbrt.iso
    2016-08-07 02:57 - 2016-08-07 04:31 - 00264422 _____ C:\Windows\ntbtlog.txt
    2016-08-07 02:52 - 2016-08-07 02:52 - 03411640 _____ (Symantec Corporation) C:\Users\owner\Downloads\NPE (4).exe
    2016-08-07 00:25 - 2016-08-07 00:25 - 03411640 _____ (Symantec Corporation) C:\Users\owner\Downloads\NPE.exe
    2016-08-06 11:32 - 2016-08-06 11:33 - 00037588 _____ C:\Users\owner\Downloads\acorde08.mid
    2016-08-05 15:07 - 2016-08-05 15:07 - 00065328 _____ C:\Users\owner\Downloads\00000000000099798193_00000000400177043268.pdf
    2016-08-05 07:04 - 2016-08-05 07:04 - 00372628 _____ C:\Users\owner\Downloads\Blessings Aug 4.sm (2).pdf
    2016-08-05 07:04 - 2016-08-05 07:04 - 00372628 _____ C:\Users\owner\Downloads\Blessings Aug 4.sm (1).pdf
    2016-08-05 07:03 - 2016-08-05 07:04 - 00372628 _____ C:\Users\owner\Downloads\Blessings Aug 4.sm.pdf
    2016-08-01 13:00 - 2016-08-01 13:00 - 00504464 _____ C:\Users\owner\Downloads\Photos Mary Ellen Orr -Donald Orr.pdf
    2016-07-30 22:48 - 2016-07-30 22:48 - 00291179 _____ C:\Users\owner\Downloads\Blessings July 28.sm (3).pdf
    2016-07-30 22:48 - 2016-07-30 22:48 - 00291179 _____ C:\Users\owner\Downloads\Blessings July 28.sm (2).pdf
    2016-07-30 22:48 - 2016-07-30 22:48 - 00291179 _____ C:\Users\owner\Downloads\Blessings July 28.sm (1).pdf
    2016-07-28 23:20 - 2016-07-28 23:20 - 01613626 _____ C:\Users\owner\Downloads\image1.(null)
    2016-07-23 16:50 - 2016-07-23 16:51 - 05951531 _____ C:\Users\owner\Downloads\SopCast.zip
    2016-07-13 18:02 - 2016-07-13 18:02 - 00033221 _____ C:\Users\owner\Downloads\Ravi Salamon.PDF
    2016-07-11 23:05 - 2016-07-11 23:20 - 75185857 _____ C:\Users\owner\Downloads\Grainne July 2016 (1).m4a
    2016-07-11 23:04 - 2016-07-11 23:17 - 75185857 _____ C:\Users\owner\Downloads\Grainne July 2016.m4a
    2016-07-11 16:16 - 2016-07-11 16:16 - 00218547 _____ C:\Users\owner\Downloads\Foto 13.pdf
     
    ==================== One Month Modified files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2016-08-07 13:51 - 2016-01-31 09:29 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-08-07 13:50 - 2011-04-16 14:05 - 00000000 ____D C:\Users\owner\AppData\Roaming\Skype
    2016-08-07 13:41 - 2015-12-04 06:00 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
    2016-08-07 13:25 - 2009-07-14 01:45 - 00022976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-08-07 13:25 - 2009-07-14 01:45 - 00022976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-08-07 13:20 - 2011-07-17 01:36 - 00000000 ____D C:\Users\owner\Desktop\Hegel articles and books
    2016-08-07 13:14 - 2016-01-31 09:29 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-08-07 13:14 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-08-07 13:03 - 2012-07-25 02:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-08-07 05:47 - 2012-09-11 10:30 - 00000000 ____D C:\Users\owner\AppData\Local\NPE
    2016-08-07 04:27 - 2010-12-08 23:36 - 00000000 ____D C:\ProgramData\Norton
    2016-08-07 04:19 - 2011-10-12 16:00 - 00000000 ____D C:\Users\Public\CyberLink
    2016-08-07 02:58 - 2015-02-13 01:50 - 00000000 ____D C:\NPE
    2016-08-03 06:55 - 2015-03-20 17:24 - 02156544 ___SH C:\Users\owner\Downloads\Thumbs.db
    2016-07-29 06:53 - 2009-07-14 02:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-07-29 06:53 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
    2016-07-28 22:46 - 2016-01-31 09:29 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-07-28 22:46 - 2016-01-31 09:29 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-07-27 22:20 - 2015-04-04 00:03 - 00431616 ___SH C:\Users\owner\Documents\Thumbs.db
    2016-07-24 22:42 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
    2016-07-23 13:12 - 2011-07-07 14:15 - 00000000 ____D C:\Users\owner\AppData\Local\Windows Live
    2016-07-14 23:00 - 2012-07-25 02:52 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-07-14 23:00 - 2012-07-25 02:52 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-07-14 23:00 - 2011-10-18 10:20 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-07-14 22:58 - 2016-06-18 11:58 - 19527360 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2016-07-12 13:57 - 2011-10-18 10:03 - 00000000 ____D C:\Windows\system32\Macromed
    2016-07-12 13:57 - 2010-12-08 22:59 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2016-07-10 11:02 - 2009-07-14 02:08 - 00032648 _____ C:\Windows\Tasks\SCHEDLGU.TXT
     
    ==================== Files in the root of some directories =======
     
    2011-04-16 14:08 - 2011-04-16 14:08 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    2013-10-27 14:38 - 2013-10-27 14:38 - 0004970 _____ () C:\ProgramData\xgneqrwu.hrx
    2010-12-08 23:06 - 2010-12-08 23:07 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    2010-12-08 23:00 - 2010-12-08 23:01 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
    2010-12-08 23:03 - 2010-12-08 23:04 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2010-12-08 23:01 - 2010-12-08 23:03 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
    2010-12-08 23:04 - 2010-12-08 23:06 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
     
    Some files in TEMP:
    ====================
    C:\Users\owner\AppData\Local\Temp\libeay32.dll
    C:\Users\owner\AppData\Local\Temp\msvcr120.dll
    C:\Users\owner\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\owner\AppData\Local\Temp\sqlite3.dll
     
     
    ==================== Bamital & volsnap =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2016-06-16 10:48
     
    ==================== End of FRST.txt ============================
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
    Ran by owner (2016-08-07 13:52:34)
    Running from C:\Users\owner\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) (2011-03-20 11:31:04)
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Accounts: =============================
     
    Administrator (S-1-5-21-1688672369-560665978-2355779204-500 - Administrator - Disabled)
    Guest (S-1-5-21-1688672369-560665978-2355779204-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1688672369-560665978-2355779204-1002 - Limited - Enabled)
    owner (S-1-5-21-1688672369-560665978-2355779204-1000 - Administrator - Enabled) => C:\Users\owner
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
    FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    „Messenger“ pagalbinė priemonė (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    „Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    „Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
    „Windows Live Messenger“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
    „Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
    Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
    Adobe Reader 9.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
    BatteryLifeExtender (HKLM-x32\...\{EA257ECF-5F72-4461-B890-959394DCD087}) (Version: 1.0.10 - Samsung)
    Best Buy pc app (HKU\S-1-5-21-1688672369-560665978-2355779204-1000\...\48e4cff94f039634) (Version: 3.0.0.0 - Best Buy)
    Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
    Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
    CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
    CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
    CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3509 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 2.05 - NCH Software)
    Doplnok programu Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Easy Content Share (HKLM-x32\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
    Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
    Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0.0.5 - Samsung Electronics Co., Ltd.)
    Easy Network Manager (HKLM-x32\...\{FCF2085E-ABE5-4AA8-B07C-65BBD56DA243}) (Version: 4.4.6 - Samsung)
    Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.)
    EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
    EasyFileShare (HKLM-x32\...\{EA76E65F-6679-495A-A8A6-42AD6602ED4C}) (Version: 1.0.11 - Samsung)
    EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version:  - epubfilereader.com)
    ETDWare PS/2-X64 8.0.7.1_WHQL (HKLM\...\Elantech) (Version: 8.0.7.1 - ELAN Microelectronic Corp.)
    Fast Start (HKLM-x32\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.0 - SAMSUNG)
    Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.21.149 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{7D220A57-969F-4D09-9297-D48195A8ABDD}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
    HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
    HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{860B418B-F90B-465A-BC1D-04B518045C72}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
    HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
    Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.3.1 - Intel Corporation)
    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel® PROSet/Wireless WiFi Software (HKLM\...\{D75AEB5B-FA18-4BD4-9EED-54CA46DB5AE8}) (Version: 13.04.0000 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
    Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
    Intel® Wireless Display (HKLM-x32\...\{34F98478-05CB-4A3A-B6F4-DA529ED8FA57}) (Version: 1.3.9.0 - Intel Corporation)
    Intel® PROSet/Wireless WiMAX Software (HKLM\...\{6548B189-BEA4-4041-80E0-AEB60548E046}) (Version: 2.03.2000 - Intel Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Assistent (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Messenger kísérő (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Messenger Pratilac (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Messenger Suradnik (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Messenger 사이트 공유 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Messenger 分享元件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Messenger 浏览器插件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Messenger-kumppani (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Movie Color Enhancer (HKLM-x32\...\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Norton Security (HKLM-x32\...\NS) (Version: 22.7.0.76 - Symantec Corporation)
    Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Pomocnik Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM-x32\...\RealPlayer 12.0) (Version:  - RealNetworks)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.33.1125.2010 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 1.1.21.0 - Samsung Electronics Co., Ltd.)
    Samsung AnyWeb Print (x32 Version: 1.0 - Samsung Electronics Co., Ltd.) Hidden
    Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.8 - Samsung)
    Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.21 - Samsung)
    Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.01.06.00:16 - Samsung Electronics Co., Ltd.)
    Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.1.0 - Samsung Electronics Co., Ltd.)
    Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
    Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
    Spremljevalec Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    SRS Premium Sound Control Panel (HKLM\...\{2998191E-A35E-47E2-BE38-7702C731D722}) (Version: 1.10.1000 - SRS Labs, Inc.)
    User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
    Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Компаньон Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Помощник на Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
    Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    מסייע Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
     
    ==================== Custom CLSID (Whitelisted): ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    CustomCLSID: HKU\S-1-5-21-1688672369-560665978-2355779204-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
     
    ==================== Scheduled Tasks (Whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    Task: {078811F6-9D0A-4138-9AC5-F6BE859914FE} - System32\Tasks\{4C32912D-677E-4DE7-9EF9-4C0EB0F4F521} => Chrome.exe 
    Task: {09DEF735-61BA-4EC5-B0A1-3C76B19984AA} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-08-19] (Samsung Electronics Co., Ltd.)
    Task: {1C0F6894-CA36-4D29-9BE0-4B1409FDD104} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)
    Task: {24FE869C-C8FF-42B8-8904-C3D8A1403B17} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-11-28] (Samsung Electronics Co., Ltd.)
    Task: {38A33F0D-1425-4CE4-BC79-882B2679C4FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.)
    Task: {456CC32D-874C-41DC-8879-247C7DEA87CE} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink)
    Task: {4599B47D-BCA3-459E-91DA-1C21919B8F7A} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-26] (Samsung Electronics)
    Task: {4874F561-3F0C-4D82-B702-DCB6F98145C9} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-01] (Samsung Electronics. Co. Ltd.)
    Task: {4A103370-7D7D-4064-BCCA-4E501EFB2E7B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
    Task: {4AA7604C-1492-4048-8066-94D4B5FD396F} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-11-23] (SAMSUNG Electronics)
    Task: {4DBF7959-6EEE-4DA3-9F21-27013A78D6EB} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation)
    Task: {4FD73600-E51B-4D86-AE3A-DE1F8CD94C56} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
    Task: {633813FF-730F-43F9-B229-A66FC623561D} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation)
    Task: {69D57BF3-20F9-4F35-82A8-F432416E7CC6} - System32\Tasks\SRS Premium Sound => C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe [2010-11-29] (SRS Labs, Inc.)
    Task: {787E014D-1887-43D5-9751-BD346190904B} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1688672369-560665978-2355779204-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
    Task: {7B6E5E9E-9C7C-45BB-BF5B-09DBDB21FD3B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
    Task: {7CD4871C-3D25-47C7-9992-81C617B5B5F0} - System32\Tasks\{4987CD19-ED78-4E72-A139-A05168BA820B} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.3.0.108.259/en/abandoninstall?source=lightinstaller&page=tsDownload&installinfo=google-toolbar:notoffered;userdeclined,google-chrome:offered-installed;madedefault
    Task: {90489BF4-B39D-4AED-B65B-E861CB94257A} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
    Task: {973DBCF1-BA4C-40CD-8185-FBFE398B2716} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-11-17] (SEC)
    Task: {9B83498C-4813-4A91-A88D-77A021844A08} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\WSCStub.exe [2016-06-16] (Symantec Corporation)
    Task: {B68AA854-B0CB-441A-8F98-9534C37F5009} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.)
    Task: {B7B5EDBF-B657-43C1-8C71-C64F4716FAF3} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-06-16] (Symantec Corporation)
    Task: {D67B5332-5918-416C-9352-3C0E19D173C9} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [2010-11-28] (Samsung Electronics Co., Ltd.)
    Task: {E34B28F8-5496-4249-9257-5A0F71F2B153} - System32\Tasks\{8F8AFA24-6968-4B0E-B881-DC59FF19FE89} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.3.0.108.259/en/abandoninstall?source=lightinstaller&page=tsInstall&installinfo=google-toolbar:notoffered;userdeclined,google-chrome:offered-installed;madedefault
    Task: {E9AEB8AF-4CFE-4F11-BB9B-F59A61DC0BC2} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1688672369-560665978-2355779204-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
    Task: {F282ABE8-4A50-4C94-87AB-A6C374891AFE} - System32\Tasks\{C74E7A22-C0C5-484A-95D3-7F241230FF5F} => Chrome.exe 
    Task: {F3EE9D4A-0574-470B-8BF2-E7E8299608EA} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-05053A95\EPM.exe
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
     
    ==================== Shortcuts =============================
     
    (The entries could be listed to be restored or removed.)
     
    Shortcut: C:\Users\owner\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.html
     
    ==================== Loaded Modules (Whitelisted) ==============
     
    2010-10-19 01:39 - 2010-10-19 01:39 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
    2010-12-08 23:28 - 2008-06-04 20:53 - 00027648 _____ () C:\Windows\System32\spd__l.dll
    2011-09-11 00:56 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
    2010-12-08 23:03 - 2009-12-01 04:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2010-12-08 23:29 - 2010-04-20 20:44 - 00719872 _____ () C:\Windows\system32\SnMinDrv.dll
     
    ==================== Alternate Data Streams (Whitelisted) =========
     
    (If an entry is included in the fixlist, only the ADS will be removed.)
     
     
    ==================== Safe Mode (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
     
    ==================== Association (Whitelisted) ===============
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
     
     
    ==================== Internet Explorer trusted/restricted ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry.)
     
     
    ==================== Hosts content: ===============================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-13 23:34 - 2009-06-10 18:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
     
     
    ==================== Other Areas ============================
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-21-1688672369-560665978-2355779204-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 8.8.8.8 - 8.8.4.4
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.
     
    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
    (Currently there is no automatic fix for this section.)
     
     
    ==================== FirewallRules (Whitelisted) ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    FirewallRules: [{D9F4930F-7904-4D65-A33A-BAFFE317C105}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
    FirewallRules: [{356E77B3-B88B-4BE5-B0BB-CE7837AB1E93}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{6399838E-7692-4761-B399-CD1D2137826B}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    FirewallRules: [{D7E61963-FA8F-45DA-8E73-650D2DC887B6}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    FirewallRules: [{74692072-133F-4DD5-8990-565E9F07E56B}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    FirewallRules: [{4F3AD9A8-B92D-497A-AD6B-3B8F7AFB48CF}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    FirewallRules: [{19E74ECF-6E41-49EE-BBD9-ED7A54D4E907}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{A247DFFB-4726-4862-B679-A9F373E986C9}] => (Allow) LPort=2869
    FirewallRules: [{6C60537F-F519-47AD-BF55-471CE3B3BDC4}] => (Allow) LPort=1900
    FirewallRules: [{5A88F2DE-DDB1-47C1-B825-41EE01FFDC5D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{7D07423A-D7A9-4C32-9D06-3D04FD0FB248}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [{4B63CBE7-C174-48D0-A03E-3D37DEBA63C6}] => (Allow) C:\Windows\System32\SUPDSvc.exe
    FirewallRules: [{31D0C7E6-8178-4515-B92B-CC6956532F3E}] => (Allow) C:\Windows\System32\SUPDSvc.exe
    FirewallRules: [{9CF142E5-D927-4FDB-82BA-4877A7C5FD70}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
    FirewallRules: [{6C778C21-83CF-4623-A916-9F26A8173D9E}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
    FirewallRules: [{FCF1541B-5700-4E27-814E-1C890BF9B2C6}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
    FirewallRules: [{26E5EA04-EE26-4EE6-A026-4C756431D42D}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
    FirewallRules: [{F3A28B02-60BE-4C57-8521-3BA858961B8B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [TCP Query User{AB4DD7BA-ECFF-47A4-B8B6-066F64E9E9D6}C:\program files (x86)\tvuplayer\tvuplayer.exe] => (Allow) C:\program files (x86)\tvuplayer\tvuplayer.exe
    FirewallRules: [UDP Query User{42B95E61-A2BF-408E-8EEF-0F2046FB5517}C:\program files (x86)\tvuplayer\tvuplayer.exe] => (Allow) C:\program files (x86)\tvuplayer\tvuplayer.exe
    FirewallRules: [{EC12289E-A7FF-453C-ADCE-11550C92F10A}] => (Block) C:\program files (x86)\tvuplayer\tvuplayer.exe
    FirewallRules: [{AEA3102E-45DE-4135-89DF-07EEFEC3B88F}] => (Block) C:\program files (x86)\tvuplayer\tvuplayer.exe
    FirewallRules: [TCP Query User{DB720C81-50FC-4DC4-8F27-F1E70437098E}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
    FirewallRules: [UDP Query User{5A010772-07AD-488B-B8D3-93125589342C}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
    FirewallRules: [TCP Query User{8F1ECAFF-3055-40F8-AC66-5A440B203C11}C:\program files (x86)\sopcast\adv\sopadver.exe] => (Allow) C:\program files (x86)\sopcast\adv\sopadver.exe
    FirewallRules: [UDP Query User{ECEA9E79-7CED-4370-838F-BCE87A7C9CF0}C:\program files (x86)\sopcast\adv\sopadver.exe] => (Allow) C:\program files (x86)\sopcast\adv\sopadver.exe
    FirewallRules: [TCP Query User{EF4CF6D0-6E3A-4F1C-8699-8C2D3471C508}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [UDP Query User{A7060047-1407-4CAC-8793-248B740E0B17}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [{E702949C-4E7A-4717-B185-8EDB7622C7C4}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
    FirewallRules: [{0E723EAD-DBAA-4E85-8928-D84671CC516C}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
    FirewallRules: [{2B489A3D-F684-416F-A7F1-E8AE4C049E75}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{E7A54E51-85CD-4C15-A246-D77ECDCDC7EF}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [TCP Query User{C5DAA574-56BD-48F9-A6CF-95030573555C}C:\users\owner\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\owner\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
    FirewallRules: [UDP Query User{5DC41FE8-9CA1-4366-8482-6C922CD5A877}C:\users\owner\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\owner\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
    FirewallRules: [{083FE9C9-E93A-44F4-AEE7-DBA67E8DE3CF}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
    FirewallRules: [{9D33D690-7F39-474E-AFBD-19323FFBC873}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
    FirewallRules: [{B1DF3851-F768-4534-9AEF-A2B106AD3DC9}] => (Allow) C:\Program Files (x86)\Veetle\Player\VeetleNet.exe
    FirewallRules: [{FB1C3512-2122-4DA8-94B4-931359141D82}] => (Allow) C:\Program Files (x86)\Veetle\Player\VeetleNet.exe
    FirewallRules: [TCP Query User{50F2EC1D-D56D-41B0-973F-0585472E4E74}C:\program files (x86)\sopcast\sopcast.exe] => (Block) C:\program files (x86)\sopcast\sopcast.exe
    FirewallRules: [UDP Query User{3F4A196D-9463-49CB-9290-80F1BCB8F6E8}C:\program files (x86)\sopcast\sopcast.exe] => (Block) C:\program files (x86)\sopcast\sopcast.exe
    FirewallRules: [TCP Query User{88FBD7D4-BF13-4309-8731-25F06BD40702}C:\program files (x86)\sopcast\adv\sopadver.exe] => (Allow) C:\program files (x86)\sopcast\adv\sopadver.exe
    FirewallRules: [UDP Query User{D51A6A56-BBC8-444B-8F8E-E1863AE9F803}C:\program files (x86)\sopcast\adv\sopadver.exe] => (Allow) C:\program files (x86)\sopcast\adv\sopadver.exe
    FirewallRules: [{AC2A438E-A8CC-4574-A928-445476509C05}] => (Allow) C:\Program Files (x86)\Apowersoft\Screen Recording Suite\Screen Recording Suite.exe
    FirewallRules: [{C26F9CC4-3DFF-4DA3-AE72-FED0BF46CF0F}] => (Allow) C:\Program Files (x86)\Apowersoft\Screen Recording Suite\Screen Recording Suite.exe
    FirewallRules: [{B63EA479-CFC4-40BD-A421-B2996776BC1A}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
    FirewallRules: [{24799159-03DF-490B-92DC-02F653FF5D8C}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
    FirewallRules: [{71AC3028-2168-4DF8-BD1B-8E2BFF28B5C6}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
    FirewallRules: [{9BA4104C-2B27-4E8A-AB55-BE174C23DFC6}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
    FirewallRules: [{BD51045B-8276-475F-970C-4CD5D9425126}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
    FirewallRules: [{2052B935-7B7A-4276-AC8C-D74BCB441BE8}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
    FirewallRules: [{A12E5495-3ECB-4DE1-9E7B-8F2D5EA46282}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
    FirewallRules: [{FD3FD9ED-BA1E-46E9-8F18-CAB110950FE0}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
    FirewallRules: [{4867F77E-9B27-44ED-AE36-5A29D4548DD4}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
    FirewallRules: [{7F9605EB-F901-4ADE-8127-E83877FA0F9E}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
    FirewallRules: [{22237674-4D9F-40E1-AE98-627758CA0A13}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
    FirewallRules: [{D7A8B3A2-409A-4259-8F00-355A135D6BDF}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
    FirewallRules: [{B0E2CD74-A375-4E03-A340-0C17B7063752}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
    FirewallRules: [{701BEF45-BCAE-427A-BCC3-63BC420938EB}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
    FirewallRules: [{3E26DC3C-E364-477B-A345-FE582D2422F9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
    ==================== Restore Points =========================
     
    17-05-2016 20:14:38 Scheduled Checkpoint
    27-05-2016 19:18:36 Scheduled Checkpoint
    07-08-2016 02:25:46 Norton_Power_Eraser_20160807022536838
    07-08-2016 13:32:28 JRT Pre-Junkware Removal
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (08/07/2016 01:29:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program NS.exe version 13.1.1.19 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
     
    Process ID: 1068
     
    Start Time: 01d1f0c716f6cfd8
     
    Termination Time: 240
     
    Application Path: C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\NS.exe
     
    Report Id: f040a9af-5cbb-11e6-882f-e81132228e8e
     
    Error: (06/28/2016 06:48:08 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
    Faulting module name: SHLWAPI.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9ab
    Exception code: 0xc0000005
    Fault offset: 0x0000000000011c66
    Faulting process id: 0x1360
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
     
    Error: (06/28/2016 06:45:33 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
    Exception code: 0xc0000008
    Fault offset: 0x000000000000940d
    Faulting process id: 0x6cc
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
     
    Error: (06/27/2016 10:29:27 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: NS.exe, version: 13.1.1.19, time stamp: 0x573e3d6e
    Faulting module name: NAHELPER.DLL, version: 6.6.0.45, time stamp: 0x57336585
    Exception code: 0xc0000005
    Fault offset: 0x0000382f
    Faulting process id: 0x694
    Faulting application start time: 0xNS.exe0
    Faulting application path: NS.exe1
    Faulting module path: NS.exe2
    Report Id: NS.exe3
     
    Error: (06/16/2016 10:54:33 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17183, time stamp: 0x546ebc2a
    Faulting module name: AcroRd32.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ac72081
    Exception code: 0xc000041d
    Fault offset: 0x5c8293b2
    Faulting process id: 0x145c
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3
     
    Error: (06/16/2016 10:54:29 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17183, time stamp: 0x546ebc2a
    Faulting module name: AcroRd32.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ac72081
    Exception code: 0xc0000005
    Fault offset: 0x5c8293b2
    Faulting process id: 0x145c
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3
     
    Error: (06/09/2016 03:57:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program ETDCtrl.exe version 8.2.0.4 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
     
    Process ID: 9dc
     
    Start Time: 01d1c16a19692fa3
     
    Termination Time: 240
     
    Application Path: C:\Program Files\Elantech\ETDCtrl.exe
     
    Report Id: bf5181c1-2ddc-11e6-a37f-e81132228e8e
     
    Error: (05/13/2016 11:58:34 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17183, time stamp: 0x546ebc2a
    Faulting module name: AcroRd32.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ac72081
    Exception code: 0xc0000005
    Fault offset: 0x5b7693b2
    Faulting process id: 0x1adc
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3
     
    Error: (05/08/2016 10:27:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program chrome.exe version 50.0.2661.94 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
     
    Process ID: f98
     
    Start Time: 01d1a9735c59bcbf
     
    Termination Time: 129
     
    Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
    Report Id: 0d12cbac-1585-11e6-b86b-e81132228e8e
     
    Error: (04/11/2016 09:52:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program chrome.exe version 49.0.2623.112 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
     
    Process ID: 19e8
     
    Start Time: 01d19455478faee8
     
    Termination Time: 11
     
    Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
    Report Id: a57cd44e-0048-11e6-8679-e81132228e8e
     
     
    System errors:
    =============
    Error: (08/07/2016 01:13:45 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.
     
    Module Path: C:\Windows\System32\IWMSSvc.dll
     
    Error: (08/07/2016 01:13:45 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.
     
    Module Path: C:\Windows\System32\IWMSSvc.dll
     
    Error: (08/07/2016 01:13:45 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.
     
    Module Path: C:\Windows\System32\IWMSSvc.dll
     
    Error: (08/07/2016 01:13:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.
     
    Module Path: C:\Windows\System32\IWMSSvc.dll
     
    Error: (08/07/2016 01:12:55 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
    %%1056 = An instance of the service is already running.
     
    Error: (08/07/2016 01:12:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel® Management & Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (08/07/2016 01:12:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
     
    Error: (08/07/2016 01:12:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
     
    Error: (08/07/2016 01:12:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel® PROSet/Wireless Event Log service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (08/07/2016 01:12:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
    Percentage of memory in use: 60%
    Total physical RAM: 3892.56 MB
    Available physical RAM: 1525.4 MB
    Total Virtual: 7783.3 MB
    Available Virtual: 4690.29 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:180 GB) (Free:120.86 GB) NTFS
    Drive d: () (Fixed) (Total:268.5 GB) (Free:252.02 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: F6A2585C)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=180 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=268.5 GB) - (Type=OF Extended)
    Partition 4: (Not Active) - (Size=17.2 GB) - (Type=27)
     
    ==================== End of Addition.txt ============================

    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,999 posts
    • MVP

    I don't see any signs of an infection.  You did have a lot of adware.  Look at the first part of the adwcleaner log and try not to download those programs again.

     

    I want to clean up some deadwood:

     

     
    Download the attached fixlist.txt to the same location as FRST
     
    Attached File  fixlist.txt   4.71KB   25 downloads
     
    Run FRST and press Fix
    A fix log will be generated please post that 
     
     
    Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
     

    • 0

    #5
    goiasg

    goiasg

      New Member

    • Topic Starter
    • Member
    • Pip
    • 9 posts

    Thank you again. I'm sorry though, namely if this is taking your time but I don't know exactly what I have to do with:

     

    "Download the attached fixlist.txt to the same location as FRST"

     

    I don't know what it means the same location. I have downloaded the file, I have it in hand so to say. There's the "text" but I just don't quite get what to do with it.


    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,999 posts
    • MVP

    FRST says: Running from C:\Users\owner\Downloads

     

    So if you have clicked on the fixlist.txt and it opened in notepad, it will also have been downloaded to the Downloads folder.  Just Close notepad then right click on FRST and Run AS Admin.  That will start FRST.  Once it comes up just click on FIX.


    • 0

    #7
    goiasg

    goiasg

      New Member

    • Topic Starter
    • Member
    • Pip
    • 9 posts

    Thank you. I did as you said.

     

    I had a message saying "Scan completed FRST.txt is saved in the same directory FRST is located". After OK:

     

    Ran by owner (administrator) on OWNER-PC (07-08-2016 15:31:36)
    Running from C:\Users\owner\Downloads
    Loaded Profiles: owner (Available Profiles: owner)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 10 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\ns.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\ns.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ===========================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2581384 2010-08-31] (ELAN Microelectronics Corp.)
    HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
    HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [273544 2011-05-09] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1688672369-560665978-2355779204-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-27] (Skype Technologies S.A.)
    HKU\S-1-5-21-1688672369-560665978-2355779204-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
    HKU\S-1-5-21-1688672369-560665978-2355779204-1000\...\MountPoints2: {bb84e21b-74b7-11e0-b18e-e81132228e8e} - F:\LaunchU3.exe -a
    HKU\S-1-5-21-1688672369-560665978-2355779204-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2015-03-21]
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2015-03-21]
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
    Tcpip\..\Interfaces\{03163D81-0449-469F-AE22-A5B5AB6D604B}: [DhcpNameServer] 8.8.8.8 8.8.4.4
    Tcpip\..\Interfaces\{A1D97E98-42C4-4BDF-8890-881896C147BD}: [NameServer] 8.8.8.8,8.8.4.4
    Tcpip\..\Interfaces\{A1D97E98-42C4-4BDF-8890-881896C147BD}: [DhcpNameServer] 192.168.254.254
     
    Internet Explorer:
    ==================
    HKU\S-1-5-21-1688672369-560665978-2355779204-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll => No File
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
    BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-05-09] (RealPlayer)
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
    BHO-x32: W2PBrowser Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-09-17] ()
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
     
    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll [No File]
    FF Plugin-x32: @real.com/nppl3260;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2011-05-09] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprjplug;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2011-05-09] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2011-05-09] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-05-09] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll [2011-05-09] (RealNetworks, Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2012-01-13] (Veetle Inc)
    FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2012-01-13] (Veetle Inc)
    FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFAddon
    FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFAddon [2016-06-22]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2016-01-31] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFAddon
     
    Chrome: 
    =======
    CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
    CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
    CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
    CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
    CHR Extension: (Google Docs Offline) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
    CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-07-22]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
    CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
    CHR Extension: (Chrome Media Router) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-02]
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\Exts\Chrome.crx [2016-06-21]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\Exts\Chrome.crx [2016-06-21]
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-05-09]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
     
    ==================== Services (Whitelisted) ========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
    R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-08-31] (Red Bend Ltd.) [File not signed]
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-10-19] ()
    R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\NS.exe [289080 2016-06-17] (Symantec Corporation)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
    R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-09-01] (Intel® Corporation) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]
     
    ===================== Drivers (Whitelisted) ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
    R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\BASHDefs\20160802.002\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation)
    R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1607000.04C\ccSetx64.sys [174328 2016-06-02] (Symantec Corporation)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-05] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
    R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\IPSDefs\20160805.001\IDSvia64.sys [876760 2016-07-07] (Symantec Corporation)
    S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-02-15] (Windows ® 2003 DDK 3790 provider)
    R3 SRTSP; C:\Windows\System32\Drivers\NSx64\1607000.04C\SRTSP64.SYS [773368 2016-07-20] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1607000.04C\SRTSPX64.SYS [48888 2016-06-02] (Symantec Corporation)
    R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1607000.04C\SYMEFASI64.SYS [1627352 2016-06-02] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-06-21] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NSx64\1607000.04C\Ironx64.SYS [291056 2016-06-02] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1607000.04C\SYMNETS.SYS [567536 2016-06-02] (Symantec Corporation)
    S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\SDSDefs\20160621.009\ENG64.SYS [X]
    S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\SDSDefs\20160621.009\EX64.SYS [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== One Month Created files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2016-08-07 15:11 - 2016-08-07 15:11 - 00013323 _____ C:\Users\owner\Desktop\FRST64 - Shortcut.lnk
    2016-08-07 15:10 - 2016-08-07 15:10 - 00004828 _____ C:\Users\owner\Downloads\fixlist.txt
    2016-08-07 13:59 - 2016-08-07 13:59 - 00041233 _____ C:\Users\owner\Desktop\Addition.txt
    2016-08-07 13:59 - 2016-08-07 13:59 - 00027615 _____ C:\Users\owner\Desktop\FRST.txt
    2016-08-07 13:52 - 2016-08-07 13:53 - 00041233 _____ C:\Users\owner\Downloads\Addition.txt
    2016-08-07 13:51 - 2016-08-07 15:31 - 00020008 _____ C:\Users\owner\Downloads\FRST.txt
    2016-08-07 13:46 - 2016-08-07 15:31 - 00000000 ____D C:\FRST
    2016-08-07 13:45 - 2016-08-07 13:45 - 02393600 _____ (Farbar) C:\Users\owner\Downloads\FRST64.exe
    2016-08-07 13:45 - 2016-08-07 13:45 - 01743872 _____ (Farbar) C:\Users\owner\Downloads\FRST.exe
    2016-08-07 13:38 - 2016-08-07 13:38 - 00013851 _____ C:\Users\owner\Desktop\JRT.txt
    2016-08-07 13:30 - 2016-08-07 13:30 - 01610560 _____ (Malwarebytes) C:\Users\owner\Downloads\JRT.exe
    2016-08-07 13:18 - 2016-08-07 13:18 - 00013351 _____ C:\Users\owner\Desktop\AdwCleaner - Shortcut.lnk
    2016-08-07 13:16 - 2016-08-07 13:16 - 00037107 _____ C:\Users\owner\Desktop\AdwCleaner[C1].txt
    2016-08-07 13:09 - 2016-08-07 13:12 - 00000000 ____D C:\AdwCleaner
    2016-08-07 13:07 - 2016-08-07 13:08 - 03712064 _____ C:\Users\owner\Downloads\AdwCleaner.exe
    2016-08-07 04:31 - 2016-08-07 04:31 - 03411640 _____ (Symantec Corporation) C:\Users\owner\Downloads\NPE (2).exe
    2016-08-07 04:27 - 2016-08-07 04:27 - 03411640 _____ (Symantec Corporation) C:\Users\owner\Downloads\NPE (1).exe
    2016-08-07 03:14 - 2016-08-07 04:19 - 904271872 _____ C:\Users\owner\Downloads\nbrt.iso
    2016-08-07 02:57 - 2016-08-07 04:31 - 00264422 _____ C:\Windows\ntbtlog.txt
    2016-08-07 02:52 - 2016-08-07 02:52 - 03411640 _____ (Symantec Corporation) C:\Users\owner\Downloads\NPE (4).exe
    2016-08-07 00:25 - 2016-08-07 00:25 - 03411640 _____ (Symantec Corporation) C:\Users\owner\Downloads\NPE.exe
    2016-08-06 11:32 - 2016-08-06 11:33 - 00037588 _____ C:\Users\owner\Downloads\acorde08.mid
    2016-08-05 15:07 - 2016-08-05 15:07 - 00065328 _____ C:\Users\owner\Downloads\00000000000099798193_00000000400177043268.pdf
    2016-08-05 07:04 - 2016-08-05 07:04 - 00372628 _____ C:\Users\owner\Downloads\Blessings Aug 4.sm (2).pdf
    2016-08-05 07:04 - 2016-08-05 07:04 - 00372628 _____ C:\Users\owner\Downloads\Blessings Aug 4.sm (1).pdf
    2016-08-05 07:03 - 2016-08-05 07:04 - 00372628 _____ C:\Users\owner\Downloads\Blessings Aug 4.sm.pdf
    2016-08-01 13:00 - 2016-08-01 13:00 - 00504464 _____ C:\Users\owner\Downloads\Photos Mary Ellen Orr -Donald Orr.pdf
    2016-07-30 22:48 - 2016-07-30 22:48 - 00291179 _____ C:\Users\owner\Downloads\Blessings July 28.sm (3).pdf
    2016-07-30 22:48 - 2016-07-30 22:48 - 00291179 _____ C:\Users\owner\Downloads\Blessings July 28.sm (2).pdf
    2016-07-30 22:48 - 2016-07-30 22:48 - 00291179 _____ C:\Users\owner\Downloads\Blessings July 28.sm (1).pdf
    2016-07-28 23:20 - 2016-07-28 23:20 - 01613626 _____ C:\Users\owner\Downloads\image1.(null)
    2016-07-23 16:50 - 2016-07-23 16:51 - 05951531 _____ C:\Users\owner\Downloads\SopCast.zip
    2016-07-13 18:02 - 2016-07-13 18:02 - 00033221 _____ C:\Users\owner\Downloads\Ravi Salamon.PDF
    2016-07-11 23:05 - 2016-07-11 23:20 - 75185857 _____ C:\Users\owner\Downloads\Grainne July 2016 (1).m4a
    2016-07-11 23:04 - 2016-07-11 23:17 - 75185857 _____ C:\Users\owner\Downloads\Grainne July 2016.m4a
    2016-07-11 16:16 - 2016-07-11 16:16 - 00218547 _____ C:\Users\owner\Downloads\Foto 13.pdf
     
    ==================== One Month Modified files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2016-08-07 15:17 - 2011-04-16 14:05 - 00000000 ____D C:\Users\owner\AppData\Roaming\Skype
    2016-08-07 14:57 - 2012-07-25 02:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-08-07 14:51 - 2016-01-31 09:29 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-08-07 13:41 - 2015-12-04 06:00 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
    2016-08-07 13:25 - 2009-07-14 01:45 - 00022976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-08-07 13:25 - 2009-07-14 01:45 - 00022976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-08-07 13:20 - 2011-07-17 01:36 - 00000000 ____D C:\Users\owner\Desktop\Hegel articles and books
    2016-08-07 13:14 - 2016-01-31 09:29 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-08-07 13:14 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-08-07 05:47 - 2012-09-11 10:30 - 00000000 ____D C:\Users\owner\AppData\Local\NPE
    2016-08-07 04:27 - 2010-12-08 23:36 - 00000000 ____D C:\ProgramData\Norton
    2016-08-07 04:19 - 2011-10-12 16:00 - 00000000 ____D C:\Users\Public\CyberLink
    2016-08-07 02:58 - 2015-02-13 01:50 - 00000000 ____D C:\NPE
    2016-08-03 06:55 - 2015-03-20 17:24 - 02156544 ___SH C:\Users\owner\Downloads\Thumbs.db
    2016-07-29 06:53 - 2009-07-14 02:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-07-29 06:53 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
    2016-07-28 22:46 - 2016-01-31 09:29 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-07-28 22:46 - 2016-01-31 09:29 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-07-27 22:20 - 2015-04-04 00:03 - 00431616 ___SH C:\Users\owner\Documents\Thumbs.db
    2016-07-24 22:42 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
    2016-07-23 13:12 - 2011-07-07 14:15 - 00000000 ____D C:\Users\owner\AppData\Local\Windows Live
    2016-07-14 23:00 - 2012-07-25 02:52 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-07-14 23:00 - 2012-07-25 02:52 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-07-14 23:00 - 2011-10-18 10:20 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-07-14 22:58 - 2016-06-18 11:58 - 19527360 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2016-07-12 13:57 - 2011-10-18 10:03 - 00000000 ____D C:\Windows\system32\Macromed
    2016-07-12 13:57 - 2010-12-08 22:59 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2016-07-10 11:02 - 2009-07-14 02:08 - 00032648 _____ C:\Windows\Tasks\SCHEDLGU.TXT
     
    ==================== Files in the root of some directories =======
     
    2011-04-16 14:08 - 2011-04-16 14:08 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    2013-10-27 14:38 - 2013-10-27 14:38 - 0004970 _____ () C:\ProgramData\xgneqrwu.hrx
    2010-12-08 23:06 - 2010-12-08 23:07 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    2010-12-08 23:00 - 2010-12-08 23:01 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
    2010-12-08 23:03 - 2010-12-08 23:04 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2010-12-08 23:01 - 2010-12-08 23:03 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
    2010-12-08 23:04 - 2010-12-08 23:06 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
     
    Some files in TEMP:
    ====================
    C:\Users\owner\AppData\Local\Temp\libeay32.dll
    C:\Users\owner\AppData\Local\Temp\msvcr120.dll
    C:\Users\owner\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\owner\AppData\Local\Temp\sqlite3.dll
     
     
    ==================== Bamital & volsnap =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2016-06-16 10:48
     
    ==================== End of FRST.txt ============================
     
     
    Then I clicked fix and:
     
     
    Fix result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
    Ran by owner (2016-08-07 15:33:41) Run:1
    Running from C:\Users\owner\Downloads
    Loaded Profiles: owner (Available Profiles: owner)
    Boot Mode: Normal
    ==============================================
     
    fixlist content:
    *****************
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2015-03-21]
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2015-03-21]
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
    BHO: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll => No File
    FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll [No File]
    CustomCLSID: HKU\S-1-5-21-1688672369-560665978-2355779204-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
    Task: {078811F6-9D0A-4138-9AC5-F6BE859914FE} - System32\Tasks\{4C32912D-677E-4DE7-9EF9-4C0EB0F4F521} => Chrome.exe 
    Task: {E34B28F8-5496-4249-9257-5A0F71F2B153} - System32\Tasks\{8F8AFA24-6968-4B0E-B881-DC59FF19FE89} => Iexplore.exe 
    Task: {E34B28F8-5496-4249-9257-5A0F71F2B153} - System32\Tasks\{8F8AFA24-6968-4B0E-B881-DC59FF19FE89} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.3.0.108.259/en/abandoninstall?source=lightinstaller&page=tsInstall&installinfo=google-toolbar:notoffered;userdeclined,google-chrome:offered-installed;madedefault
    Task: {F282ABE8-4A50-4C94-87AB-A6C374891AFE} - System32\Tasks\{C74E7A22-C0C5-484A-95D3-7F241230FF5F} => Chrome.exe 
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
     
     
     
     
     
     
     
    *****************
     
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully
    HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully
    HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully
    HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => key removed successfully
    HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
    C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => moved successfully
    C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe => not found.
    C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => not found.
    C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe => not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}" => key removed successfully
    "HKCR\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}" => key removed successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\@pages.tvunetworks.com/WebPlayer" => key removed successfully
    "HKU\S-1-5-21-1688672369-560665978-2355779204-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{078811F6-9D0A-4138-9AC5-F6BE859914FE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{078811F6-9D0A-4138-9AC5-F6BE859914FE}" => key removed successfully
    C:\Windows\System32\Tasks\{4C32912D-677E-4DE7-9EF9-4C0EB0F4F521} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4C32912D-677E-4DE7-9EF9-4C0EB0F4F521}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E34B28F8-5496-4249-9257-5A0F71F2B153}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E34B28F8-5496-4249-9257-5A0F71F2B153}" => key removed successfully
    C:\Windows\System32\Tasks\{8F8AFA24-6968-4B0E-B881-DC59FF19FE89} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8F8AFA24-6968-4B0E-B881-DC59FF19FE89}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E34B28F8-5496-4249-9257-5A0F71F2B153} => key not found. 
    C:\Windows\System32\Tasks\{8F8AFA24-6968-4B0E-B881-DC59FF19FE89} => not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8F8AFA24-6968-4B0E-B881-DC59FF19FE89} => key not found. 
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F282ABE8-4A50-4C94-87AB-A6C374891AFE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F282ABE8-4A50-4C94-87AB-A6C374891AFE}" => key removed successfully
    C:\Windows\System32\Tasks\{C74E7A22-C0C5-484A-95D3-7F241230FF5F} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C74E7A22-C0C5-484A-95D3-7F241230FF5F}" => key removed successfully
    C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
    C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
    C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
     
    ========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
     
     
    ========= End ofCMD: =========
     
     
    ==== End of Fixlog 15:34:03 ====

    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,999 posts
    • MVP

    You pressed the SCAN button instead of the FIX button.  Try again.


    • 0

    #9
    goiasg

    goiasg

      New Member

    • Topic Starter
    • Member
    • Pip
    • 9 posts

    I clicked scan first and then fix. I think...

     

    When I open now FRST and press fix it says:

     

    "No fixlist.text found.

    The fixlist should be in the same folder/directory the toll is located."


    • 0

    #10
    goiasg

    goiasg

      New Member

    • Topic Starter
    • Member
    • Pip
    • 9 posts

    I did it again from the beginning. Maybe this was what you ment. I downloaded the file you sent and clicked fix.

     

    This message showed up:

     

    Fix completed. “Fixlog.text” is saved in the same directory FRST is located.

     

    After clicking Ok, this showed up. Maybe I got it right now?! 

     

     

     

    Fix result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
    Ran by owner (2016-08-07 15:58:30) Run:2
    Running from C:\Users\owner\Downloads
    Loaded Profiles: owner (Available Profiles: owner)
    Boot Mode: Normal
    ==============================================
     
    fixlist content:
    *****************
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2015-03-21]
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2015-03-21]
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
    BHO: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll => No File
    FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll [No File]
    CustomCLSID: HKU\S-1-5-21-1688672369-560665978-2355779204-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
    Task: {078811F6-9D0A-4138-9AC5-F6BE859914FE} - System32\Tasks\{4C32912D-677E-4DE7-9EF9-4C0EB0F4F521} => Chrome.exe 
    Task: {E34B28F8-5496-4249-9257-5A0F71F2B153} - System32\Tasks\{8F8AFA24-6968-4B0E-B881-DC59FF19FE89} => Iexplore.exe 
    Task: {E34B28F8-5496-4249-9257-5A0F71F2B153} - System32\Tasks\{8F8AFA24-6968-4B0E-B881-DC59FF19FE89} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.3.0.108.259/en/abandoninstall?source=lightinstaller&page=tsInstall&installinfo=google-toolbar:notoffered;userdeclined,google-chrome:offered-installed;madedefault
    Task: {F282ABE8-4A50-4C94-87AB-A6C374891AFE} - System32\Tasks\{C74E7A22-C0C5-484A-95D3-7F241230FF5F} => Chrome.exe 
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
     
     
     
     
     
     
     
    *****************
     
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 => key not found. 
    HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 => key not found. 
    HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 => key not found. 
    HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4 => key not found. 
    HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
    C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => not found.
    C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe => not found.
    C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => not found.
    C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe => not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} => key not found. 
    HKCR\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} => key not found. 
    HKLM\Software\Wow6432Node\MozillaPlugins\@pages.tvunetworks.com/WebPlayer => key not found. 
    HKU\S-1-5-21-1688672369-560665978-2355779204-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736} => key not found. 
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{078811F6-9D0A-4138-9AC5-F6BE859914FE} => key not found. 
    C:\Windows\System32\Tasks\{4C32912D-677E-4DE7-9EF9-4C0EB0F4F521} => not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4C32912D-677E-4DE7-9EF9-4C0EB0F4F521} => key not found. 
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E34B28F8-5496-4249-9257-5A0F71F2B153} => key not found. 
    C:\Windows\System32\Tasks\{8F8AFA24-6968-4B0E-B881-DC59FF19FE89} => not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8F8AFA24-6968-4B0E-B881-DC59FF19FE89} => key not found. 
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E34B28F8-5496-4249-9257-5A0F71F2B153} => key not found. 
    C:\Windows\System32\Tasks\{8F8AFA24-6968-4B0E-B881-DC59FF19FE89} => not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8F8AFA24-6968-4B0E-B881-DC59FF19FE89} => key not found. 
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F282ABE8-4A50-4C94-87AB-A6C374891AFE} => key not found. 
    C:\Windows\System32\Tasks\{C74E7A22-C0C5-484A-95D3-7F241230FF5F} => not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C74E7A22-C0C5-484A-95D3-7F241230FF5F} => key not found. 
    C:\Windows\Tasks\Adobe Flash Player Updater.job => not found.
    C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => not found.
    C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => not found.
     
    ========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
     
     
    ========= End ofCMD: =========
     
     
    ==== End of Fixlog 15:58:48 ====

    • 0

    Advertisements


    #11
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,999 posts
    • MVP

    That's right.  Can you run FRST again and check the Addition.txt box and then the SCAN button. You will get two logs.  Post them both.


    • 0

    #12
    goiasg

    goiasg

      New Member

    • Topic Starter
    • Member
    • Pip
    • 9 posts

    Thank you. Did it. Here's the logs:

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-08-2016
    Ran by owner (administrator) on OWNER-PC (07-08-2016 16:18:14)
    Running from C:\Users\owner\Downloads
    Loaded Profiles: owner (Available Profiles: owner)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 10 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\ns.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\ns.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ===========================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2581384 2010-08-31] (ELAN Microelectronics Corp.)
    HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
    HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [273544 2011-05-09] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1688672369-560665978-2355779204-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-27] (Skype Technologies S.A.)
    HKU\S-1-5-21-1688672369-560665978-2355779204-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
    HKU\S-1-5-21-1688672369-560665978-2355779204-1000\...\MountPoints2: {bb84e21b-74b7-11e0-b18e-e81132228e8e} - F:\LaunchU3.exe -a
    HKU\S-1-5-21-1688672369-560665978-2355779204-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
    Tcpip\..\Interfaces\{03163D81-0449-469F-AE22-A5B5AB6D604B}: [DhcpNameServer] 8.8.8.8 8.8.4.4
    Tcpip\..\Interfaces\{A1D97E98-42C4-4BDF-8890-881896C147BD}: [NameServer] 8.8.8.8,8.8.4.4
    Tcpip\..\Interfaces\{A1D97E98-42C4-4BDF-8890-881896C147BD}: [DhcpNameServer] 192.168.254.254
     
    Internet Explorer:
    ==================
    HKU\S-1-5-21-1688672369-560665978-2355779204-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
    BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-05-09] (RealPlayer)
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
    BHO-x32: W2PBrowser Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-09-17] ()
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
     
    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2011-05-09] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprjplug;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2011-05-09] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2011-05-09] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-05-09] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll [2011-05-09] (RealNetworks, Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2012-01-13] (Veetle Inc)
    FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2012-01-13] (Veetle Inc)
    FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFAddon
    FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFAddon [2016-06-22]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2016-01-31] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFAddon
     
    Chrome: 
    =======
    CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
    CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
    CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
    CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
    CHR Extension: (Google Docs Offline) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
    CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-07-22]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
    CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
    CHR Extension: (Chrome Media Router) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-02]
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\Exts\Chrome.crx [2016-06-21]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\Exts\Chrome.crx [2016-06-21]
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-05-09]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
     
    ==================== Services (Whitelisted) ========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
    R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-08-31] (Red Bend Ltd.) [File not signed]
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-10-19] ()
    R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\NS.exe [289080 2016-06-17] (Symantec Corporation)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
    R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-09-01] (Intel® Corporation) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]
     
    ===================== Drivers (Whitelisted) ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
    R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\BASHDefs\20160802.002\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation)
    R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1607000.04C\ccSetx64.sys [174328 2016-06-02] (Symantec Corporation)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-05] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
    R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\IPSDefs\20160805.001\IDSvia64.sys [876760 2016-07-07] (Symantec Corporation)
    S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-02-15] (Windows ® 2003 DDK 3790 provider)
    R3 SRTSP; C:\Windows\System32\Drivers\NSx64\1607000.04C\SRTSP64.SYS [773368 2016-07-20] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1607000.04C\SRTSPX64.SYS [48888 2016-06-02] (Symantec Corporation)
    R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1607000.04C\SYMEFASI64.SYS [1627352 2016-06-02] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-06-21] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NSx64\1607000.04C\Ironx64.SYS [291056 2016-06-02] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1607000.04C\SYMNETS.SYS [567536 2016-06-02] (Symantec Corporation)
    S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\SDSDefs\20160621.009\ENG64.SYS [X]
    S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\SDSDefs\20160621.009\EX64.SYS [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== One Month Created files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2016-08-07 15:45 - 2016-08-07 15:45 - 00013265 _____ C:\Users\owner\Desktop\Logs malware - Shortcut.lnk
    2016-08-07 15:45 - 2016-08-07 15:45 - 00013265 _____ C:\Users\owner\Desktop\Logs malware - Shortcut (2).lnk
    2016-08-07 15:44 - 2016-08-07 15:46 - 00000000 ____D C:\Users\owner\Documents\Logs malware
    2016-08-07 15:44 - 2016-08-07 15:44 - 00013561 _____ C:\Users\owner\Desktop\JRT - Shortcut.lnk
    2016-08-07 15:40 - 2016-08-07 15:40 - 00028823 _____ C:\Users\owner\Downloads\FRST LOG.txt
    2016-08-07 15:33 - 2016-08-07 15:58 - 00006018 _____ C:\Users\owner\Downloads\Fixlog.txt
    2016-08-07 15:11 - 2016-08-07 15:11 - 00013323 _____ C:\Users\owner\Desktop\FRST64 - Shortcut.lnk
    2016-08-07 13:52 - 2016-08-07 13:53 - 00041233 _____ C:\Users\owner\Downloads\Addition.txt
    2016-08-07 13:51 - 2016-08-07 16:18 - 00018456 _____ C:\Users\owner\Downloads\FRST.txt
    2016-08-07 13:46 - 2016-08-07 16:18 - 00000000 ____D C:\FRST
    2016-08-07 13:45 - 2016-08-07 13:45 - 02393600 _____ (Farbar) C:\Users\owner\Downloads\FRST64.exe
    2016-08-07 13:45 - 2016-08-07 13:45 - 01743872 _____ (Farbar) C:\Users\owner\Downloads\FRST.exe
    2016-08-07 13:30 - 2016-08-07 13:30 - 01610560 _____ (Malwarebytes) C:\Users\owner\Downloads\JRT.exe
    2016-08-07 13:18 - 2016-08-07 13:18 - 00013351 _____ C:\Users\owner\Desktop\AdwCleaner - Shortcut.lnk
    2016-08-07 13:09 - 2016-08-07 13:12 - 00000000 ____D C:\AdwCleaner
    2016-08-07 13:07 - 2016-08-07 13:08 - 03712064 _____ C:\Users\owner\Downloads\AdwCleaner.exe
    2016-08-07 04:31 - 2016-08-07 04:31 - 03411640 _____ (Symantec Corporation) C:\Users\owner\Downloads\NPE (2).exe
    2016-08-07 04:27 - 2016-08-07 04:27 - 03411640 _____ (Symantec Corporation) C:\Users\owner\Downloads\NPE (1).exe
    2016-08-07 03:14 - 2016-08-07 04:19 - 904271872 _____ C:\Users\owner\Downloads\nbrt.iso
    2016-08-07 02:57 - 2016-08-07 04:31 - 00264422 _____ C:\Windows\ntbtlog.txt
    2016-08-07 02:52 - 2016-08-07 02:52 - 03411640 _____ (Symantec Corporation) C:\Users\owner\Downloads\NPE (4).exe
    2016-08-07 00:25 - 2016-08-07 00:25 - 03411640 _____ (Symantec Corporation) C:\Users\owner\Downloads\NPE.exe
    2016-08-06 11:32 - 2016-08-06 11:33 - 00037588 _____ C:\Users\owner\Downloads\acorde08.mid
    2016-08-05 15:07 - 2016-08-05 15:07 - 00065328 _____ C:\Users\owner\Downloads\00000000000099798193_00000000400177043268.pdf
    2016-08-05 07:04 - 2016-08-05 07:04 - 00372628 _____ C:\Users\owner\Downloads\Blessings Aug 4.sm (2).pdf
    2016-08-05 07:04 - 2016-08-05 07:04 - 00372628 _____ C:\Users\owner\Downloads\Blessings Aug 4.sm (1).pdf
    2016-08-05 07:03 - 2016-08-05 07:04 - 00372628 _____ C:\Users\owner\Downloads\Blessings Aug 4.sm.pdf
    2016-08-01 13:00 - 2016-08-01 13:00 - 00504464 _____ C:\Users\owner\Downloads\Photos Mary Ellen Orr -Donald Orr.pdf
    2016-07-30 22:48 - 2016-07-30 22:48 - 00291179 _____ C:\Users\owner\Downloads\Blessings July 28.sm (3).pdf
    2016-07-30 22:48 - 2016-07-30 22:48 - 00291179 _____ C:\Users\owner\Downloads\Blessings July 28.sm (2).pdf
    2016-07-30 22:48 - 2016-07-30 22:48 - 00291179 _____ C:\Users\owner\Downloads\Blessings July 28.sm (1).pdf
    2016-07-28 23:20 - 2016-07-28 23:20 - 01613626 _____ C:\Users\owner\Downloads\image1.(null)
    2016-07-23 16:50 - 2016-07-23 16:51 - 05951531 _____ C:\Users\owner\Downloads\SopCast.zip
    2016-07-13 18:02 - 2016-07-13 18:02 - 00033221 _____ C:\Users\owner\Downloads\Ravi Salamon.PDF
    2016-07-11 23:05 - 2016-07-11 23:20 - 75185857 _____ C:\Users\owner\Downloads\Grainne July 2016 (1).m4a
    2016-07-11 23:04 - 2016-07-11 23:17 - 75185857 _____ C:\Users\owner\Downloads\Grainne July 2016.m4a
    2016-07-11 16:16 - 2016-07-11 16:16 - 00218547 _____ C:\Users\owner\Downloads\Foto 13.pdf
     
    ==================== One Month Modified files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2016-08-07 16:17 - 2011-04-16 14:05 - 00000000 ____D C:\Users\owner\AppData\Roaming\Skype
    2016-08-07 13:41 - 2015-12-04 06:00 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
    2016-08-07 13:25 - 2009-07-14 01:45 - 00022976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-08-07 13:25 - 2009-07-14 01:45 - 00022976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-08-07 13:20 - 2011-07-17 01:36 - 00000000 ____D C:\Users\owner\Desktop\Hegel articles and books
    2016-08-07 13:14 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-08-07 05:47 - 2012-09-11 10:30 - 00000000 ____D C:\Users\owner\AppData\Local\NPE
    2016-08-07 04:27 - 2010-12-08 23:36 - 00000000 ____D C:\ProgramData\Norton
    2016-08-07 04:19 - 2011-10-12 16:00 - 00000000 ____D C:\Users\Public\CyberLink
    2016-08-07 02:58 - 2015-02-13 01:50 - 00000000 ____D C:\NPE
    2016-08-03 06:55 - 2015-03-20 17:24 - 02156544 ___SH C:\Users\owner\Downloads\Thumbs.db
    2016-07-29 06:53 - 2009-07-14 02:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-07-29 06:53 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
    2016-07-28 22:46 - 2016-01-31 09:29 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-07-28 22:46 - 2016-01-31 09:29 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-07-27 22:20 - 2015-04-04 00:03 - 00431616 ___SH C:\Users\owner\Documents\Thumbs.db
    2016-07-24 22:42 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
    2016-07-23 13:12 - 2011-07-07 14:15 - 00000000 ____D C:\Users\owner\AppData\Local\Windows Live
    2016-07-14 23:00 - 2012-07-25 02:52 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-07-14 23:00 - 2012-07-25 02:52 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-07-14 23:00 - 2011-10-18 10:20 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-07-14 22:58 - 2016-06-18 11:58 - 19527360 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2016-07-12 13:57 - 2011-10-18 10:03 - 00000000 ____D C:\Windows\system32\Macromed
    2016-07-12 13:57 - 2010-12-08 22:59 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2016-07-10 11:02 - 2009-07-14 02:08 - 00032648 _____ C:\Windows\Tasks\SCHEDLGU.TXT
     
    ==================== Files in the root of some directories =======
     
    2011-04-16 14:08 - 2011-04-16 14:08 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    2013-10-27 14:38 - 2013-10-27 14:38 - 0004970 _____ () C:\ProgramData\xgneqrwu.hrx
    2010-12-08 23:06 - 2010-12-08 23:07 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    2010-12-08 23:00 - 2010-12-08 23:01 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
    2010-12-08 23:03 - 2010-12-08 23:04 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2010-12-08 23:01 - 2010-12-08 23:03 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
    2010-12-08 23:04 - 2010-12-08 23:06 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
     
    Some files in TEMP:
    ====================
    C:\Users\owner\AppData\Local\Temp\libeay32.dll
    C:\Users\owner\AppData\Local\Temp\msvcr120.dll
    C:\Users\owner\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\owner\AppData\Local\Temp\sqlite3.dll
     
     
    ==================== Bamital & volsnap =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2016-06-16 10:48
     
    ==================== End of FRST.txt ============================
     
     
     
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
    Ran by owner (2016-08-07 16:18:51)
    Running from C:\Users\owner\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) (2011-03-20 11:31:04)
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Accounts: =============================
     
    Administrator (S-1-5-21-1688672369-560665978-2355779204-500 - Administrator - Disabled)
    Guest (S-1-5-21-1688672369-560665978-2355779204-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1688672369-560665978-2355779204-1002 - Limited - Enabled)
    owner (S-1-5-21-1688672369-560665978-2355779204-1000 - Administrator - Enabled) => C:\Users\owner
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
    FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    „Messenger“ pagalbinė priemonė (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    „Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    „Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
    „Windows Live Messenger“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
    „Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
    Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
    Adobe Reader 9.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
    BatteryLifeExtender (HKLM-x32\...\{EA257ECF-5F72-4461-B890-959394DCD087}) (Version: 1.0.10 - Samsung)
    Best Buy pc app (HKU\S-1-5-21-1688672369-560665978-2355779204-1000\...\48e4cff94f039634) (Version: 3.0.0.0 - Best Buy)
    Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
    Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
    CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
    CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
    CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3509 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 2.05 - NCH Software)
    Doplnok programu Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Easy Content Share (HKLM-x32\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
    Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
    Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0.0.5 - Samsung Electronics Co., Ltd.)
    Easy Network Manager (HKLM-x32\...\{FCF2085E-ABE5-4AA8-B07C-65BBD56DA243}) (Version: 4.4.6 - Samsung)
    Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.)
    EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
    EasyFileShare (HKLM-x32\...\{EA76E65F-6679-495A-A8A6-42AD6602ED4C}) (Version: 1.0.11 - Samsung)
    EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version:  - epubfilereader.com)
    ETDWare PS/2-X64 8.0.7.1_WHQL (HKLM\...\Elantech) (Version: 8.0.7.1 - ELAN Microelectronic Corp.)
    Fast Start (HKLM-x32\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.0 - SAMSUNG)
    Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.21.149 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{7D220A57-969F-4D09-9297-D48195A8ABDD}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
    HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
    HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{860B418B-F90B-465A-BC1D-04B518045C72}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
    HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
    Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.3.1 - Intel Corporation)
    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel® PROSet/Wireless WiFi Software (HKLM\...\{D75AEB5B-FA18-4BD4-9EED-54CA46DB5AE8}) (Version: 13.04.0000 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
    Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
    Intel® Wireless Display (HKLM-x32\...\{34F98478-05CB-4A3A-B6F4-DA529ED8FA57}) (Version: 1.3.9.0 - Intel Corporation)
    Intel® PROSet/Wireless WiMAX Software (HKLM\...\{6548B189-BEA4-4041-80E0-AEB60548E046}) (Version: 2.03.2000 - Intel Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Assistent (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Messenger kísérő (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Messenger Pratilac (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Messenger Suradnik (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Messenger 사이트 공유 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Messenger 分享元件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Messenger 浏览器插件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Messenger-kumppani (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Movie Color Enhancer (HKLM-x32\...\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Norton Security (HKLM-x32\...\NS) (Version: 22.7.0.76 - Symantec Corporation)
    Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Pomocnik Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM-x32\...\RealPlayer 12.0) (Version:  - RealNetworks)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.33.1125.2010 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 1.1.21.0 - Samsung Electronics Co., Ltd.)
    Samsung AnyWeb Print (x32 Version: 1.0 - Samsung Electronics Co., Ltd.) Hidden
    Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.8 - Samsung)
    Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.21 - Samsung)
    Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.01.06.00:16 - Samsung Electronics Co., Ltd.)
    Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.1.0 - Samsung Electronics Co., Ltd.)
    Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
    Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
    Spremljevalec Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    SRS Premium Sound Control Panel (HKLM\...\{2998191E-A35E-47E2-BE38-7702C731D722}) (Version: 1.10.1000 - SRS Labs, Inc.)
    User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
    Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Компаньон Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Помощник на Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
    Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    מסייע Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
     
    ==================== Custom CLSID (Whitelisted): ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== Scheduled Tasks (Whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    Task: {09DEF735-61BA-4EC5-B0A1-3C76B19984AA} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-08-19] (Samsung Electronics Co., Ltd.)
    Task: {1C0F6894-CA36-4D29-9BE0-4B1409FDD104} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)
    Task: {24FE869C-C8FF-42B8-8904-C3D8A1403B17} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-11-28] (Samsung Electronics Co., Ltd.)
    Task: {38A33F0D-1425-4CE4-BC79-882B2679C4FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.)
    Task: {456CC32D-874C-41DC-8879-247C7DEA87CE} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink)
    Task: {4599B47D-BCA3-459E-91DA-1C21919B8F7A} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-26] (Samsung Electronics)
    Task: {4874F561-3F0C-4D82-B702-DCB6F98145C9} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-01] (Samsung Electronics. Co. Ltd.)
    Task: {4A103370-7D7D-4064-BCCA-4E501EFB2E7B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
    Task: {4AA7604C-1492-4048-8066-94D4B5FD396F} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-11-23] (SAMSUNG Electronics)
    Task: {4DBF7959-6EEE-4DA3-9F21-27013A78D6EB} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation)
    Task: {4FD73600-E51B-4D86-AE3A-DE1F8CD94C56} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
    Task: {633813FF-730F-43F9-B229-A66FC623561D} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation)
    Task: {69D57BF3-20F9-4F35-82A8-F432416E7CC6} - System32\Tasks\SRS Premium Sound => C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe [2010-11-29] (SRS Labs, Inc.)
    Task: {787E014D-1887-43D5-9751-BD346190904B} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1688672369-560665978-2355779204-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
    Task: {7B6E5E9E-9C7C-45BB-BF5B-09DBDB21FD3B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
    Task: {7CD4871C-3D25-47C7-9992-81C617B5B5F0} - System32\Tasks\{4987CD19-ED78-4E72-A139-A05168BA820B} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.3.0.108.259/en/abandoninstall?source=lightinstaller&page=tsDownload&installinfo=google-toolbar:notoffered;userdeclined,google-chrome:offered-installed;madedefault
    Task: {90489BF4-B39D-4AED-B65B-E861CB94257A} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
    Task: {973DBCF1-BA4C-40CD-8185-FBFE398B2716} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-11-17] (SEC)
    Task: {9B83498C-4813-4A91-A88D-77A021844A08} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\WSCStub.exe [2016-06-16] (Symantec Corporation)
    Task: {B68AA854-B0CB-441A-8F98-9534C37F5009} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.)
    Task: {B7B5EDBF-B657-43C1-8C71-C64F4716FAF3} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-06-16] (Symantec Corporation)
    Task: {D67B5332-5918-416C-9352-3C0E19D173C9} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [2010-11-28] (Samsung Electronics Co., Ltd.)
    Task: {E9AEB8AF-4CFE-4F11-BB9B-F59A61DC0BC2} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1688672369-560665978-2355779204-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
    Task: {F3EE9D4A-0574-470B-8BF2-E7E8299608EA} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-05053A95\EPM.exe
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
     
    ==================== Shortcuts =============================
     
    (The entries could be listed to be restored or removed.)
     
    Shortcut: C:\Users\owner\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.html
     
    ==================== Loaded Modules (Whitelisted) ==============
     
    2010-10-19 01:39 - 2010-10-19 01:39 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
    2010-12-08 23:28 - 2008-06-04 20:53 - 00027648 _____ () C:\Windows\System32\spd__l.dll
    2011-09-11 00:56 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
    2010-12-08 23:03 - 2009-12-01 04:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2010-12-08 23:29 - 2010-04-20 20:44 - 00719872 _____ () C:\Windows\system32\SnMinDrv.dll
    2016-06-17 23:10 - 2016-06-15 06:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
    2016-06-17 23:10 - 2016-06-15 06:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
     
    ==================== Alternate Data Streams (Whitelisted) =========
     
    (If an entry is included in the fixlist, only the ADS will be removed.)
     
     
    ==================== Safe Mode (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
     
    ==================== Association (Whitelisted) ===============
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
     
     
    ==================== Internet Explorer trusted/restricted ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry.)
     
     
    ==================== Hosts content: ===============================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-13 23:34 - 2009-06-10 18:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
     
     
    ==================== Other Areas ============================
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-21-1688672369-560665978-2355779204-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 8.8.8.8 - 8.8.4.4
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.
     
    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
    (Currently there is no automatic fix for this section.)
     
     
    ==================== FirewallRules (Whitelisted) ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    FirewallRules: [{D9F4930F-7904-4D65-A33A-BAFFE317C105}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
    FirewallRules: [{356E77B3-B88B-4BE5-B0BB-CE7837AB1E93}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{6399838E-7692-4761-B399-CD1D2137826B}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    FirewallRules: [{D7E61963-FA8F-45DA-8E73-650D2DC887B6}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    FirewallRules: [{74692072-133F-4DD5-8990-565E9F07E56B}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    FirewallRules: [{4F3AD9A8-B92D-497A-AD6B-3B8F7AFB48CF}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    FirewallRules: [{19E74ECF-6E41-49EE-BBD9-ED7A54D4E907}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{A247DFFB-4726-4862-B679-A9F373E986C9}] => (Allow) LPort=2869
    FirewallRules: [{6C60537F-F519-47AD-BF55-471CE3B3BDC4}] => (Allow) LPort=1900
    FirewallRules: [{5A88F2DE-DDB1-47C1-B825-41EE01FFDC5D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{7D07423A-D7A9-4C32-9D06-3D04FD0FB248}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [{4B63CBE7-C174-48D0-A03E-3D37DEBA63C6}] => (Allow) C:\Windows\System32\SUPDSvc.exe
    FirewallRules: [{31D0C7E6-8178-4515-B92B-CC6956532F3E}] => (Allow) C:\Windows\System32\SUPDSvc.exe
    FirewallRules: [{9CF142E5-D927-4FDB-82BA-4877A7C5FD70}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
    FirewallRules: [{6C778C21-83CF-4623-A916-9F26A8173D9E}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
    FirewallRules: [{FCF1541B-5700-4E27-814E-1C890BF9B2C6}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
    FirewallRules: [{26E5EA04-EE26-4EE6-A026-4C756431D42D}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
    FirewallRules: [{F3A28B02-60BE-4C57-8521-3BA858961B8B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [TCP Query User{AB4DD7BA-ECFF-47A4-B8B6-066F64E9E9D6}C:\program files (x86)\tvuplayer\tvuplayer.exe] => (Allow) C:\program files (x86)\tvuplayer\tvuplayer.exe
    FirewallRules: [UDP Query User{42B95E61-A2BF-408E-8EEF-0F2046FB5517}C:\program files (x86)\tvuplayer\tvuplayer.exe] => (Allow) C:\program files (x86)\tvuplayer\tvuplayer.exe
    FirewallRules: [{EC12289E-A7FF-453C-ADCE-11550C92F10A}] => (Block) C:\program files (x86)\tvuplayer\tvuplayer.exe
    FirewallRules: [{AEA3102E-45DE-4135-89DF-07EEFEC3B88F}] => (Block) C:\program files (x86)\tvuplayer\tvuplayer.exe
    FirewallRules: [TCP Query User{DB720C81-50FC-4DC4-8F27-F1E70437098E}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
    FirewallRules: [UDP Query User{5A010772-07AD-488B-B8D3-93125589342C}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
    FirewallRules: [TCP Query User{8F1ECAFF-3055-40F8-AC66-5A440B203C11}C:\program files (x86)\sopcast\adv\sopadver.exe] => (Allow) C:\program files (x86)\sopcast\adv\sopadver.exe
    FirewallRules: [UDP Query User{ECEA9E79-7CED-4370-838F-BCE87A7C9CF0}C:\program files (x86)\sopcast\adv\sopadver.exe] => (Allow) C:\program files (x86)\sopcast\adv\sopadver.exe
    FirewallRules: [TCP Query User{EF4CF6D0-6E3A-4F1C-8699-8C2D3471C508}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [UDP Query User{A7060047-1407-4CAC-8793-248B740E0B17}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [{E702949C-4E7A-4717-B185-8EDB7622C7C4}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
    FirewallRules: [{0E723EAD-DBAA-4E85-8928-D84671CC516C}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
    FirewallRules: [{2B489A3D-F684-416F-A7F1-E8AE4C049E75}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{E7A54E51-85CD-4C15-A246-D77ECDCDC7EF}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [TCP Query User{C5DAA574-56BD-48F9-A6CF-95030573555C}C:\users\owner\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\owner\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
    FirewallRules: [UDP Query User{5DC41FE8-9CA1-4366-8482-6C922CD5A877}C:\users\owner\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\owner\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
    FirewallRules: [{083FE9C9-E93A-44F4-AEE7-DBA67E8DE3CF}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
    FirewallRules: [{9D33D690-7F39-474E-AFBD-19323FFBC873}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
    FirewallRules: [{B1DF3851-F768-4534-9AEF-A2B106AD3DC9}] => (Allow) C:\Program Files (x86)\Veetle\Player\VeetleNet.exe
    FirewallRules: [{FB1C3512-2122-4DA8-94B4-931359141D82}] => (Allow) C:\Program Files (x86)\Veetle\Player\VeetleNet.exe
    FirewallRules: [TCP Query User{50F2EC1D-D56D-41B0-973F-0585472E4E74}C:\program files (x86)\sopcast\sopcast.exe] => (Block) C:\program files (x86)\sopcast\sopcast.exe
    FirewallRules: [UDP Query User{3F4A196D-9463-49CB-9290-80F1BCB8F6E8}C:\program files (x86)\sopcast\sopcast.exe] => (Block) C:\program files (x86)\sopcast\sopcast.exe
    FirewallRules: [TCP Query User{88FBD7D4-BF13-4309-8731-25F06BD40702}C:\program files (x86)\sopcast\adv\sopadver.exe] => (Allow) C:\program files (x86)\sopcast\adv\sopadver.exe
    FirewallRules: [UDP Query User{D51A6A56-BBC8-444B-8F8E-E1863AE9F803}C:\program files (x86)\sopcast\adv\sopadver.exe] => (Allow) C:\program files (x86)\sopcast\adv\sopadver.exe
    FirewallRules: [{AC2A438E-A8CC-4574-A928-445476509C05}] => (Allow) C:\Program Files (x86)\Apowersoft\Screen Recording Suite\Screen Recording Suite.exe
    FirewallRules: [{C26F9CC4-3DFF-4DA3-AE72-FED0BF46CF0F}] => (Allow) C:\Program Files (x86)\Apowersoft\Screen Recording Suite\Screen Recording Suite.exe
    FirewallRules: [{B63EA479-CFC4-40BD-A421-B2996776BC1A}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
    FirewallRules: [{24799159-03DF-490B-92DC-02F653FF5D8C}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
    FirewallRules: [{71AC3028-2168-4DF8-BD1B-8E2BFF28B5C6}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
    FirewallRules: [{9BA4104C-2B27-4E8A-AB55-BE174C23DFC6}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
    FirewallRules: [{BD51045B-8276-475F-970C-4CD5D9425126}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
    FirewallRules: [{2052B935-7B7A-4276-AC8C-D74BCB441BE8}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
    FirewallRules: [{A12E5495-3ECB-4DE1-9E7B-8F2D5EA46282}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
    FirewallRules: [{FD3FD9ED-BA1E-46E9-8F18-CAB110950FE0}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
    FirewallRules: [{4867F77E-9B27-44ED-AE36-5A29D4548DD4}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
    FirewallRules: [{7F9605EB-F901-4ADE-8127-E83877FA0F9E}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
    FirewallRules: [{22237674-4D9F-40E1-AE98-627758CA0A13}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
    FirewallRules: [{D7A8B3A2-409A-4259-8F00-355A135D6BDF}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
    FirewallRules: [{B0E2CD74-A375-4E03-A340-0C17B7063752}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
    FirewallRules: [{701BEF45-BCAE-427A-BCC3-63BC420938EB}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
    FirewallRules: [{3E26DC3C-E364-477B-A345-FE582D2422F9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
    ==================== Restore Points =========================
     
    17-05-2016 20:14:38 Scheduled Checkpoint
    27-05-2016 19:18:36 Scheduled Checkpoint
    07-08-2016 02:25:46 Norton_Power_Eraser_20160807022536838
    07-08-2016 13:32:28 JRT Pre-Junkware Removal
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
     
    System errors:
    =============
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
    Percentage of memory in use: 40%
    Total physical RAM: 3892.56 MB
    Available physical RAM: 2333.55 MB
    Total Virtual: 7783.3 MB
    Available Virtual: 4479.75 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:180 GB) (Free:120.83 GB) NTFS
    Drive d: () (Fixed) (Total:268.5 GB) (Free:252.02 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: F6A2585C)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=180 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=268.5 GB) - (Type=OF Extended)
    Partition 4: (Not Active) - (Size=17.2 GB) - (Type=27)
     
    ==================== End of Addition.txt ============================

    • 0

    #13
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,999 posts
    • MVP

    Looks good.

     

    I would uninstall Skype Click to Call.  It's that obnoxious program the turns random 10 digit numbers in your browser into telephone links.  I doubt you need it and uninstalling it will not hurt Skype.

     

    If there are no other problems we can clean up:

     

    We usually clean up with Delfix.  This removes our tools and their logs and quarantines and also removes all but the latest System Restore point so there is no chance of the malware coming back with a system restore. Delfix has been a tad too aggressive recently and seems to dislike pdf files in the Downloads folder so if you have any you should move them to a different folder before running Delfix.

     
    Ensure Remove disinfection tools is ticked
    Also tick:
    Create registry backup
    Purge system restore
     
    Click Run
    The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply
     
     
    Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. (Your Adobe Reader is out of date)  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.
     
    Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
     
     
    If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.  (It's actually a program for IE)
     
    If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
    http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
     
    Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.
     
    Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
     
    CryptoPrevent
     
     
    Last time I downloaded it you had to give them your IP address and they would send you the link to download it.  When it ran it asked if you were sure your PC was clean then it would try to allow everything on your PC to continue running.  The free version does not update on its own so you should check for updated versions once in a while.  If you have problems after installing CryptoPrevent you can just uninstall it.
     
    If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
     
     
    My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's an Orcas Island environmental organization that I volunteered with: http://www.kwiaht.org/donate.htm
    (The name means something like "clean place" in one of the local native-American dialects)
     
    Ron

    • 0

    #14
    goiasg

    goiasg

      New Member

    • Topic Starter
    • Member
    • Pip
    • 9 posts

    Thank you. Here's the log.

     

    # DelFix v1.013 - Logfile created 07/08/2016 at 16:46:58
    # Updated 17/04/2016 by Xplode
    # Username : owner - OWNER-PC
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
     
    ~ Removing disinfection tools ...
     
    Deleted : C:\FRST
    Deleted : C:\AdwCleaner
    Deleted : C:\Users\owner\Desktop\AdwCleaner - Shortcut.lnk
    Deleted : C:\Users\owner\Desktop\FRST64 - Shortcut.lnk
    Deleted : C:\Users\owner\Desktop\JRT - Shortcut.lnk
    Deleted : C:\Users\owner\Downloads\Addition.txt
    Deleted : C:\Users\owner\Downloads\AdwCleaner.exe
    Deleted : C:\Users\owner\Downloads\Fixlog.txt
    Deleted : C:\Users\owner\Downloads\FRST LOG.txt
    Deleted : C:\Users\owner\Downloads\FRST.exe
    Deleted : C:\Users\owner\Downloads\FRST.txt
    Deleted : C:\Users\owner\Downloads\FRST64.exe
    Deleted : C:\Users\owner\Downloads\JRT.exe
     
    ~ Creating registry backup ... OK
     
    ~ Cleaning system restore ...
     
    Deleted : RP #280 [Scheduled Checkpoint | 05/17/2016 23:14:38]
    Deleted : RP #281 [Scheduled Checkpoint | 05/27/2016 22:18:36]
    Deleted : RP #282 [Norton_Power_Eraser_20160807022536838 | 08/07/2016 05:25:46]
    Deleted : RP #283 [JRT Pre-Junkware Removal | 08/07/2016 16:32:28]
    Deleted : RP #284 [Removed Skype Click to Call | 08/07/2016 19:39:33]
     
    New restore point created !
     
    ########## - EOF - ##########

    • 0

    #15
    goiasg

    goiasg

      New Member

    • Topic Starter
    • Member
    • Pip
    • 9 posts

    Thank you very much for your help. I applied your recommendations. 

     

    I'll make a donation kwiaht.org/

     

    Have a god day.


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP