[Lucky Dearly]

okay its scanning now and I shouldn't have a problem, I'll have the log posted as soon as it's done

 

Edit: here's the log.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/22/2016 Saturday
Scan Time: 6:31 PM
Logfile: malaware bytes.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.10.23.01
Rootkit Database: v2016.09.26.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: mewtw_000

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 611610
Time Elapsed: 1 hr, 14 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.Tracker, C:\Windows\cSysSecure\16.9.17.5\SYSSECURE.EXE, 9964, Delete-on-Reboot, [6736019b6e2c7cba5b77e131f312946c]

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.Tracker, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cSysSecure, Quarantined, [6736019b6e2c7cba5b77e131f312946c],
PUP.Optional.Spigot, HKU\S-1-5-21-3857839104-3952859072-2417217460-1006\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{44C99D24-BD18-450A-B8FA-944531ABD7C1}, Quarantined, [663707956931ef47c854c1f5c63dbc44],
PUP.Optional.HahoMedia, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D33EE6BB-0935-41D0-BD3A-7D513D881A43}_is1, Quarantined, [188509932e6cfe388331a573dd28cf31],
PUP.Optional.HahoMedia, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinDivert1.1, Quarantined, [188509932e6cfe388331a573dd28cf31],

Registry Values: 1
PUP.Optional.Spigot, HKU\S-1-5-21-3857839104-3952859072-2417217460-1006\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{44C99D24-BD18-450A-B8FA-944531ABD7C1}|URL, https://search.yahoo...&p={searchTerms}, Quarantined, [663707956931ef47c854c1f5c63dbc44]

Registry Data: 1
PUP.Optional.Spigot, HKU\S-1-5-21-3857839104-3952859072-2417217460-1006\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://search.yahoo...r=spigot-yhp-ie, Good: (www.google.com), Bad: (https://search.yahoo...c385622cc38c53b]

Folders: 2
PUP.Optional.HahoMedia, C:\Windows\cSysSecure, Delete-on-Reboot, [188509932e6cfe388331a573dd28cf31],
PUP.Optional.HahoMedia, C:\Windows\cSysSecure\16.9.17.5, Delete-on-Reboot, [188509932e6cfe388331a573dd28cf31],

Files: 14
PUP.Optional.Tracker, C:\Windows\cSysSecure\16.9.17.5\SYSSECURE.EXE, Delete-on-Reboot, [6736019b6e2c7cba5b77e131f312946c],
PUP.Optional.HahoMedia, C:\Windows\cSysSecure\16.9.17.5\2016_10_22_12_56_6_Log.txt, Quarantined, [188509932e6cfe388331a573dd28cf31],
PUP.Optional.HahoMedia, C:\Windows\cSysSecure\16.9.17.5\2016_10_22_17_57_55_Log.txt, Delete-on-Reboot, [188509932e6cfe388331a573dd28cf31],
PUP.Optional.HahoMedia, C:\Windows\cSysSecure\16.9.17.5\2016_10_22_9_42_34_Log.txt, Quarantined, [188509932e6cfe388331a573dd28cf31],
PUP.Optional.HahoMedia, C:\Windows\cSysSecure\16.9.17.5\InjLogData.LogData, Quarantined, [188509932e6cfe388331a573dd28cf31],
PUP.Optional.HahoMedia, C:\Windows\cSysSecure\16.9.17.5\msvcr110.dll, Delete-on-Reboot, [188509932e6cfe388331a573dd28cf31],
PUP.Optional.HahoMedia, C:\Windows\cSysSecure\16.9.17.5\SysSecure.exe.config, Quarantined, [188509932e6cfe388331a573dd28cf31],
PUP.Optional.HahoMedia, C:\Windows\cSysSecure\16.9.17.5\SysUtil64.dll, Delete-on-Reboot, [188509932e6cfe388331a573dd28cf31],
PUP.Optional.HahoMedia, C:\Windows\cSysSecure\16.9.17.5\SysUtil64.dll.config, Quarantined, [188509932e6cfe388331a573dd28cf31],
PUP.Optional.HahoMedia, C:\Windows\cSysSecure\16.9.17.5\unins000.dat, Quarantined, [188509932e6cfe388331a573dd28cf31],
PUP.Optional.HahoMedia, C:\Windows\cSysSecure\16.9.17.5\unins000.exe, Quarantined, [188509932e6cfe388331a573dd28cf31],
PUP.Optional.HahoMedia, C:\Windows\cSysSecure\16.9.17.5\Util.dll, Delete-on-Reboot, [188509932e6cfe388331a573dd28cf31],
PUP.Optional.HahoMedia, C:\Windows\cSysSecure\16.9.17.5\WinDivert.dll, Delete-on-Reboot, [188509932e6cfe388331a573dd28cf31],
PUP.Optional.HahoMedia, C:\Windows\cSysSecure\16.9.17.5\WinDivert64.sys, Delete-on-Reboot, [188509932e6cfe388331a573dd28cf31],

Physical Sectors: 0
(No malicious items detected)

(end)

Edited by Lucky Dearly, 22 October 2016 - 09:05 PM.

[Advertisements]

Please uninstall this program from you uninstall list.
cSysSecure version 16.9.17.5

Next
Run rkill again
Then run this fix below

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
() C:\Windows\SysWOW64\DiscCleaner\161081\DiscCleaner.exe
R2 xBooster; C:\WINDOWS\xBooster\161081\xBooster.exe [12288 2016-10-08] () [File not signed]
() C:\Windows\xBooster\161081\xBooster.exe
C:\WINDOWS\xBooster
() C:\Windows\cSysSecure\16.9.17.5\SysSecure.exe
C:\WINDOWS\cSysSecure
2016-10-22 12:55 - 2016-09-17 16:42 - 00036864 _____ () C:\WINDOWS\cSysSecure\16.9.17.5\SysUtil64.dll
2016-10-22 12:55 - 2015-07-28 22:05 - 00021504 _____ () C:\WINDOWS\cSysSecure\16.9.17.5\WinDivert.dll
R3 cSysSecure; C:\WINDOWS\cSysSecure\16.9.17.5\SysSecure.exe [10752 2016-09-17] () [File not signed]
C:\WINDOWS\SysWOW64\DiscCleaner
S1 HWiNFO32; \??\C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [X]
2016-10-21 14:42 - 2016-10-21 18:49 - 00000000 ____D C:\ProgramData\ProductData
Task: {CEE431F3-6381-46CA-B367-986A645A6532} - \ASC9_SkipUac_mario -> No File <==== ATTENTION
Emptytemp:

• Click Format and ensure Wordwrap is unchecked.
• Save as Fixlist.txt to your Desktop (Must be in this location)
• Run FRST/FRST64 and press the Fix button just once and wait.
• If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
• The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Post the fix log
Run Malwarebytes again

[zep516]

Please uninstall this program from you uninstall list.
cSysSecure version 16.9.17.5

Next
Run rkill again
Then run this fix below

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
() C:\Windows\SysWOW64\DiscCleaner\161081\DiscCleaner.exe
R2 xBooster; C:\WINDOWS\xBooster\161081\xBooster.exe [12288 2016-10-08] () [File not signed]
() C:\Windows\xBooster\161081\xBooster.exe
C:\WINDOWS\xBooster
() C:\Windows\cSysSecure\16.9.17.5\SysSecure.exe
C:\WINDOWS\cSysSecure
2016-10-22 12:55 - 2016-09-17 16:42 - 00036864 _____ () C:\WINDOWS\cSysSecure\16.9.17.5\SysUtil64.dll
2016-10-22 12:55 - 2015-07-28 22:05 - 00021504 _____ () C:\WINDOWS\cSysSecure\16.9.17.5\WinDivert.dll
R3 cSysSecure; C:\WINDOWS\cSysSecure\16.9.17.5\SysSecure.exe [10752 2016-09-17] () [File not signed]
C:\WINDOWS\SysWOW64\DiscCleaner
S1 HWiNFO32; \??\C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [X]
2016-10-21 14:42 - 2016-10-21 18:49 - 00000000 ____D C:\ProgramData\ProductData
Task: {CEE431F3-6381-46CA-B367-986A645A6532} - \ASC9_SkipUac_mario -> No File <==== ATTENTION
Emptytemp:

• Click Format and ensure Wordwrap is unchecked.
• Save as Fixlist.txt to your Desktop (Must be in this location)
• Run FRST/FRST64 and press the Fix button just once and wait.
• If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
• The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Post the fix log
Run Malwarebytes again

[Lucky Dearly]

okay I didn't see csyssecure in my uninstall list though I did run the fix. here's the log

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by mewtw_000 (23-10-2016 15:31:08) Run:2
Running from C:\Users\mewtw_000\Desktop
Loaded Profiles: mewtw_000 (Available Profiles: mario & mewtw_000 & veronica & alex)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
() C:\Windows\SysWOW64\DiscCleaner\161081\DiscCleaner.exe
R2 xBooster; C:\WINDOWS\xBooster\161081\xBooster.exe [12288 2016-10-08] () [File not signed]
() C:\Windows\xBooster\161081\xBooster.exe
C:\WINDOWS\xBooster
() C:\Windows\cSysSecure\16.9.17.5\SysSecure.exe
C:\WINDOWS\cSysSecure
2016-10-22 12:55 - 2016-09-17 16:42 - 00036864 _____ () C:\WINDOWS\cSysSecure\16.9.17.5\SysUtil64.dll
2016-10-22 12:55 - 2015-07-28 22:05 - 00021504 _____ () C:\WINDOWS\cSysSecure\16.9.17.5\WinDivert.dll
R3 cSysSecure; C:\WINDOWS\cSysSecure\16.9.17.5\SysSecure.exe [10752 2016-09-17] () [File not signed]
C:\WINDOWS\SysWOW64\DiscCleaner
S1 HWiNFO32; \??\C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [X]
2016-10-21 14:42 - 2016-10-21 18:49 - 00000000 ____D C:\ProgramData\ProductData
Task: {CEE431F3-6381-46CA-B367-986A645A6532} - \ASC9_SkipUac_mario -> No File <==== ATTENTION
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
C:\Windows\SysWOW64\DiscCleaner\161081\DiscCleaner.exe => No running process found
xBooster => service removed successfully
C:\Windows\xBooster\161081\xBooster.exe => No running process found
C:\WINDOWS\xBooster => moved successfully
C:\Windows\cSysSecure\16.9.17.5\SysSecure.exe => No running process found
C:\WINDOWS\cSysSecure => moved successfully
"C:\WINDOWS\cSysSecure\16.9.17.5\SysUtil64.dll" => not found.
"C:\WINDOWS\cSysSecure\16.9.17.5\WinDivert.dll" => not found.
cSysSecure => service not found.
C:\WINDOWS\SysWOW64\DiscCleaner => moved successfully
HWiNFO32 => service removed successfully
C:\ProgramData\ProductData => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE431F3-6381-46CA-B367-986A645A6532}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE431F3-6381-46CA-B367-986A645A6532}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC9_SkipUac_mario" => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 52854356 B
Java, Flash, Steam htmlcache => 33188636 B
Windows/system/drivers => 18880303 B
Edge => 0 B
Chrome => 7597415 B
Firefox => 91233966 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 27882 B
NetworkService => 0 B
mario => 0 B
mewtw_000 => 106386018 B
veronica => 0 B
alex => 1344091 B

RecycleBin => 7000315 B
EmptyTemp: => 303.8 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 15:31:34 ====

[zep516]

Can we get a clean malwarebytes log now.

[Lucky Dearly]

here's the malware bytes log.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/24/2016 Monday
Scan Time: 12:31 AM
Logfile: log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.10.24.01
Rootkit Database: v2016.09.26.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: mewtw_000

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 611282
Time Elapsed: 1 hr, 20 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Spigot, HKU\S-1-5-21-3857839104-3952859072-2417217460-1006\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{44C99D24-BD18-450A-B8FA-944531ABD7C1}, Quarantined, [9968722b4e4c6dc967b51f9729dad030],

Registry Values: 1
PUP.Optional.Spigot, HKU\S-1-5-21-3857839104-3952859072-2417217460-1006\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{44C99D24-BD18-450A-B8FA-944531ABD7C1}|URL, https://search.yahoo...&p={searchTerms}, Quarantined, [9968722b4e4c6dc967b51f9729dad030]

Registry Data: 1
PUP.Optional.Spigot, HKU\S-1-5-21-3857839104-3952859072-2417217460-1006\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://search.yahoo...r=spigot-yhp-ie, Good: (www.google.com), Bad: (https://search.yahoo...aaa7602e222d12f]

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

[zep516]

Better,

Download zoek.exe to your Desktop: http://hijackthis.nl/smeenk/

Important: Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe.

on Windows Vista, 7, 8 and 10 right-click Zoek.exe and select: Run as Administrator
give it a few seconds to appear
copy/paste the entire script inside the codebox below into the input field of Zoek:
 

autoclean;
    emptyalltemp;
    emptyclsid;

close any open programs.
click the Run script button, and wait. It takes a few minutes to run.
when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
if a reboot is needed, the log will be opened after the reboot.

Reset your browsers too,
see here
http://www.howtogeek...fault-settings/

Back later today

[Lucky Dearly]

here's the Zoek log

 

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by mewtw_000 on 10/24/2016 Mon at 13:11:43.47.
Microsoft Windows 10 Home 10.0.14393  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\mewtw_000\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10/24/2016 Monday 1:16:21 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Anvisoft deleted successfully
C:\PROGRA~2\EaseUS deleted successfully
C:\PROGRA~2\M3 Software deleted successfully
C:\PROGRA~2\OSTotoSoft deleted successfully
C:\PROGRA~2\SystemsSupport deleted successfully
C:\PROGRA~2\TrimFoobar deleted successfully
C:\PROGRA~2\UltimateOutsider deleted successfully
C:\PROGRA~2\Veoh Networks deleted successfully
C:\PROGRA~2\Windows Network Accelerater deleted successfully
C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully
C:\Program Files\Common Files\AV deleted successfully
C:\PROGRA~3\6af705200000e4d deleted successfully
C:\PROGRA~3\BlueStacksSetup deleted successfully
C:\PROGRA~3\boost_interprocess deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\micron deleted successfully
C:\PROGRA~3\Protexis64 deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} deleted successfully
C:\Users\alex\AppData\Local\ActiveSync deleted successfully
C:\Users\alex\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\alex\AppData\Local\EmieSiteList deleted successfully
C:\Users\alex\AppData\Local\EmieUserList deleted successfully
C:\Users\mario\AppData\Local\ActiveSync deleted successfully
C:\Users\mario\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\mario\AppData\Local\EmieSiteList deleted successfully
C:\Users\mario\AppData\Local\EmieUserList deleted successfully
C:\Users\mario\AppData\Local\PackageStaging deleted successfully
C:\Users\mario\AppData\Local\Skype deleted successfully
C:\Users\mewtw_000\AppData\Local\ActiveSync deleted successfully
C:\Users\mewtw_000\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\mewtw_000\AppData\Local\EmieSiteList deleted successfully
C:\Users\mewtw_000\AppData\Local\EmieUserList deleted successfully
C:\Users\mewtw_000\AppData\Local\higan deleted successfully
C:\Users\mewtw_000\AppData\Local\icarus deleted successfully
C:\Users\mewtw_000\AppData\Local\Opera Software deleted successfully
C:\Users\mewtw_000\AppData\Local\Skype deleted successfully
C:\Users\veronica\AppData\Local\ActiveSync deleted successfully
C:\Users\veronica\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\veronica\AppData\Local\EmieSiteList deleted successfully
C:\Users\veronica\AppData\Local\EmieUserList deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3857839104-3952859072-2417217460-1004\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} deleted successfully
HKEY_USERS\S-1-5-21-3857839104-3952859072-2417217460-1004\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651} deleted successfully
HKEY_USERS\S-1-5-21-3857839104-3952859072-2417217460-1004\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C495F91B-7162-4340-8DB3-FA978C1C622F} deleted successfully
HKEY_USERS\S-1-5-21-3857839104-3952859072-2417217460-1004\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C495F91D-7162-4340-8DB3-FA978C1C622F} deleted successfully
HKEY_USERS\S-1-5-21-3857839104-3952859072-2417217460-1004\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C495F91E-7162-4340-8DB3-FA978C1C622F} deleted successfully
HKEY_USERS\S-1-5-21-3857839104-3952859072-2417217460-1004\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C6B7F4D9-8D15-4a48-A722-B54C3D6FCE70} deleted successfully
HKEY_USERS\S-1-5-21-3857839104-3952859072-2417217460-1004\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F12966A9-C139-4431-8340-302465FB0837} deleted successfully
HKEY_USERS\S-1-5-21-3857839104-3952859072-2417217460-1004\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\ffcfcwci.default

---- FireFox user.js and prefs.js backups ----

user_Mon242016_0134_.backup
prefs_Mon242016_0134_.backup

ProfilePath: C:\Users\MEWTW_~1\AppData\Roaming\Mozilla\Firefox\Profiles\20dk29ex.default-1477132197143

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_Mon242016_0134_.backup

ProfilePath: C:\Users\veronica\AppData\Roaming\Mozilla\Firefox\Profiles\u7bj0txl.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ----

prefs_Mon242016_0134_.backup

ProfilePath: C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\ulfytbj2.default

prefs.js not found
user.js not found
---- FireFox user.js and prefs.js backups ----

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Anvisoft not found
C:\PROGRA~2\EaseUS not found
C:\PROGRA~2\M3 Software not found
C:\PROGRA~2\OSTotoSoft not found
C:\PROGRA~2\SystemsSupport not found
C:\PROGRA~2\TrimFoobar not found
C:\PROGRA~2\UltimateOutsider not found
C:\PROGRA~2\Veoh Networks not found
C:\PROGRA~2\Windows Network Accelerater not found
C:\PROGRA~3\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} not found
C:\Users\mewtw_000\AppData\Local\Anvisoft deleted
C:\PROGRA~2\Bing Translate To English deleted
C:\PROGRA~2\Citable deleted
C:\PROGRA~2\HTTP Headers deleted
C:\PROGRA~2\Steam Trader Helper deleted
C:\Users\mewtw_000\AppData\Roaming\discord deleted
C:\Users\mewtw_000\AppData\Roaming\Yahoo Messenger deleted
C:\Users\mewtw_000\.android deleted
C:\PROGRA~2\Yahoo! deleted
C:\PROGRA~2\Wondershare deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\found.000 deleted
C:\found.001 deleted
C:\found.002 deleted
C:\PROGRA~3\Yahoo! deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\alex\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67} deleted
C:\Users\mewtw_000\AppData\Local\Wondershare deleted
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\LavasoftTcpService deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\windows\SysNative\rsrcs.dll deleted
C:\windows\SysNative\tasks\ASC9_PerformanceMonitor deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\WINDOWS\SysWOW64\AniGIF.ocx deleted
C:\Users\veronica\AppData\Roaming\Mozilla\Firefox\Profiles\u7bj0txl.default\extensions\staged deleted
C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\ulfytbj2.default\extensions\staged deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\ffcfcwci.default
user_pref("browser.startup.homepage", "http://www.calvarych...signalhill.com/");
user_pref("browser.newtab.url", "about:newtab");
user_pref("browser.search.defaultenginename.US", "Google");

ProfilePath: C:\Users\MEWTW_~1\AppData\Roaming\Mozilla\Firefox\Profiles\20dk29ex.default-1477132197143
user_pref("browser.startup.homepage", "www.wwe.com/");
user_pref("browser.search.defaultenginename", "Google");

ProfilePath: C:\Users\veronica\AppData\Roaming\Mozilla\Firefox\Profiles\u7bj0txl.default
user_pref("browser.startup.homepage", "https://www.malwareb...&os=Windows+8.1");
user_pref("browser.startup.homepage", "https://www.malwareb...&os=Windows+8.1");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\ffcfcwci.default
- metacert - %ProfilePath%\extensions\{4A627709-9DBB-44B0-A02C-BE049AE901AA}.xpi
- Procon Latte Content Filter - %ProfilePath%\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}.xpi

ProfilePath: C:\Users\MEWTW_~1\AppData\Roaming\Mozilla\Firefox\Profiles\20dk29ex.default-1477132197143
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\ulfytbj2.default
- Start Page - %ProfilePath%\extensions\{3c59c791-aeec-44bb-af60-ff112eea18e3}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\mewtw_000\AppData\Roaming\Mozilla\Firefox\Profiles\20dk29ex.default-1477132197143
86C2467018027DFF6ED94F50D9CF1145 - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll - Shockwave for Director / Shockwave for Director
2E661988463BCFA1B95D4DAAB9B0B6FA - C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_17_0_0_188.dll - Shockwave Flash
32534FFE70905DD87DDAAF7437897560 - C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_185.dll - Shockwave Flash
3EE8AE0ECFE5D79DE1737A855AD1E84C - C:\Users\mewtw_000\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll - Google Update
20FF20FBC1F20ADEC0AD6AF98ABE9545 - C:\Users\mewtw_000\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
57D28190C994AD5E9B1007FB2259393A - C:\Users\mewtw_000\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer

==== Deleted Firefox Extensions ======================

C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\ulfytbj2.default\extensions\{3c59c791-aeec-44bb-af60-ff112eea18e3} deleted

==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\veronica\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[05/25/2016 Wed 10:31 AM]
peefembmkccmkodbcpgilfjgkligpbba - No path found[]

Chrome Media Router - alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Simple Profanity Filter - mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ackkocjhcalcpgpfjcoinogdejibgbho
Nanny for Google Chrome ™ - mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cljcgchbnolheggdgaeclffeagnnmhno
Skype - mewtw_000\AppData\Local\Chromium\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
MyStart - mewtw_000\AppData\Local\Chromium\User Data\Default\Extensions\peefembmkccmkodbcpgilfjgkligpbba
Chrome Media Router - mewtw_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Startpages ======================

C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "https://search.yahoo...83&fr=yo-yhp-ch",
"startup_urls": [ "https://search.yahoo...83&fr=yo-yhp-ch" ]

==== Chromium Fix ======================

C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.doubleclick.net_0.localstorage deleted successfully
C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads.qadservice.com_0.localstorage deleted successfully
C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\mewtw_000\AppData\Local\Chromium\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\mewtw_000\AppData\Local\Chromium\User Data\Default\Extensions\peefembmkccmkodbcpgilfjgkligpbba deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.wwe.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.wwe.com/"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...ms}&FORM=IE8SRC
HKLM\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} - http://www.bing.com/...ms}&FORM=IE8SRC
HKLM\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} - http://www.google.co...g}&sourceid=ie7
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...ms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.co...g}&sourceid=ie7
HKCU\SearchScopes "DefaultScope"="{2f23ab71-4ac6-41f2-a955-ea576e553146}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.co...?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...Box&FORM=IESR02
HKCU\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} - http://www.google.co...1I7GGHP_enUS629

==== shortcuts on Users Desktops ======================

C:\Users\alex\Desktop\Back in the Day - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Back in the Day
C:\Users\alex\Desktop\Barbara Mason - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Barbara Mason
C:\Users\alex\Desktop\Celso - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Celso
C:\Users\alex\Desktop\Cinco De Mayo - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Cinco De Mayo
C:\Users\alex\Desktop\Cornelio - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Cornelio
C:\Users\alex\Desktop\Cruising - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Cruising
C:\Users\alex\Desktop\Firme Rolas - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Firme Rolas
C:\Users\alex\Desktop\funk - Shortcut.lnk - D:\Alexs' Desktop\Desktop\funk
C:\Users\alex\Desktop\gangster oldies - Shortcut.lnk - D:\Alexs' Desktop\Desktop\gangster oldies
C:\Users\alex\Desktop\Gangster soul girls - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Gangster soul girls
C:\Users\alex\Desktop\God bless the barrio - Shortcut.lnk - D:\Alexs' Desktop\Desktop\God bless the barrio
C:\Users\alex\Desktop\Hello Stranger - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Hello Stranger
C:\Users\alex\Desktop\Hermanas Padillas - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Hermanas Padillas
C:\Users\alex\Desktop\Jack's CD - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Jack's CD
C:\Users\alex\Desktop\Kiss and tell - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Kiss and tell
C:\Users\alex\Desktop\Latin Soul 2 - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Latin Soul 2
C:\Users\alex\Desktop\Latin Soul 3 - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Latin Soul 3
C:\Users\alex\Desktop\Linda Ronstadt - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Linda Ronstadt
C:\Users\alex\Desktop\Lost soul oldies vol.1 - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Lost soul oldies vol.1
C:\Users\alex\Desktop\Lost soul oldies Vol.10 - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Lost soul oldies Vol.10
C:\Users\alex\Desktop\Lost soul Oldies Vol.11 - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Lost soul Oldies Vol.11
C:\Users\alex\Desktop\Lost soul Oldies Vol.12 - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Lost soul Oldies Vol.12
C:\Users\alex\Desktop\Lost Soul Oldies Vol.13r - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Lost Soul Oldies Vol.13r
C:\Users\alex\Desktop\Lost Soul Oldies Vol.15 - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Lost Soul Oldies Vol.15
C:\Users\alex\Desktop\Lost soul oldies vol.2 - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Lost soul oldies vol.2
C:\Users\alex\Desktop\Lost Soul Oldies Vol.3 - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Lost Soul Oldies Vol.3
C:\Users\alex\Desktop\Lost Soul Oldies vol.4 - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Lost Soul Oldies vol.4
C:\Users\alex\Desktop\Lost soul oldies vol.5 - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Lost soul oldies vol.5
C:\Users\alex\Desktop\Lost soul oldies vol.6 - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Lost soul oldies vol.6
C:\Users\alex\Desktop\Lost soul oldies Vol.7 - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Lost soul oldies Vol.7
C:\Users\alex\Desktop\Lost Soul Oldies Vol.9 - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Lost Soul Oldies Vol.9
C:\Users\alex\Desktop\Lost Soul vol.8 - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Lost Soul vol.8
C:\Users\alex\Desktop\LSG - Shortcut.lnk - D:\Alexs' Desktop\Desktop\LSG
C:\Users\alex\Desktop\mas music - Shortcut.lnk - D:\Alexs' Desktop\Desktop\mas music
C:\Users\alex\Desktop\Mex Mix 2 - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Mex Mix 2
C:\Users\alex\Desktop\Mix CD - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Mix CD
C:\Users\alex\Desktop\music - Shortcut.lnk - D:\Alexs' Desktop\Desktop\music
C:\Users\alex\Desktop\Navidad - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Navidad
C:\Users\alex\Desktop\New Songs - Shortcut.lnk - D:\Alexs' Desktop\Desktop\New Songs
C:\Users\alex\Desktop\Phat Jams - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Phat Jams
C:\Users\alex\Desktop\Queens - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Queens
C:\Users\alex\Desktop\Queens of soul - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Queens of soul
C:\Users\alex\Desktop\Sly,Slick & Wicked - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Sly,Slick & Wicked
C:\Users\alex\Desktop\The Dramatics - Shortcut.lnk - D:\Alexs' Desktop\Desktop\The Dramatics
C:\Users\alex\Desktop\the jams - Shortcut.lnk - D:\Alexs' Desktop\Desktop\the jams
C:\Users\alex\Desktop\throwback oldies v1 d1-2 - Shortcut.lnk - D:\Alexs' Desktop\Desktop\throwback oldies v1 d1-2
C:\Users\alex\Desktop\throwback oldies vol.3 d1-3 - Shortcut.lnk - D:\Alexs' Desktop\Desktop\throwback oldies vol.3 d1-3
C:\Users\alex\Desktop\throwback oldies vol.5 d1-2 - Shortcut.lnk - D:\Alexs' Desktop\Desktop\throwback oldies vol.5 d1-2
C:\Users\alex\Desktop\throwback oldies vol2 d1-2 - Shortcut.lnk - D:\Alexs' Desktop\Desktop\throwback oldies vol2 d1-2
C:\Users\alex\Desktop\throwback oldies vol4 d1-2 - Shortcut.lnk - D:\Alexs' Desktop\Desktop\throwback oldies vol4 d1-2
C:\Users\alex\Desktop\underground - Shortcut.lnk - D:\Alexs' Desktop\Desktop\underground
C:\Users\alex\Desktop\veteranas - Shortcut.lnk - D:\Alexs' Desktop\Desktop\veteranas
C:\Users\alex\Desktop\Veterano Layback - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Veterano Layback
C:\Users\alex\Desktop\Veterano Love 9 - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Veterano Love 9
C:\Users\alex\Desktop\Veterano Motown - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Veterano Motown
C:\Users\alex\Desktop\Veterano Soul 10 - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Veterano Soul 10
C:\Users\alex\Desktop\Veterano Story 2 - Shortcut.lnk - D:\Alexs' Desktop\Desktop\Veterano Story 2
C:\Users\alex\Desktop\Zelda Classic 1.92 beta 183.lnk - C:\ZC192B183\zelda-w.exe -windowed
C:\Users\mario\Desktop\Amazon Music.lnk - C:\Users\mewtw_000\AppData\Local\Amazon Music\Amazon Music.exe
C:\Users\mario\Desktop\Zelda Classic 1.92 beta 183.lnk - C:\ZC192B183\zelda-w.exe -windowed
C:\Users\mewtw_000\Desktop\Amazon Music.lnk - C:\Users\mewtw_000\AppData\Local\Amazon Music\Amazon Music.exe
C:\Users\mewtw_000\Desktop\Bionic Commando Rearmed.lnk - C:\Program Files (x86)\R.G. Mechanics\Bionic Commando Rearmed\Launcher.exe
C:\Users\mewtw_000\Desktop\Black_Chocobo.exe - Shortcut.lnk - C:\Program Files (x86)\Black_Chocobo\Black_Chocobo.exe
C:\Users\mewtw_000\Desktop\Cheat Engine.exe - Shortcut.lnk - C:\Program Files (x86)\Cheat Engine 6.4\Cheat Engine.exe
C:\Users\mewtw_000\Desktop\Dead Rising 3.lnk - D:\Games\Dead Rising 3\deadrising3.exe
C:\Users\mewtw_000\Desktop\DOOM 3 BFG Edition.lnk - C:\Program Files (x86)\R.G. Mechanics\DOOM 3 BFG Edition\Doom3BFG.exe
C:\Users\mewtw_000\Desktop\Fallout Mod Manager.lnk - C:\Program Files (x86)\GeMM\fomm.exe
C:\Users\mewtw_000\Desktop\FINAL FANTASY IX.lnk - C:\Program Files (x86)\FINAL FANTASY IX\FF9_Launcher.exe
C:\Users\mewtw_000\Desktop\firefox.exe - Shortcut.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\mewtw_000\Desktop\Game Companion.lnk - C:\Users\mewtw_000\AppData\Roaming\GameCompanion\GameCompanion.exe
C:\Users\mewtw_000\Desktop\JDownloader 2.lnk - C:\Users\mewtw_000\AppData\Local\JDownloader 2.0\JDownloader2.exe
C:\Users\mewtw_000\Desktop\join.me.lnk - C:\Users\mewtw_000\AppData\Local\join.me\join.me.exe
C:\Users\mewtw_000\Desktop\Mighty No 9.lnk - D:\Games\Mighty No 9\Binaries\Win32\MN9Game.exe -nohomedir -seekfreeloadingpcconsole
C:\Users\mewtw_000\Desktop\pec.exe - Shortcut (2).lnk - C:\psx emulation cheater\pec.exe
C:\Users\mewtw_000\Desktop\Photoshop.exe - Shortcut.lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop CS6\Photoshop.exe
C:\Users\mewtw_000\Desktop\PowerSaves3DS.exe - Shortcut.lnk - C:\Program Files (x86)\Action Replay PowerSaves 3DS\PowerSaves3DS.exe
C:\Users\mewtw_000\Desktop\Project64.exe - Shortcut.lnk - C:\Program Files (x86)\Project64 2.1\Project64.exe
C:\Users\mewtw_000\Desktop\sai.exe - Shortcut.lnk - C:\Users\mewtw_000\Desktop\Sai 1.1.0 2nd\sai.exe
C:\Users\mewtw_000\Desktop\Star Wars The Force Unleashed 2.lnk - C:\Program Files (x86)\LucasArts\Star Wars The Force Unleashed 2\launcher.exe
C:\Users\mewtw_000\Desktop\Star Wars The Force Unleashed.lnk - C:\Program Files (x86)\Aspyr\Star Wars The Force Unleashed\SWTFU Launcher.exe
C:\Users\mewtw_000\Desktop\Steam.exe - Shortcut.lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\Users\mewtw_000\Desktop\Tweaking.com - Windows Repair.lnk - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe
C:\Users\mewtw_000\Desktop\WBFS Manager 3.0.lnk - C:\Program Files (x86)\WBFS\WBFS Manager 3.0\WBFSManager.exe
C:\Users\mewtw_000\Desktop\XFast LAN.lnk - C:\Program Files (x86)\ASRock\XFast LAN\cfosspeed.exe
C:\Users\mewtw_000\Desktop\Zelda Classic 1.92 beta 183.lnk - C:\ZC192B183\zelda-w.exe
C:\Users\mewtw_000\Desktop\Emulators\MKFMasterv053\MKFMasterv053.exe - Shortcut.lnk - E:\Emulators\MKFMasterv053\MKFMasterv053.exe
C:\Users\mewtw_000\Desktop\Emulators\Nijikaku\ô°èiìXÉVâAâbâvâfü[âgâcü[âï.lnk - 
C:\Users\mewtw_000\Desktop\Emulators\OverworldEditorRE\Most recently used ROM.gba.lnk - C:\Users\mewtw_000\Desktop\Emulators\VisualBoyAdvanceCE10\Pokemon - Emerald (all pokemons).gba
C:\Users\mewtw_000\Desktop\gzdoom-bin-1-4-08\gzdoom.exe - Shortcut.lnk - C:\Users\mewtw_000\Desktop\gzdoom-bin-1-4-08\gzdoom.exe -file
C:\Users\mewtw_000\Desktop\mugen\sound\Music - Shortcut.lnk - C:\Users\mewtw_000\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms
C:\Users\veronica\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --disable-quic
C:\Users\veronica\Desktop\Zelda Classic 1.92 beta 183.lnk - C:\ZC192B183\zelda-w.exe -windowed

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Advanced SystemCare 9.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /manual
C:\Users\Public\Desktop\AIM.lnk - C:\Program Files (x86)\AIM\aim.exe
C:\Users\Public\Desktop\Amazon Music Importer.lnk - C:\Program Files (x86)\Amazon\Utilities\Amazon Music Importer\Amazon Music Importer.exe
C:\Users\Public\Desktop\Angry Video Game Nerd II ASSimilation.lnk - C:\Program Files (x86)\Angry Video Game Nerd II ASSimilation\AVGN2.exe
C:\Users\Public\Desktop\ASRock eXtreme Tuner.lnk - C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe
C:\Users\Public\Desktop\ASRock RapidStart.lnk - C:\Program Files (x86)\ASRock Utility\RapidStart\AsrRapidStart.exe
C:\Users\Public\Desktop\ASRock Restart to UEFI.lnk - C:\Program Files (x86)\ASRock Utility\ASRockRuefi\Bin\AsrRuefi.exe
C:\Users\Public\Desktop\ASRock SmartConnect.lnk - C:\Program Files (x86)\ASRock Utility\SmartConnect\AsrSmartConnect.exe
C:\Users\Public\Desktop\Audacity.lnk - C:\Program Files (x86)\Audacity\audacity.exe
C:\Users\Public\Desktop\Bethesda.net Launcher.lnk - C:\Program Files (x86)\Bethesda.net Launcher\BethesdaNetUpdater.exe
C:\Users\Public\Desktop\CloneCD.lnk - C:\Program Files (x86)\SlySoft\CloneCD\CloneCD.exe
C:\Users\Public\Desktop\CloneDVD2.lnk - C:\Program Files (x86)\Elaborate Bytes\CloneDVD2\CloneDVD2.exe
C:\Users\Public\Desktop\DAEMON Tools Pro.lnk - C:\Program Files (x86)\DAEMON Tools Pro\DTPro.exe
C:\Users\Public\Desktop\Dolphin.lnk - C:\Program Files\Dolphin\Dolphin.exe
C:\Users\Public\Desktop\Driver Booster 3.lnk - C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
C:\Users\Public\Desktop\FINAL FANTASY V.lnk - C:\Program Files (x86)\FINAL FANTASY V\FFV_Launcher.exe
C:\Users\Public\Desktop\Firestorm-Releasex64.lnk - C:\Program Files (x86)\Firestorm-Releasex64\Firestorm-bin.exe
C:\Users\Public\Desktop\Freedom Planet.lnk - C:\GOG Games\Freedom Planet\FP.exe
C:\Users\Public\Desktop\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe
C:\Users\Public\Desktop\G??gl? ?hr?m?.lnk - 
C:\Users\Public\Desktop\Hard Time 2D.lnk - C:\Program Files (x86)\MDickie\Hard Time 2D\Hard Time 2D.exe
C:\Users\Public\Desktop\HxD.lnk - C:\Program Files (x86)\HxD\HxD.exe
C:\Users\Public\Desktop\IObit Malware Fighter.lnk - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Users\Public\Desktop\IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\LogMeIn Hamachi.lnk - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Users\Public\Desktop\LOOT.lnk - C:\Program Files (x86)\LOOT\LOOT.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\ManyCam.lnk - C:\Program Files (x86)\ManyCam\ManyCam.exe
C:\Users\Public\Desktop\mIRC.lnk - C:\Program Files (x86)\mIRC\mirc.exe
C:\Users\Public\Desktop\MKX Downloads.lnk - C:\Program Files (x86)\MKX Mod Manager\www\downloads
C:\Users\Public\Desktop\MKX Mod Manager.lnk - C:\Program Files (x86)\MKX Mod Manager\phpdesktop-chrome.exe
C:\Users\Public\Desktop\MKX Mods.lnk - C:\Program Files (x86)\MKX Mod Manager\www\mods
C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk - C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe
C:\Users\Public\Desktop\Nexus Mod Manager.lnk - C:\Program Files\Nexus Mod Manager\NexusClient.exe
C:\Users\Public\Desktop\ooVoo.lnk - C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Users\Public\Desktop\OpenOffice 4.1.2.lnk - C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
C:\Users\Public\Desktop\PCSX2 1.4.0.lnk - C:\Program Files (x86)\PCSX2 1.4.0\pcsx2.exe
C:\Users\Public\Desktop\PlayMemories Home Help.lnk - C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
C:\Users\Public\Desktop\PlayMemories Home.lnk - C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
C:\Users\Public\Desktop\PrintProjects.lnk - C:\Program Files (x86)\PrintProjects\PhotoProduct.exe
C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
C:\Users\Public\Desktop\Razer Cortex.lnk - C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe
C:\Users\Public\Desktop\RogueKiller.lnk - C:\Program Files (x86)\RogueKiller\RogueKiller64.exe
C:\Users\Public\Desktop\RPG Maker VX Ace.lnk - C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe
C:\Users\Public\Desktop\Second Life Viewer.lnk - C:\Program Files (x86)\SecondLifeViewer\SecondLifeViewer.exe --set InstallLanguage en
C:\Users\Public\Desktop\ShowBiz DVD 2.lnk - C:\Program Files (x86)\ArcSoft\ShowBiz DVD 2\Wizard.exe
C:\Users\Public\Desktop\Singularity (64 bit) Viewer.lnk - C:\Program Files (x86)\Singularity\SingularityViewer.exe
C:\Users\Public\Desktop\Skype.lnk - C:\WINDOWS\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe
C:\Users\Public\Desktop\Smart Defrag 5.lnk - C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win64.exe
C:\Users\Public\Desktop\TeamViewer 11.lnk - C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Users\Public\Desktop\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\Public\Desktop\WinImage (administrator).lnk - C:\Program Files (x86)\WinImage\winimage.exe
C:\Users\Public\Desktop\WinImage.lnk - C:\Program Files (x86)\WinImage\winimage.exe
C:\Users\Public\Desktop\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Public\Desktop\Wondershare Data Recovery.lnk - C:\Program Files (x86)\Wondershare\Data Recovery\WSDataRecovery.exe
C:\Users\Public\Desktop\Yahoo Messenger.lnk - 

==== shortcuts in Users Start Menu ======================

C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\mewtw_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\mewtw_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk - C:\Users\mewtw_000\AppData\Local\join.me\join.me.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\mewtw_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Defrag.lnk - C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DailyBee\DailyBee.lnk - C:\Users\mewtw_000\AppData\Roaming\DailyBee\DailyBee.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DailyBee\Uninstall.lnk - C:\Users\mewtw_000\AppData\Roaming\DailyBee\Uninstall.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DXGL\Configure DXGL.lnk - C:\Program Files (x86)\DXGL\dxglcfg.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DXGL\DXGL Help.lnk - C:\Program Files (x86)\DXGL\dxgl.chm
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DXGL\DXGL Test.lnk - C:\Program Files (x86)\DXGL\dxgltest.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DXGL\Third-party Credits.lnk - C:\Program Files (x86)\DXGL\ThirdParty.txt
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DXGL\Uninstall.lnk - C:\Program Files (x86)\DXGL\uninst.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DXGL\Website.lnk - C:\Program Files (x86)\DXGL\DXGL.url

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --disable-quic
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOOT.lnk - C:\Program Files (x86)\LOOT\LOOT.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk - C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay PowerSaves 3DS\Action Replay PowerSaves 3DS.lnk - C:\Program Files (x86)\Action Replay PowerSaves 3DS\PowerSaves3DS.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare\Advanced SystemCare 9.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /manual
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare\Protect.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /Protect
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare\Speed Up.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /turboboost
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare\Toolbox.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /toolbox
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare\Uninstall Advanced SystemCare.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Rising 3\Dead Rising 3.lnk - D:\Games\Dead Rising 3\deadrising3.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Rising 3\Uninstall.lnk - D:\Games\Dead Rising 3\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin\Dolphin.lnk - C:\Program Files\Dolphin\Dolphin.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin\Uninstall Dolphin.lnk - C:\Program Files (x86)\Dolphin\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin x86\Dolphin x86.lnk - C:\Program Files (x86)\Dolphin x86\Dolphin.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin x86\Uninstall Dolphin x86.lnk - C:\Program Files (x86)\Dolphin x86\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3\Driver Booster 3.lnk - C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3\Uninstall Driver Booster 3.lnk - C:\Program Files (x86)\IObit\Driver Booster\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FINAL FANTASY IX\Uninstall FINAL FANTASY IX.lnk - C:\Program Files (x86)\FINAL FANTASY IX\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm\Firestorm-Releasex64.lnk - C:\Program Files (x86)\Firestorm-Releasex64\Firestorm-bin.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\Remove HitmanPro 3.7.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe /uninstall
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Calendar.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe calendar
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Contacts.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe contacts
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Find My iPhone.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe find
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud Photos.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreamsShortcut.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Keynote.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe keynote
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Mail.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe mail
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Notes.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe notes
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Numbers.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe numbers
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Pages.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe pages
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Reminders.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe reminders
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter\IObit Malware Fighter.lnk - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter\Uninstall IObit Malware Fighter.lnk - C:\Program Files (x86)\IObit\IObit Malware Fighter\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\Uninstall IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_111\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre1.8.0_111\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_111\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi\LogMeIn Hamachi.lnk - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi\Uninstall.lnk - C:\WINDOWS\SysWOW64\msiexec.exe /i {350C555E-83A3-488D-AE14-67F6EB55FC06} REMOVE=ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam\ManyCam.lnk - C:\Program Files (x86)\ManyCam\ManyCam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam\Reset settings.lnk - C:\Program Files (x86)\ManyCam\ManyCam.exe --remove-settings
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam\Uninstall ManyCam.lnk - C:\Program Files (x86)\ManyCam\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk - C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe "C:\Program Files (x86)\Microsoft Office\Root\Office16\MSOUC.EXE"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mighty No 9\Mighty No 9.lnk - D:\Games\Mighty No 9\Binaries\Win32\MN9Game.exe -nohomedir -seekfreeloadingpcconsole
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mighty No 9\Uninstall Mighty No 9.lnk - D:\Games\Mighty No 9\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager\Nexus Mod Manager (Trace Mode).lnk - C:\Program Files\Nexus Mod Manager\NexusClient.exe -trace
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager\Nexus Mod Manager.lnk - C:\Program Files\Nexus Mod Manager\NexusClient.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager\Uninstall Nexus Mod Manager.lnk - C:\Program Files\Nexus Mod Manager\uninstall\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /show
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer\Razer Cortex\Razer Cortex.lnk - C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer\Second Life Viewer.lnk - C:\Program Files (x86)\SecondLifeViewer\SecondLifeViewer.exe --set InstallLanguage en
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer\Uninstall Second Life Viewer.lnk - C:\Program Files (x86)\SecondLifeViewer\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag\Smart Defrag 5.lnk - C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag\Uninstall Smart Defrag.lnk - C:\Program Files (x86)\IObit\Smart Defrag\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Uninstall Tweaking.com - Windows Repair.lnk - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\uninstall.exe "/U:C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Uninstall\uninstall.xml"

==== shortcuts in Quick Launch ======================

C:\Users\alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AIM.lnk - C:\Program Files (x86)\AIM\aim.exe /d locale=en-US
C:\Users\alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --disable-quic
C:\Users\alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - 
C:\Users\alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - 
C:\Users\alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yahoo Messenger.lnk - 
C:\Users\alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9b375ab54cba834\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory=Default --disable-quic
C:\Users\alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer (2).lnk - 
C:\Users\alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - 
C:\Users\alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --disable-quic
C:\Users\alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer 11 (2).lnk - C:\Program Files (x86)\Internet Explorer 11\iexplorer.exe
C:\Users\alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer 11.lnk - C:\Program Files (x86)\Internet Explorer 11\iexplorer.exe
C:\Users\alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\iTunes (2).lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk - C:\Windows\explorer.exe
C:\Users\alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Store.lnk - C:\Windows\explorer.exe shell:AppsFolder\Microsoft.WindowsStore_8wekyb3d8bbweApp
C:\Users\alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\YTD Video Downloader (2).lnk - C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - 
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - 
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - 
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - 
C:\Users\mario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AIM.lnk - C:\Program Files (x86)\AIM\aim.exe /d locale=en-US
C:\Users\mario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --disable-quic
C:\Users\mario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - 
C:\Users\mario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - 
C:\Users\mario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yahoo Messenger.lnk - 
C:\Users\mario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\PrintProjects.lnk - C:\Program Files (x86)\PrintProjects\PhotoProduct.exe
C:\Users\mario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster 2.lnk - C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
C:\Users\mario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - 
C:\Users\mario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --disable-quic
C:\Users\mario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AIM.lnk - C:\Program Files (x86)\AIM\aim.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Fallout Mod Manager.lnk - C:\Program Files (x86)\GeMM\fomm.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --disable-quic
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\HxD.lnk - C:\Program Files (x86)\HxD\HxD.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\JDownloader 2.lnk - 
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk - C:\Program Files (x86)\JDownloader\JDownloaderPortable.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk - C:\Program Files (x86)\ManyCam\ManyCam.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk - C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nexus Mod Manager.lnk - C:\Program Files\Nexus Mod Manager\NexusClient.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Oblivion Mod Manager.lnk - C:\Program Files (x86)\Steam\steamapps\common\Oblivion\OblivionModManager.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - 
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - 
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wondershare Data Recovery.lnk - C:\Program Files (x86)\Wondershare\Data Recovery\WSDataRecovery.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yahoo Messenger.lnk - 
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\70f62c6a7f1739bd\pinned.lnk - C:\WINDOWS\system32\rundll32.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 9.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster 2.lnk - C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster 3.lnk - C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer (2).lnk - 
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - 
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --disable-quic
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox (3).lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\NVIDIA Inspector (2).lnk - C:\Users\mewtw_000\Desktop\nvidiaInspector\nvidiaInspector.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\NVIDIA Inspector.lnk - C:\Users\mewtw_000\Desktop\nvidiaInspector\nvidiaInspector.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Steam (2).lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\Users\veronica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AIM.lnk - C:\Program Files (x86)\AIM\aim.exe /d locale=en-US
C:\Users\veronica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --disable-quic
C:\Users\veronica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - 
C:\Users\veronica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - 
C:\Users\veronica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yahoo Messenger.lnk - 
C:\Users\veronica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - 
C:\Users\veronica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --disable-quic

==== shortcuts After Repair ======================

C:\Users\veronica\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\mario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\mario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\mewtw_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\veronica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\veronica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\peefembmkccmkodbcpgilfjgkligpbba deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E9AD2F38-EF9C-B9DA-048A-A92FBC17701E} deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\alex\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\alex\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\mario\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\mewtw_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\mewtw_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\alex\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\mario\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\mewtw_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\mewtw_000\AppData\Local\Microsoft\Windows\INetCache\IE\BXNT56Z5 will be deleted at reboot
C:\Users\mewtw_000\AppData\Local\Microsoft\Windows\INetCache\IE\JKUE5NOX will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\mario\AppData\Local\Mozilla\Firefox\Profiles\ffcfcwci.default\cache2 emptied successfully
C:\Users\mewtw_000\AppData\Local\Mozilla\Firefox\Profiles\20dk29ex.default-1477132197143\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\mewtw_000\AppData\Local\Chromium\User Data\Default\Cache emptied successfully
C:\Users\mewtw_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1361 folders=340 667370040 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\MEWTW_~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\mewtw_000\AppData\Local\Microsoft\Windows\INetCache\IE\BXNT56Z5" not found
"C:\Users\mewtw_000\AppData\Local\Microsoft\Windows\INetCache\IE\JKUE5NOX" not found

==== EOF on 10/24/2016 Mon at 14:14:03.01 ======================

 

all browsers were refreshed as well.

[zep516]

• Download Emsisoft Emergency Kit and save it to your desktop.
• Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
• Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
• Click Yes to update the program
• Once the update is completed click the Back button
• Click on 2. Scan (not Quick Scan or Smart Scan Click Yes to detect Potentially Unwanted Programs (PUPs)
• Patiently wait for the thorough scan to complete, this can be a lengthy process
• Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
• Click View Report
• Attach the report to your reply
• Close the program then click Close

[Lucky Dearly]

okay here's the log file

Attached Files

•  scan_161024-230944.txt   10.02KB   177 downloads

[zep516]

Hello,

I want you to run adwCleaner once more, remember right click all my tools and run as administrator.

[Lucky Dearly]

here's the log file from adwcleaner

 

 

# AdwCleaner v6.030 - Logfile created 26/10/2016 at 12:36:24
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-25.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : mewtw_000 - GAMERPC2
# Running from : C:\Users\mewtw_000\Desktop\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support

 

***** [ Services ] *****

 

***** [ Folders ] *****

[-] Folder deleted: C:\Users\mewtw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DailyBee
[!] Folder not deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
[-] Folder deleted: C:\Program Files (x86)\GreenTree Applications

***** [ Files ] *****

[!] File not deleted: C:\Users\Public\Desktop\YTD Video Downloader.lnk

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

 

***** [ Registry ] *****

[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SYSSECURE
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SYSSECURE
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CpuHeatMapping
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CpuHeatMapping
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CpuEssentials
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CpuEssentials
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key deleted: HKU\S-1-5-21-3857839104-3952859072-2417217460-1004\Software\GreenTree Applications
[-] Key deleted: HKU\S-1-5-21-3857839104-3952859072-2417217460-1004\Software\wondershare
[#] Key deleted on reboot: HKCU\Software\GreenTree Applications
[#] Key deleted on reboot: HKCU\Software\wondershare
[-] Key deleted: HKLM\SOFTWARE\wondershare
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
[#] Key deleted on reboot: [x64] HKCU\Software\GreenTree Applications
[#] Key deleted on reboot: [x64] HKCU\Software\wondershare
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cmptch.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\coupontime.co
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\reimageplus.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.cmptch.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.coupontime00.coupontime.co
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.reimageplus.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\coupontime.co
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\reimageplus.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.coupontime00.coupontime.co
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.reimageplus.com

***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "browser.startup.homepage" -  "hxxps://search.yahoo.com/?type=715483&fr=spigot-yhp-ff hxxps://www.malwarebytes.org/restorebrowser/yhp-ff hxxp://www.gamefaqs.com/"
[-] [C:\Users\mewtw_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\mewtw_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\mewtw_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: www-searching.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [22361 Bytes] - [12/04/2016 02:21:58]
C:\AdwCleaner\AdwCleaner[C2].txt - [8901 Bytes] - [01/08/2016 20:22:59]
C:\AdwCleaner\AdwCleaner[C3].txt - [11663 Bytes] - [13/10/2016 16:38:37]
C:\AdwCleaner\AdwCleaner[C4].txt - [8874 Bytes] - [20/10/2016 19:24:06]
C:\AdwCleaner\AdwCleaner[C5].txt - [4708 Bytes] - [22/10/2016 03:15:33]
C:\AdwCleaner\AdwCleaner[C6].txt - [4601 Bytes] - [26/10/2016 12:36:24]
C:\AdwCleaner\AdwCleaner[S1].txt - [22953 Bytes] - [12/04/2016 02:15:25]
C:\AdwCleaner\AdwCleaner[S2].txt - [9405 Bytes] - [01/08/2016 20:18:11]
C:\AdwCleaner\AdwCleaner[S3].txt - [10800 Bytes] - [13/10/2016 16:36:38]
C:\AdwCleaner\AdwCleaner[S4].txt - [8428 Bytes] - [20/10/2016 19:11:29]
C:\AdwCleaner\AdwCleaner[S5].txt - [4547 Bytes] - [22/10/2016 02:53:12]
C:\AdwCleaner\AdwCleaner[S6].txt - [4919 Bytes] - [26/10/2016 12:26:39]

########## EOF - C:\AdwCleaner\AdwCleaner[C6].txt - [5114 Bytes] ##########

[zep516]

Sorry for delay.

How is the computer ?

[Lucky Dearly]

Running a lot better. No longer getting ad popups and link redirects. Things are looking good.

[zep516]

You have been collecting a bit more adware as we go, you or other users must limit your downloads or be careful what you download. On provide tips on at when I close the topic.

If there are no further issues please remove the tools we used.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

Why we need to remove some of our tools:
Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight. They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run.
• The program will run for a few seconds and display a notepad report.
  Paste it for my review.

[Lucky Dearly]

here's the report

 

# DelFix v1.013 - Logfile created 29/10/2016 at 13:21:44
# Updated 17/04/2016 by Xplode
# Username : mewtw_000 - GAMERPC2
# Operating System : Windows 10 Home  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\zoek-results.log
Deleted : C:\Users\mewtw_000\Desktop\adwcleaner_6.030.exe
Deleted : C:\Users\mewtw_000\Desktop\FRST64.exe
Deleted : C:\Users\mewtw_000\Desktop\JRT.exe
Deleted : C:\Users\mewtw_000\Desktop\OTL.exe
Deleted : C:\Users\mewtw_000\Desktop\rkill.com
Deleted : C:\Users\mewtw_000\Desktop\zoek.exe
Deleted : C:\Users\Public\Desktop\RogueKiller.lnk
Deleted : HKLM\SOFTWARE\OldTimer Tools

~ Cleaning system restore ...

Deleted : RP #19 [Windows Update | 10/28/2016 20:20:21]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########