PDA

View Full Version : Slow Computer



Charval
2016-12-27, 12:53
Hi,

Merry Christmas to everyone.

I am helping out my dad, whose comupter is very slow. It is an old machine so we know that doesn't help. Pages take ages to open, often crashing in process. AVG & Windows Defender scans show nothing sinister going on. Has had a new motherboard, which we think may have contributed to problem as it's never been right since this was installed - but person who put it in, said nothing wrong.

Here's logs:

FRST Log:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-12-2016
Ran by valerie (administrator) on REPLACEMENTPC (27-12-2016 10:25:08)
Running from C:\Users\valerie\Desktop
Loaded Profiles: valerie (Available Profiles: valerie)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
() C:\Program Files\ScanGuard\SecurityService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4435968 2007-04-23] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1822720 2007-04-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Run: [EPSON SX210 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE [199680 2008-11-06] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7175384 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\MountPoints2: E - E:\Bin\ASSETUP.exe
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\MountPoints2: {474edf55-1b46-11dc-8149-806e6f6e6963} - E:\inst_32\autorun.exe
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
GroupPolicy: Restriction ? <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{045EA7A2-4987-46C6-BCDA-675480FF3BD8}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {D3B96B60-60D2-4750-A2F3-89C0CDB26A9E} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {F8EBD1FA-411D-4840-848F-74F59FE14D41} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^GB&gct=&itbv=12.24.1.51&apn_uid=FB598443-4F0C-4C01-8747-34C81DFE66D9&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^GB&apn_dbr=ie_9.0.8112.16636&doi=2015-04-15&trgb=IE&q={searchTerms}&psv=&pt=tb
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-09-28] (Google Inc.)
BHO: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2011-09-28] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-25] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-09-28] (Google Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-09-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0018-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab

FireFox:
========
FF ProfilePath: C:\Users\valerie\AppData\Roaming\Mozilla\Firefox\Profiles\3lu1vb8p.default-1475517116985 [2016-12-27]
FF Homepage: Mozilla\Firefox\Profiles\3lu1vb8p.default-1475517116985 -> hxxp://home.bt.com/
FF Extension: (Search and New Tab by Yahoo) - C:\Users\valerie\AppData\Roaming\Mozilla\Firefox\Profiles\3lu1vb8p.default-1475517116985\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2016-11-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-23] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2009-09-02] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/npracplug;version=1.0.0.0 -> C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll [2005-04-27] (RealNetworks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1343853513-471013651-1662923988-1000: @yahoo.com/BrowserPlus,version=2.9.2 -> C:\Users\valerie\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll [2010-06-10] (Yahoo! Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://uk.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default [2016-12-26]
CHR Extension: (Google Slides) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-17]
CHR Extension: (Google Docs) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-17]
CHR Extension: (Google Drive) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-28]
CHR Extension: (Google Search) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Yahoo Partner) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabhkdeopjkcpkmofliimbjckmocfiom [2016-10-28]
CHR Extension: (Google Sheets) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-17]
CHR Extension: (Google Docs Offline) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (GamingWonderland) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi [2016-10-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Yahoo Partner) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo [2016-12-10]
CHR Extension: (Gmail) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-17]
CHR Extension: (TestForSpeed) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn [2016-10-03]
CHR Extension: (Arcade Freak) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmlcfgoffhofioajgeickbojhajoafb [2016-08-19]
CHR HKLM\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 gupdate1c95fd8b90ceb00; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [235696 2015-12-02] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SecurityService; C:\Program Files\ScanGuard\SecurityService.exe [20592 2016-12-07] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [8320 2007-03-08] (GARMIN Corp.) [File not signed]
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28624 2010-08-24] (Logitech, Inc.)
S3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [6144 2007-01-09] (Chic)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
R1 MpKslf312fec8; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4844FF4F-DBFD-4AB2-B5D9-D7E0728E4916}\MpKslf312fec8.sys [39168 2016-12-26] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
R3 NETIMFLT; C:\Windows\System32\DRIVERS\netimflt.sys [142128 2007-04-24] (Panda Software)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2005-03-29] (Sonic Solutions) [File not signed]
S4 secdrv; C:\Windows\system32\Drivers\secdrv.sys [14368 1999-10-11] () [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [304128 2016-05-14] (Microsoft Corporation) [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [146432 2016-05-14] (Microsoft Corporation) [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [103936 2016-05-14] (Microsoft Corporation) [File not signed]
S3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-12] (Microsoft Corporation)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1149552 2010-10-01] (VIA Technologies, Inc.)
S4 blbdrive; no ImagePath
S3 IpInIp; no ImagePath
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
S3 NwlnkFlt; no ImagePath
S3 NwlnkFwd; no ImagePath
S3 PavSRK.sys; no ImagePath
S3 PavTPK.sys; no ImagePath
S1 WNMFLT; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-27 10:25 - 2016-12-27 10:27 - 00018391 _____ C:\Users\valerie\Desktop\FRST.txt
2016-12-27 10:23 - 2016-12-27 10:25 - 00000000 ____D C:\FRST
2016-12-27 10:22 - 2016-12-27 10:22 - 00000815 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-12-27 10:22 - 2016-12-27 10:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-12-27 10:19 - 2016-12-27 10:20 - 08803648 _____ (Piriform Ltd) C:\Users\valerie\Downloads\ccsetup525.exe
2016-12-27 10:14 - 2016-12-27 10:14 - 01762816 _____ (Farbar) C:\Users\valerie\Desktop\FRST.exe
2016-12-26 11:00 - 2016-12-26 11:02 - 00000000 ____D C:\Users\valerie\Documents\UniversalExtractor_111687
2016-12-14 14:39 - 2016-12-14 14:39 - 00001837 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-12-14 14:30 - 2016-12-14 14:32 - 12231000 _____ (Microsoft Corporation) C:\Users\valerie\Downloads\mseinstall (1).exe
2016-12-14 14:16 - 2016-12-14 14:16 - 00313366 _____ C:\Users\valerie\Downloads\WindowsUpdateDiagnostic.diagcab
2016-12-14 13:14 - 2016-12-14 13:14 - 02726828 _____ C:\Users\valerie\Downloads\Windows6.0-KB931099-x86 (1).msu
2016-12-14 13:08 - 2016-12-14 13:08 - 00000000 ____D C:\68d6c8518f46a70d8e
2016-12-14 13:06 - 2016-12-14 13:07 - 02726828 _____ C:\Users\valerie\Downloads\Windows6.0-KB931099-x86.msu
2016-12-14 12:59 - 2016-12-14 13:00 - 107333706 _____ C:\Users\valerie\Downloads\Unconfirmed 737008.crdownload
2016-12-14 11:58 - 2016-12-14 11:58 - 00000000 ____D C:\quardata
2016-12-14 11:44 - 2016-12-14 12:11 - 00000000 ____D C:\Program Files\ScanGuard
2016-12-14 11:43 - 2016-12-14 11:43 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-14 11:41 - 2016-12-14 11:41 - 09816616 _____ C:\Users\valerie\Downloads\ScanGuard(2).exe
2016-12-14 11:40 - 2016-12-14 11:40 - 09816616 _____ C:\Users\valerie\Downloads\ScanGuard(1).exe
2016-12-14 11:38 - 2016-12-14 11:38 - 09816616 _____ C:\Users\valerie\Downloads\ScanGuard.exe
2016-12-13 09:42 - 2016-12-13 09:42 - 00000000 ____D C:\Users\valerie\AppData\Local\{F3CC7D77-101F-484A-95A8-4310B930AF03}
2016-12-13 09:37 - 2016-12-13 10:22 - 00000000 ____D C:\Users\valerie\Downloads\Evergreens
2016-12-01 15:08 - 2016-12-01 15:08 - 00000000 ____D C:\Users\valerie\AppData\Local\ElevatedDiagnostics

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-27 10:22 - 2010-04-06 08:05 - 00000000 ____D C:\Program Files\CCleaner
2016-12-27 09:59 - 2007-06-18 19:23 - 00000000 ___HD C:\Windows\inf
2016-12-27 09:54 - 2016-11-19 14:44 - 00000000 ____D C:\Users\valerie\AppData\LocalLow\Mozilla
2016-12-27 09:50 - 2015-10-06 22:37 - 00000000 ____D C:\Users\valerie\AppData\Roaming\Skype
2016-12-27 09:46 - 2016-05-09 17:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-27 09:34 - 2006-11-02 12:47 - 00005984 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-27 09:34 - 2006-11-02 12:47 - 00005984 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-26 17:50 - 2014-12-09 17:50 - 00000244 _____ C:\Windows\Tasks\Epson Printer Software Downloader.job
2016-12-26 15:13 - 2007-09-04 12:26 - 00000000 ____D C:\ProgramData\TEMP
2016-12-26 11:34 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-26 11:33 - 2006-11-02 13:01 - 00032532 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-26 09:10 - 2007-08-24 09:29 - 00060928 _____ C:\Users\valerie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-12-26 08:48 - 2011-01-20 18:22 - 00000000 ____D C:\Users\valerie\Documents\Excel
2016-12-25 15:46 - 2014-05-20 00:10 - 00000000 ____D C:\Users\valerie\Documents\Lyrics and all
2016-12-25 12:48 - 2011-03-24 10:04 - 00000000 ____D C:\Users\valerie\Documents\Sutton on Sea Railway Houses
2016-12-23 20:45 - 2006-11-02 10:33 - 00765776 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-21 19:38 - 2016-10-30 12:55 - 00000000 ____D C:\Users\valerie\Documents\Mobile Phones
2016-12-21 11:31 - 2016-02-11 15:21 - 00002627 _____ C:\Users\valerie\Desktop\Microsoft Office Word 2007 (2).lnk
2016-12-16 08:09 - 2016-11-19 12:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-12-16 00:05 - 2008-08-19 23:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-12-16 00:02 - 2010-06-04 09:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-12-14 15:33 - 2015-10-16 10:55 - 00000000 ____D C:\Users\valerie\Documents\Charlies misc paperwork 5th 30 KB
2016-12-14 14:40 - 2011-01-28 01:19 - 00002154 _____ C:\Windows\epplauncher.mif
2016-12-14 14:38 - 2011-01-28 01:17 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-12-13 20:46 - 2016-05-09 17:14 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-12-13 20:46 - 2016-05-09 17:14 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-12-13 20:46 - 2007-09-06 12:29 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-13 17:25 - 2009-10-24 11:13 - 00000000 ____D C:\Users\valerie\Documents\Recipes
2016-12-13 13:38 - 2016-08-03 16:53 - 00000000 ____D C:\Users\valerie\Documents\Evergreen miniature Rly
2016-12-13 09:46 - 2010-10-23 22:40 - 00000000 ____D C:\Users\valerie\Documents\King Arthur stuff 1st 227 MB
2016-12-13 09:44 - 2012-12-10 14:13 - 00000000 ____D C:\Users\valerie\Downloads\G&CMES
2016-12-10 23:36 - 2016-07-10 12:46 - 00000000 ____D C:\Users\valerie\Downloads\Blower
2016-12-10 23:32 - 2016-01-07 00:41 - 00000000 ____D C:\Users\valerie\Desktop\BLOWER 2016
2016-12-05 21:07 - 2010-12-22 12:13 - 00000000 ____D C:\Users\valerie\Documents\Lables
2016-12-05 21:07 - 2010-09-12 09:03 - 00000000 ____D C:\Users\valerie\Documents\St Barnabas shop
2016-12-05 09:09 - 2014-08-14 07:58 - 00000000 ____D C:\Users\valerie\Documents\St.Barnabas Brvment
2016-12-04 09:38 - 2015-10-16 10:57 - 00000000 ____D C:\Users\valerie\Documents\Computer stuff
2016-12-03 14:58 - 2016-11-08 10:37 - 00000000 ____D C:\Users\valerie\Desktop\Evergreen news
2016-11-30 15:07 - 2013-03-03 12:38 - 00000000 ____D C:\Users\valerie\Desktop\Trains for sorting
2016-11-28 15:14 - 2016-02-03 13:42 - 00000000 ____D C:\Users\valerie\Documents\Music notes
2016-11-27 00:14 - 2012-05-31 10:33 - 00000000 ____D C:\Users\valerie\Documents\Waltham Mill Railway 4th 20.8 KB

==================== Files in the root of some directories =======

2007-09-19 12:02 - 2007-09-19 12:02 - 0774144 _____ (RealNetworks, Inc.) C:\Program Files\RngInterstitial.dll
2010-04-06 19:23 - 2010-04-06 19:23 - 16409960 _____ (Safer Networking Limited ) C:\Program Files\spybotsd162.exe
2015-04-19 17:35 - 2015-04-20 07:00 - 0000053 _____ () C:\Users\valerie\AppData\Roaming\LogFile.txt
2007-10-15 18:05 - 2011-05-06 13:51 - 0000680 _____ () C:\Users\valerie\AppData\Local\d3d9caps.dat
2007-08-24 09:29 - 2016-12-26 09:10 - 0060928 _____ () C:\Users\valerie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-09-20 08:24 - 2010-11-27 19:35 - 0000118 _____ () C:\Users\valerie\AppData\Local\DownloadLog.txt
2011-05-21 15:10 - 2011-05-21 15:11 - 0000000 _____ () C:\Users\valerie\AppData\Local\{83FB0A07-5C3A-4242-839C-60C562C72A87}
2013-07-19 09:32 - 2013-07-19 09:32 - 15985837 _____ () C:\ProgramData\SPL51CD.tmp
2012-03-24 10:30 - 2012-03-24 10:30 - 2409340 _____ () C:\ProgramData\SPL5456.tmp
2013-10-20 08:46 - 2013-10-20 08:46 - 0597668 _____ () C:\ProgramData\SPL6315.tmp
2012-05-21 12:12 - 2012-05-21 12:12 - 0514329 _____ () C:\ProgramData\SPL777F.tmp
2012-05-21 11:33 - 2012-05-21 11:33 - 0514329 _____ () C:\ProgramData\SPL7F3E.tmp
2013-10-19 09:36 - 2013-10-19 09:36 - 0597668 _____ () C:\ProgramData\SPLAE87.tmp
2012-03-24 10:04 - 2012-03-24 10:04 - 2409340 _____ () C:\ProgramData\SPLCC55.tmp
2007-10-30 16:14 - 2007-10-30 16:14 - 0474688 _____ () C:\ProgramData\SPLCF13.tmp

Some files in TEMP:
====================
C:\Users\valerie\AppData\Local\Temp\DefaultPack.EXE
C:\Users\valerie\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\valerie\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\valerie\AppData\Local\Temp\vcredist_x86.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-26 23:53

==================== End of FRST.txt ============================

Addition Log:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-12-2016
Ran by valerie (27-12-2016 10:29:35)
Running from C:\Users\valerie\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2007-06-15 13:49:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1343853513-471013651-1662923988-500 - Administrator - Disabled)
Guest (S-1-5-21-1343853513-471013651-1662923988-501 - Limited - Enabled)
valerie (S-1-5-21-1343853513-471013651-1662923988-1000 - Administrator - Enabled) => C:\Users\valerie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

100% Hidden Objects (HKLM\...\BFG-100 Percent Hidden Objects) (Version: - )
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.45 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{7A9FC484-2002-39E6-EF93-990C8A0D6F96}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.3.0.2 - )
Bricks of Egypt (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version: - Oberon Media)
BT Broadband Talk Softphone 2.0 (HKLM\...\BT Broadband Talk Softphone Frontier_is1) (Version: - BT)
BTTotalBroadband220V (HKLM\...\BT Total Broadband 220V) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Chuzzle Deluxe 1.01 (HKLM\...\Chuzzle Deluxe 1.01) (Version: - )
CPUID HWMonitor 1.17 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Cradle of Egypt (HKLM\...\BFG-Cradle of Egypt) (Version: - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Epson Easy Photo Print 2 (HKLM\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
Epson Printer Software Downloader (HKLM\...\Epson Printer Software Downloader) (Version: - )
Epson Printer Software Downloader (Version: 2.0.0 - SEIKO EPSON CORPORATION) Hidden
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
Epson Stylus SX210_SX410_TX210_TX410 Manual (HKLM\...\Epson Stylus SX210_SX410_TX210_TX410 User’s Guide) (Version: - )
EPSON SX210 Series Printer Uninstall (HKLM\...\EPSON SX210 Series) (Version: - SEIKO EPSON Corporation)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
File Signature Verification (HKLM\...\chklogo) (Version: - Microsoft Corporation)
Garmin Communicator Plugin (HKLM\...\{EFF87108-C9D0-43F1-BEE1-28DA87778F1A}) (Version: 2.8.2 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{B1102A25-3AA3-446B-AA0F-A699B07A02FD}) (Version: 1.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{E0783143-EAE2-4047-A8D6-E155523C594C}) (Version: 2.4.2 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{4286E640-B5FB-11DF-AC4B-005056C00008}) (Version: 5.2.1.1588 - Google)
Google Earth (HKLM\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
HydraVision (Version: 4.2.152.0 - ATI Technologies Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Jar of Marbles (HKLM\...\BFG-Jar of Marbles) (Version: - )
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Jigs@w Puzzle 2 (HKLM\...\{E9618350-E3C0-450b-828A-33EB3F5A941A}) (Version: - Tibo Software)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech SetPoint 6.22 (HKLM\...\sp6) (Version: 6.22.24 - Logitech)
Luxor Bundle Pack (HKLM\...\BFG-Luxor Bundle Pack) (Version: - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Search Enhancement Pack (HKLM\...\{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}) (Version: 3.0.133.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 49.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 49.0.1 (x86 en-GB)) (Version: 49.0.1 - Mozilla)
Mozilla Firefox 50.1.0 (x86 en-GB) (HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Mozilla Firefox 50.1.0 (x86 en-GB)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 49.0.1 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\MyFreeCodec) (Version: - )
Noah's Ark Deluxe 1.1 (HKLM\...\Noah's Ark Deluxe 1.1) (Version: - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org Installer 1.0 (HKLM\...\{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}) (Version: 1.0.9221 - Sun Microsystems)
PCI Soft Voice SoftRing Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.0.0 - Conexant Systems)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
RealArcade (HKLM\...\RealArcade 1.2) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5404 - Realtek Semiconductor Corp.)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )
Samsung Mobile phone USB driver Software (HKLM\...\Samsung Mobile phone USB driver) (Version: - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )
Samsung PC Studio 3 USB Driver Installer (HKLM\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
ScanGuard 1.22.7 (HKLM\...\ScanGuard) (Version: 1.22.7 - ScanGuard)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype™ 7.3 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
System Requirements Lab for Intel (HKLM\...\{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}) (Version: 4.4.24.0 - Husdawg, LLC)
Tesco Easy Record (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 7.31 - Sonic Solutions)
Tesco Personal Finance 1.0 (HKLM\...\Tesco Personal Finance 1.0) (Version: - Tesco)
Tesco Photobook Creator (HKLM\...\Tesco Photobook Creator_is1) (Version: - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Vivitar Experience Image Manager (HKLM\...\Vivitar Experience Image Manager) (Version: - )
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Word Web Deluxe (HKLM\...\BFG-Word Web Deluxe) (Version: - )
Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
Yahoo! BrowserPlus 2.9.2 (HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version: - )
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{A4C68457-E642-4354-8E6E-873076FB9FB6}\InprocServer32 -> C:\Users\valerie\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\YBPAddon_2.9.2.dll (Yahoo! Inc.)
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> C:\Windows\SYSTEM32\actxprxy.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{DF2FCE13-25EC-45BB-9D4C-CECD47C2430C}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00174B35-32E4-44B9-940D-209ED9BACC9E} - System32\Tasks\{73AA2CD6-CAD3-4721-89B5-E3452E6AFAFA} => pcalua.exe -a "C:\Program Files\Tesco Personal Finance\uninstall.exe"
Task: {03E5FB7A-C722-4508-B574-8514F1A1C8D6} - System32\Tasks\SafeBytes.AutoScheduledScanWeekOne => C:\Program Files\SafeBytes\safebytes.exe
Task: {04F98558-1D21-49F5-98F0-E2CD3B4B3AE0} - System32\Tasks\{BBDD49CB-3815-4BD6-83EE-80159BD9F933} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{1C0FBAAA-02E1-4FA0-B68F-A17A2786D8B8}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {256A0AF9-EB2B-4675-A31E-DA1D00A5FB3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {43476512-A033-4A98-9EBA-EB4E8EABBAF8} - System32\Tasks\{59AF0045-13DB-4F00-958F-5FAD84A0C32A} => pcalua.exe -a K:\setup.exe -d K:\
Task: {4B12814A-0278-4AE2-942A-2C2D76FCBB93} - System32\Tasks\Epson Printer Software Downloader => C:\Program Files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26] (SEIKO EPSON CORPORATION)
Task: {5D2E770A-163C-4DBD-9461-78004ABA254E} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {67F29650-86CE-4A2D-BC3E-9DB0EACA13CF} - System32\Tasks\{3660E0B3-09A1-4A9A-9284-36C25AA3FE35} => pcalua.exe -a "C:\Program Files\MSN Games\Bricks of Egypt\Uninstall.exe" -c "C:\Program Files\MSN Games\Bricks of Egypt\install.log"
Task: {6D6B60DB-E737-47EC-BB52-BE392745BBEC} - System32\Tasks\{708ED796-EFCC-4AA5-B076-56E5FFECC07D} => pcalua.exe -a "C:\Program Files\PopCap Games\Noah's Ark Deluxe\PopUninstall.exe" -c "C:\Program Files\PopCap Games\Noah's Ark Deluxe\Install.log"
Task: {73562AC1-83E0-465E-AC0D-9A2F9D45EC59} - System32\Tasks\{BF35C40C-9B64-41B7-87AF-DD649973324B} => pcalua.exe -a "C:\Users\valerie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H803DTMW\BTBroadbandDesktopHelpUpgradeAdvisor[1].exe" -d C:\Users\valerie\Desktop
Task: {7FAA36D6-D12C-480D-A53C-9E4189AFAA69} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {814AF987-DF13-466A-9BBF-731FA9ED9F19} - System32\Tasks\{3F37112C-66E7-40F1-989D-0B4323D482FB} => pcalua.exe -a "C:\Users\valerie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ENJZG3OM\RealArcade-Installer_superjigsawlandscapes_ambient[1].exe" -d C:\Users\valerie\Desktop
Task: {831BB630-6178-4F11-AD02-D0990759372A} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {BE0A69F2-645D-48D9-96FC-F6F77AFF52B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
Task: {E45873CE-73E0-47C0-B992-B78961396371} - System32\Tasks\IHUninstallTrackingTASK => /C DEL C:\Users\valerie\AppData\Local\Temp\IHU8323.tmp.exe <==== ATTENTION
Task: {E8817263-B960-4694-AB18-D90D885080B3} - System32\Tasks\User_Feed_Synchronization-{FD04D118-7ADD-45FF-9BC4-CC3188C3ED40}
Task: {EE03B125-D2BE-45C6-A291-FA1435F5EF9C} - System32\Tasks\Microsoft\Windows\RestartManager\{01F03597-8273-4e5d-9D17-DC769DB71D28} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {F47ABE44-D9A3-4515-850C-6A99F3D73241} - System32\Tasks\SafeBytes.AutoScheduledScanPostWeekOne => C:\Program Files\SafeBytes\safebytes.exe
Task: {F7631F9D-7067-4EB7-A10E-B954351C3BBE} - System32\Tasks\{E47480C0-5F1D-4DB3-9730-5777A95CAED0} => pcalua.exe -a "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall ENTERPRISE /dll OSETUP.DLL
Task: {FD7E32D2-FADB-4899-ADF0-57015DD687FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Epson Printer Software Downloader.job => C:\Program Files\EPSON\EPAPDL\E_SAPDL2.EXE
Task: C:\Windows\Tasks\ParetoLogic Registration.job => rundll32.exe C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version2.job => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-12-14 11:44 - 2016-12-07 19:15 - 00020592 _____ () C:\Program Files\ScanGuard\SecurityService.exe
2016-12-14 11:44 - 2016-04-15 16:44 - 00062976 _____ () C:\Program Files\ScanGuard\LinqBridge.dll
2016-12-14 11:44 - 2016-12-07 19:14 - 00138240 _____ () C:\Program Files\ScanGuard\AviraLib.dll
2016-12-14 11:44 - 2016-12-07 19:13 - 00240128 _____ () C:\Program Files\ScanGuard\Utilizr.dll
2016-12-14 11:44 - 2016-12-07 19:14 - 00731136 _____ () C:\Program Files\ScanGuard\Engine.Win.dll
2016-12-14 11:44 - 2016-12-07 19:13 - 00019968 _____ () C:\Program Files\ScanGuard\Utilizr.VPN.Win.dll
2016-12-14 11:44 - 2016-12-07 19:14 - 00096256 _____ () C:\Program Files\ScanGuard\SSCore.dll
2014-12-09 17:47 - 2009-03-12 15:45 - 00135168 ____N () C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2014-12-09 17:47 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:4A93D042 [225]
AlternateDataStreams: C:\ProgramData\TEMP:571CCF8E [476]
AlternateDataStreams: C:\ProgramData\TEMP:639BB5E9 [245]
AlternateDataStreams: C:\ProgramData\TEMP:8684F6F0 [216]
AlternateDataStreams: C:\ProgramData\TEMP:9F683177 [266]
AlternateDataStreams: C:\ProgramData\TEMP:BC8E9899 [516]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\vodafone.net -> hxxps://www.vodafone.net

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 10:23 - 2015-04-17 23:00 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\valerie\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^valerie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupfolder: C:^Users^valerie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: EzPrint => "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
MSCONFIG\startupreg: FaxCenterServer => "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LXCYCATS => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
MSCONFIG\startupreg: lxcymon.exe => "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
MSCONFIG\startupreg: Pareto_Update => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [WMP-Out-TCP] => C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP] => C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP] => C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{AEDAB11D-CFFF-4E5E-9E43-4D5B2ABCEE1B}] => C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{20796941-55A5-44E0-A447-EDE04A5EE083}] => C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{AC4A77F3-F6B7-41F9-A429-F2F5CE280A08}] => C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [TCP Query User{E6CA3C00-5519-4994-A7E3-976645D87974}C:\program files\epson software\event manager\eeventmanager.exe] => C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{12CB731C-E8BF-4855-9F10-764CAF032411}C:\program files\epson software\event manager\eeventmanager.exe] => C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{BF02D282-94B4-4EB4-8926-4CDD35E2B611}] => C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{21AB6C23-E1F0-4651-9EA0-30A05C6B72D5}] => C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{87C5C7B5-D630-4555-AD71-EA00B492AA10}] => C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [TCP Query User{32621554-6D90-4ECC-91F2-4A713E27C001}C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe] => C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [UDP Query User{7048D18E-36E5-4444-8B86-9F9CB8581D5F}C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe] => C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [TCP Query User{2841122D-18EA-4CDA-9435-D73B1E3AE746}C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe] => C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe
FirewallRules: [UDP Query User{9792310B-05ED-4F60-B20D-453427C663C6}C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe] => C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe
FirewallRules: [TCP Query User{E904E664-5DCF-48B2-ACC4-0FA1C248A64C}C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe] => C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [UDP Query User{6596FC35-5965-4B26-95D2-78172F63A891}C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe] => C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [TCP Query User{270282F2-360D-4FB6-BCF2-1845A3BBE9CE}C:\program files\epson software\event manager\eeventmanager.exe] => C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{C598AE8C-F85E-4A55-A068-8322101DC0FE}C:\program files\epson software\event manager\eeventmanager.exe] => C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{5A5C9057-1704-4DF1-867A-CCFFA51F5934}] => C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{0ACBFECB-FB93-47FC-B7AB-18E12B8AB392}] => C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{61D60731-9D46-43EA-9407-6F1835039F5D}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{ACA465BC-393A-4CEF-8E32-250175449795}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F03337FE-1015-4BB8-8321-44929E3B1C85}] => C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

06-09-2016 07:33:05 Windows Update
07-09-2016 07:22:56 Scheduled Checkpoint
07-09-2016 23:01:30 Scheduled Checkpoint
09-09-2016 07:42:26 Scheduled Checkpoint
10-09-2016 07:24:39 Scheduled Checkpoint
11-09-2016 15:32:18 Scheduled Checkpoint
12-09-2016 07:06:38 Scheduled Checkpoint
13-09-2016 06:35:27 Windows Update
11-10-2016 16:54:55 Installed Speed Fix Tool Plus
11-10-2016 22:23:52 Removed Speed Fix Tool Plus
14-12-2016 11:42:28 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
16-12-2016 13:50:12 Windows Update
23-12-2016 09:23:34 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/27/2016 09:56:50 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3LU1VB8P.DEFAULT-1475517116985\SESSIONSTORE-BACKUPS\RECOVERY.JS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (12/27/2016 09:56:50 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3LU1VB8P.DEFAULT-1475517116985\SESSIONSTORE-BACKUPS\RECOVERY.JS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (12/27/2016 09:56:03 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3LU1VB8P.DEFAULT-1475517116985\SAFEBROWSING-BACKUP> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (12/27/2016 09:56:03 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3LU1VB8P.DEFAULT-1475517116985\SAFEBROWSING-BACKUP> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (12/26/2016 11:47:59 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\FACEBOOK.PNG> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (12/26/2016 11:47:59 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\FACEBOOK.PNG> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (12/26/2016 11:47:57 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\DROPDOWN.PNG> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (12/26/2016 11:47:57 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\DROPDOWN.PNG> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (12/26/2016 11:47:57 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\CONNECTION.PNG> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (12/26/2016 11:47:57 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\CONNECTION.PNG> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (12/26/2016 11:36:05 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
WNMFLT

Error: (12/26/2016 11:36:05 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The PC Security Management Service service has reported an invalid current state 0.

Error: (12/26/2016 11:36:05 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The PC Security Management Service service has reported an invalid current state 0.

Error: (12/26/2016 11:27:06 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
WNMFLT

Error: (12/26/2016 11:27:05 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The PC Security Management Service service has reported an invalid current state 0.

Error: (12/26/2016 11:27:05 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The PC Security Management Service service has reported an invalid current state 0.

Error: (12/26/2016 11:23:14 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (12/26/2016 08:55:04 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
WNMFLT

Error: (12/26/2016 08:54:47 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The PC Security Management Service service has reported an invalid current state 0.

Error: (12/26/2016 08:54:47 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The PC Security Management Service service has reported an invalid current state 0.


CodeIntegrity:
===================================
Date: 2016-12-14 14:37:52.294
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-12-14 14:37:51.511
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-12-14 14:37:50.617
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-12-14 14:37:49.619
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-12-14 14:37:41.853
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-12-14 14:37:41.063
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-12-14 14:37:40.256
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-12-14 14:37:39.235
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-12-14 14:37:37.032
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-12-14 14:37:34.789
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) D CPU 3.00GHz
Percentage of memory in use: 73%
Total physical RAM: 2037.44 MB
Available physical RAM: 543.27 MB
Total Virtual: 4320.12 MB
Available Virtual: 2040.73 MB

==================== Drives ================================

Drive c: (Partition_1) (Fixed) (Total:221.69 GB) (Free:109.27 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:11.19 GB) (Free:3.29 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 063912D2)
Partition 1: (Active) - (Size=221.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

aswMBR Log:

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-12-27 10:40:29
-----------------------------
10:40:29.893 OS Version: Windows 6.0.6002 Service Pack 2
10:40:29.894 Number of processors: 2 586 0x602
10:40:29.897 ComputerName: REPLACEMENTPC UserName: valerie
10:40:53.966 Initialize success
10:40:54.549 VM: initialized successfully
10:40:54.554 VM: Intel CPU supported
10:40:58.953 VM: disk I/O atapi.sys
10:45:30.447 The log file has been saved successfully to "C:\Users\valerie\Desktop\aswMBR.txt"


Many thanks.

Juliet
2016-12-27, 19:45
Let's see if we can make it run better.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction ? <======= ATTENTION
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {D3B96B60-60D2-4750-A2F3-89C0CDB26A9E} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {F8EBD1FA-411D-4840-848F-74F59FE14D41} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^GB&gct=&itbv=12.24.1.51&apn_uid=FB598443-4F0C-4C01-8747-34C81DFE66D9&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^GB&apn_dbr=ie_9.0.8112.16636&doi=2015-04-15&trgb=IE&q={searchTerms}&psv=&pt=tb
Toolbar: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-25] (Oracle Corporation)
S4 blbdrive; no ImagePath
S3 IpInIp; no ImagePath
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
S3 NwlnkFlt; no ImagePath
S3 NwlnkFwd; no ImagePath
S3 PavSRK.sys; no ImagePath
S3 PavTPK.sys; no ImagePath
S1 WNMFLT; no ImagePath
C:\Users\valerie\AppData\Local\Temp\DefaultPack.EXE
C:\Users\valerie\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\valerie\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\valerie\AppData\Local\Temp\vcredist_x86.exe
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:4A93D042 [225]
AlternateDataStreams: C:\ProgramData\TEMP:571CCF8E [476]
AlternateDataStreams: C:\ProgramData\TEMP:639BB5E9 [245]
AlternateDataStreams: C:\ProgramData\TEMP:8684F6F0 [216]
AlternateDataStreams: C:\ProgramData\TEMP:9F683177 [266]
AlternateDataStreams: C:\ProgramData\TEMP:BC8E9899 [516]
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop.
In order to use AdwCleaner, you have to agree the Eula:
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click http://i.imgur.com/A49sxPr.png Scan.
Upon completion, click http://i.imgur.com/6cyn5v5.png Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click http://i.imgur.com/MqHawIb.png Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


~~~
please post
Fixlog.txt
AdwCleaner[C1].txt
JRT.txt

Charval
2016-12-28, 12:14
Hi Juliet,

We had some problems with Adware - some of the files we had to manually delete as the program kept hanging at teh cleaning part. we ended up doing it in small sections, so ther are 2 clean logs - plus the files we manually deleted - so we eventually ended up with a clean scan.

FixLog:

Fix result of Farbar Recovery Scan Tool (x86) Version: 21-12-2016
Ran by valerie (27-12-2016 19:42:43) Run:2
Running from C:\Users\valerie\Desktop
Loaded Profiles: valerie (Available Profiles: valerie)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction ? <======= ATTENTION
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {D3B96B60-60D2-4750-A2F3-89C0CDB26A9E} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {F8EBD1FA-411D-4840-848F-74F59FE14D41} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^GB&gct=&itbv=12.24.1.51&apn_uid=FB598443-4F0C-4C01-8747-34C81DFE66D9&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^GB&apn_dbr=ie_9.0.8112.16636&doi=2015-04-15&trgb=IE&q={searchTerms}&psv=&pt=tb
Toolbar: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-25] (Oracle Corporation)
S4 blbdrive; no ImagePath
S3 IpInIp; no ImagePath
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
S3 NwlnkFlt; no ImagePath
S3 NwlnkFwd; no ImagePath
S3 PavSRK.sys; no ImagePath
S3 PavTPK.sys; no ImagePath
S1 WNMFLT; no ImagePath
C:\Users\valerie\AppData\Local\Temp\DefaultPack.EXE
C:\Users\valerie\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\valerie\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\valerie\AppData\Local\Temp\vcredist_x86.exe
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:4A93D042 [225]
AlternateDataStreams: C:\ProgramData\TEMP:571CCF8E [476]
AlternateDataStreams: C:\ProgramData\TEMP:639BB5E9 [245]
AlternateDataStreams: C:\ProgramData\TEMP:8684F6F0 [216]
AlternateDataStreams: C:\ProgramData\TEMP:9F683177 [266]
AlternateDataStreams: C:\ProgramData\TEMP:BC8E9899 [516]
EmptyTemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"C:\Windows\system32\GroupPolicy\Machine" => not found.
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D3B96B60-60D2-4750-A2F3-89C0CDB26A9E} => key not found.
HKCR\CLSID\{D3B96B60-60D2-4750-A2F3-89C0CDB26A9E} => key not found.
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => key not found.
HKCR\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => key not found.
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F8EBD1FA-411D-4840-848F-74F59FE14D41} => key not found.
HKCR\CLSID\{F8EBD1FA-411D-4840-848F-74F59FE14D41} => key not found.
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => value not found.
HKCR\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7} => key not found.
HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.111.2 => key not found.
"C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll" => not found.
HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.111.2 => key not found.
"C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll" => not found.
blbdrive => service not found.
IpInIp => service not found.
MBAMSwissArmy => service not found.
MREMP50 => service not found.
MREMPR5 => service not found.
MRENDIS5 => service not found.
MRESP50 => service not found.
NwlnkFlt => service not found.
NwlnkFwd => service not found.
PavSRK.sys => service not found.
PavTPK.sys => service not found.
WNMFLT => service not found.
"C:\Users\valerie\AppData\Local\Temp\DefaultPack.EXE" => not found.
"C:\Users\valerie\AppData\Local\Temp\jre-8u101-windows-au.exe" => not found.
"C:\Users\valerie\AppData\Local\Temp\jre-8u111-windows-au.exe" => not found.
"C:\Users\valerie\AppData\Local\Temp\vcredist_x86.exe" => not found.
"C:\ProgramData\TEMP" => ":2CB9631F" ADS not found.
"C:\ProgramData\TEMP" => ":4A93D042" ADS not found.
"C:\ProgramData\TEMP" => ":571CCF8E" ADS not found.
"C:\ProgramData\TEMP" => ":639BB5E9" ADS not found.
"C:\ProgramData\TEMP" => ":8684F6F0" ADS not found.
"C:\ProgramData\TEMP" => ":9F683177" ADS not found.
"C:\ProgramData\TEMP" => ":BC8E9899" ADS not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 2105896 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 0 B
valerie => 636712673 B

RecycleBin => 838770238 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:45:17 ====

JRT Log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows Vista (TM) Home Premium x86
Ran by valerie (Administrator) on 27/12/2016 at 21:56:37.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 81

Failed to delete: C:\Program Files\scanguard (Folder)
Failed to delete: C:\Users\valerie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZ6MJFND (Temporary Internet Files Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{0582FCDD-4BBE-4723-AAB7-731766650E8D} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{065DEBD7-E533-49CB-85D7-5D29A59528F9} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{072DCDB8-AA3E-4EDC-B738-5924A705DDEC} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{0B3F1270-D0FD-4353-AC26-CF0759110E8F} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{0BF23054-F3D6-436F-A7FD-308BBF90AD4F} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{0EDE907E-FEA1-459A-887A-182A5D0A50F0} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{1380C9AA-46A4-4214-85ED-2792CAF913A9} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{198E487D-2535-478F-8D64-2ECBD5491A15} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{1D142227-659F-4E72-906D-3A5FF68326E7} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{241C85B5-0B1D-424E-A07B-EAD067103983} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{24310BEA-EF72-4DED-A57B-C8EA497AA5F6} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{2447154A-5518-40FC-BC9D-E381A60FAA31} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{2EB6A4C7-49E5-4234-A381-25817B2182FE} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{322D01DC-305B-446A-86EA-B1FF2ED72623} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{32603009-819E-4ABC-AE06-DEA121BB3F95} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{34155C4C-975E-46FD-BD62-A8C92349DE91} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{3A76B8A7-9CB9-446F-B9B8-2B1484DEB99F} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{3C4773BA-8B51-441A-B7EA-C7D108103CCA} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{464426C1-A114-486F-93C5-ED8F573EBE8B} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{46C567FF-1814-46AA-B011-86D5F3EAB5EC} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{4C1D5001-01FD-4D35-A653-DCBEC95BC254} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{577D9B8B-8CB5-404A-A710-E53143140B17} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{62CBAE61-2CF9-4A67-B0CD-B63568285581} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{64FB2646-38C4-4F28-83B2-D1B3C4C088C4} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{682CF16D-ED4C-4805-87B4-A06A1845C173} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{68D0A0BC-628D-40C5-B78E-D091AD1C13D5} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{6E81CBAB-3B8C-4AED-B4FB-245E18744726} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{6FDBB836-0A44-4352-B0D3-E13E7C34A0D0} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{7157CC3F-3ED7-4E9F-B8C0-E14526563930} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{7352B873-6254-4719-AC04-17A2ECB77DA1} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{748F9D72-9CB4-45FE-80AD-F7A2273766CE} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{77951D2A-03D8-4DA7-9C77-C158654537E9} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{88ACE350-0C5C-4EAB-937A-D5FCF87FC1C6} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{8AA44A63-3994-4A9D-90A7-B592E4F35659} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{9261DDC4-A905-4B73-9B61-8F57E097773E} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{987A404B-B0FB-4645-B191-7156926735E7} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{A577FB38-E488-46BF-B796-9A577EC24F3A} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{AEE789C1-305E-4CE6-B486-61B04DCCF05A} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{AFA5CB65-00E6-4EED-B9D4-3E2F97EC65B9} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{B356DF2B-46BE-450A-A81F-00BB4A298BB6} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{B6113805-D4FE-4EF6-9094-776C045E7DE4} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{B935E624-FAB8-42C2-986C-248667092518} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{BBFF8A5B-2088-41B7-B04C-EAA8FBF0049C} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{C837F331-67AB-4624-9049-9C144D264C54} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{C96C287A-3D25-467B-AFC3-4316D9D50D22} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{CE4EEE5F-6F4F-4997-ADF3-5BE42F4E9A71} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{CFBC5F11-08EA-4467-83A1-449218D6617A} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{D51A1046-1E59-4465-9E43-530E948390AB} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{DD0F0B80-1AAE-45C1-BB54-D8B2E3BE4F28} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{F2CCBB15-62DD-484E-9DBC-63C887D8F217} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{F3CC7D77-101F-484A-95A8-4310B930AF03} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{F90D1409-D798-47A7-8244-CB6625528F00} (Empty Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\{FCB4B6D4-D467-48DE-9518-93D4CBC5D4B3} (Empty Folder)
Successfully deleted: C:\Windows\Tasks\ParetoLogic Registration.job (Task)
Successfully deleted: C:\Windows\Tasks\ParetoLogic Update Version2.job (Task)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\ProgramData\SPL51CD.tmp (File)
Successfully deleted: C:\ProgramData\SPL5456.tmp (File)
Successfully deleted: C:\ProgramData\SPL6315.tmp (File)
Successfully deleted: C:\ProgramData\SPL777F.tmp (File)
Successfully deleted: C:\ProgramData\SPL7F3E.tmp (File)
Successfully deleted: C:\ProgramData\SPLAE87.tmp (File)
Successfully deleted: C:\ProgramData\SPLCC55.tmp (File)
Successfully deleted: C:\ProgramData\SPLCF13.tmp (File)
Successfully deleted: C:\Users\valerie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01F6VRGH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CS4LRVR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8O9WY3NO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96RNQN8Y (Temporary Internet Files Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6224GP6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F11XQAO7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\valerie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N4XJXWGL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01F6VRGH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CS4LRVR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8O9WY3NO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96RNQN8Y (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZ6MJFND (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6224GP6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F11XQAO7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N4XJXWGL (Temporary Internet Files Folder)



Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27/12/2016 at 22:08:58.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Adware Log:

C1

# AdwCleaner v6.041 - Logfile created 27/12/2016 at 20:31:18
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-26.3 [Local]
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (X86)
# Username : valerie - REPLACEMENTPC
# Running from : C:\Users\valerie\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[!] Folder not deleted: C:\Users\valerie\AppData\Local\AskPartnerNetwork
[!] Folder not deleted: C:\Users\valerie\AppData\Local\DriverToolkit
[!] Folder not deleted: C:\Users\valerie\AppData\Local\YSearchUtil
[!] Folder not deleted: C:\Users\valerie\AppData\LocalLow\Yahoo!\Companion
[!] Folder not deleted: C:\Users\valerie\AppData\Roaming\SparkTrust
[!] Folder not deleted: C:\Users\valerie\AppData\Roaming\Yahoo!\Companion
[!] Folder not deleted: C:\ProgramData\apn
[!] Folder not deleted: C:\ProgramData\AskPartnerNetwork
[!] Folder not deleted: C:\ProgramData\SparkTrust
[!] Folder not deleted: C:\ProgramData\Application Data\apn
[!] Folder not deleted: C:\ProgramData\Application Data\AskPartnerNetwork
[!] Folder not deleted: C:\ProgramData\Application Data\SparkTrust
[!] Folder not deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[!] Folder not deleted: C:\Program Files\DriverToolkit
[!] Folder not deleted: C:\Program Files\Yahoo!\Companion
[!] Folder not deleted: C:\Program Files\Yahoo!\yset
[!] Folder not deleted: C:\Windows\system32\config\systemprofile\AppData\Local\YSearchUtil
[!] Folder not deleted: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Yahoo! Companion
[!] Folder not deleted: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Yahoo!\Companion
[!] Folder not deleted: C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo


***** [ Files ] *****

[-] File deleted: C:\Program Files\Yahoo!\Common\unyt.exe
[-] File deleted: C:\Users\valerie\AppData\Roaming\Mozilla\Firefox\Profiles\3lu1vb8p.default-1475517116985\extensions\jid1-16aeif9OQIRKxA@jetpack.xpi


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****

[-] Task deleted: IHUninstallTrackingTASK


***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.DataStore
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.DataStore.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.StringList
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.StringList.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.CacheLoader
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.Clickstream
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.Clickstream.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTHelper
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTHelper.2
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YToolbarBand
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl
[-] Key deleted: HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YCAAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YCAAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTBM.YTBMButton
[-] Key deleted: HKLM\SOFTWARE\Classes\YTBM.YTBMButton.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance
[-] Key deleted: HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F9A10D86-182A-4946-869B-70C3D109D14D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F5CC67F7-F6BA-44E3-98EC-EA17D17E6479}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3C16E079-E4C7-493C-BE9F-E0F2BB0B7430}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{7DB8B625-DBF0-4491-B544-5A06F7B17BB4}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9DE77B51-89F6-468E-9402-16050382E950}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{884189CF-7C10-41E8-A014-F7B2BE40AADB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BD125908-5F10-409F-9C01-F2207CA18887}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}
[-] Key deleted: HKU\.DEFAULT\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\AskPartnerNetwork
[-] Key deleted: HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\distromatic
[-] Key deleted: HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\DriverToolkit
[-] Key deleted: HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\SparkTrust\SparkTrust PC Cleaner Plus
[-] Key deleted: HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\SparkTrust\UNS\SparkTrust PC Cleaner Plus
[-] Key deleted: HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\sparktrust
[-] Key deleted: HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4F524A2D-5350-4500-76A7-A758B70C1801}
[-] Key deleted: HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec
[-] Key deleted: HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! SearchSet
[-] Key deleted: HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\AskPartnerNetwork
[#] Key deleted on reboot: HKCU\Software\distromatic
[#] Key deleted on reboot: HKCU\Software\DriverToolkit
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\SparkTrust\SparkTrust PC Cleaner Plus
[#] Key deleted on reboot: HKCU\Software\SparkTrust\UNS\SparkTrust PC Cleaner Plus
[#] Key deleted on reboot: HKCU\Software\sparktrust
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\AskPartnerNetwork
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\SparkTrust\SparkTrust PC Cleaner Plus
[-] Key deleted: HKLM\SOFTWARE\sparktrust
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4F524A2D-5350-4500-76A7-A758B70C1801}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! SearchSet
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89EA4F1B8FBCDEF47AE328E455E28AA0
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97ECFF59EE08D4F47BB1464DEC37DA87
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8CB937199A57E748B6AC433DA453EE2
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B4E78E12704AFCE408C7FBE501F1AA0A
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6A54B56C58C82a4688AFB93F42EA17B
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F0390A76D28822743A68D7F1AB22E6D0
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A5AC497E6BBC8D45BE8AD6619DA8217
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\yt.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTBM.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTNavAssist.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\npdicihegicnhaangkdmcgbjceoemeoo


***** [ Web browsers ] *****

[!] [uk.ask.com] [Search ProviderWeb data] not deleted:
[!] [uk.searchnow.com] [Search ProviderWeb data] not deleted:
[!] [npdicihegicnhaangkdmcgbjceoemeoo] [extensionSecure Preferences ] not deleted:


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [20128 Bytes] - [27/12/2016 20:31:18]
C:\AdwCleaner\AdwCleaner[S0].txt - [19174 Bytes] - [27/12/2016 20:03:56]
C:\AdwCleaner\AdwCleaner[S1].txt - [19247 Bytes] - [27/12/2016 20:20:29]
C:\AdwCleaner\AdwCleaner[S2].txt - [19321 Bytes] - [27/12/2016 20:29:25]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [20424 Bytes] ##########

C2

# AdwCleaner v6.041 - Logfile created 27/12/2016 at 21:03:20
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-26.3 [Local]
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (X86)
# Username : valerie - REPLACEMENTPC
# Running from : C:\Users\valerie\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[!] Folder not deleted: C:\Users\valerie\AppData\Local\AskPartnerNetwork
[!] Folder not deleted: C:\Users\valerie\AppData\Local\DriverToolkit
[!] Folder not deleted: C:\Users\valerie\AppData\Local\YSearchUtil
[!] Folder not deleted: C:\Users\valerie\AppData\LocalLow\Yahoo!\Companion
[!] Folder not deleted: C:\Users\valerie\AppData\Roaming\SparkTrust
[!] Folder not deleted: C:\Users\valerie\AppData\Roaming\Yahoo!\Companion
[!] Folder not deleted: C:\ProgramData\apn
[!] Folder not deleted: C:\ProgramData\AskPartnerNetwork
[!] Folder not deleted: C:\ProgramData\Application Data\apn
[!] Folder not deleted: C:\ProgramData\Application Data\AskPartnerNetwork
[!] Folder not deleted: C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****

[-] [C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: uk.ask.com
[-] [C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: uk.searchnow.com
[-] [C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: npdicihegicnhaangkdmcgbjceoemeoo


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [20504 Bytes] - [27/12/2016 20:31:18]
C:\AdwCleaner\AdwCleaner[C2].txt - [2022 Bytes] - [27/12/2016 21:03:20]
C:\AdwCleaner\AdwCleaner[S0].txt - [19174 Bytes] - [27/12/2016 20:03:56]
C:\AdwCleaner\AdwCleaner[S1].txt - [19247 Bytes] - [27/12/2016 20:20:29]
C:\AdwCleaner\AdwCleaner[S2].txt - [19321 Bytes] - [27/12/2016 20:29:25]
C:\AdwCleaner\AdwCleaner[S3].txt - [3047 Bytes] - [27/12/2016 20:38:38]
C:\AdwCleaner\AdwCleaner[S4].txt - [3120 Bytes] - [27/12/2016 20:52:46]
C:\AdwCleaner\AdwCleaner[S5].txt - [2603 Bytes] - [27/12/2016 21:02:36]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2536 Bytes] ##########

These are the folders that we manually deleted.

Many thanks

Charval
2016-12-28, 12:31
Just realised that I have posted the Fixlog you gave us, here's the Fixlist

start
CreateRestorePoint:
CloseProcesses:
C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe
C:\Users\valerie\AppData\Local\Temp\APNSetup.exe
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\2522d6cb-51727cbf
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\5adc8ecb-68fd50c7
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\67b8e50d-318f1afd
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\34da9697-55ad39d9
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5b9b465b-349f0691
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\51a00022-647d41c5
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\58dc5268-4fd1fa2f
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\6f0aa3aa-59e28241
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\511c2e2f-28e933c2
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\209caf7f-3e8471b1
EmptyTemp:
End

Juliet
2016-12-28, 13:16
some of the files we had to manually delete as the program kept hanging at teh cleaning part. we ended up doing it in small sections, so ther are 2 clean logs - plus the files we manually deleted - so we eventually ended up with a clean scan.

I am so glad you did that, many would had stopped there.

Are you seeing any improvements?

~~~~~~~~~~~

Please download the Malwarebytes Anti-Malware (https://downloads.malwarebytes.org/file/mbam) setup file to your Desktop.

OR from this location Here (https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/)


Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs, followed by the first Scan Log.
Click Export, followed by Copy to Clipboard. Paste the log in your next reply.

Charval
2016-12-28, 20:18
Hi Juliet,

I have unnstalled some programs that are not needed - Ask toolbar, Yahoo browser / tool bar, Google tool bar & Google Chrome as it isn't supported on Vista anymore - couldn't open the program. Al these were done before reboot but after the scan was run.

Computer still slow, but better than it has been.

here's the Malbytes log:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/28/16
Scan Time: 3:44 PM
Logfile: Malwarebytes.txt
Administrator: Yes

-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.877
License: Trial

-System Information-
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: replacementpc\valerie

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 271604
Time Elapsed: 1 hr, 39 min, 23 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 2
PUP.Optional.ScanGuard, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SECURITYSERVICE, Delete-on-Reboot, [2767], [347132],1.0.877
PUP.Optional.ScanGuard, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ScanGuard, Delete-on-Reboot, [2767], [347134],1.0.877

Registry Value: 1
PUP.Optional.ScanGuard, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SECURITYSERVICE|IMAGEPATH, Delete-on-Reboot, [2767], [347132],1.0.877

Data Stream: 0
(No malicious items detected)

Folder: 90
PUP.Optional.PCMightyMax, C:\Users\valerie\AppData\Roaming\PCMM2009\diagnostic, Delete-on-Reboot, [13481], [234594],1.0.877
PUP.Optional.PCMightyMax, C:\USERS\VALERIE\APPDATA\ROAMING\PCMM2009, Delete-on-Reboot, [13481], [234594],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\widget-api\widgets\topapps\css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\widget-api\widgets\weather\css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\widget-api\widgets\radio\css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\defaultSearch\foreground, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\components\embedscript\html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\widget-api\widgets\topapps, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\widget-api\widgets\weather, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\components\embedhtml\html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\widget-api\widgets\radio, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\widget-api\widgets\test, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\components\embedscript, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\components\flare\icons, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\components\menu\images, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\radio\radioWrapper, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\widget-api\widgets\rss, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\moviereviews\html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\components\embedhtml, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\components\menu\html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\moviereviews\css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\components\menu\css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\widget-api\widgets, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\defaultSearch, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\supertab\html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\moviereviews, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\supertab\css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\components\flare, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\components\menu, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\search\html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\api\window, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\radio\css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\supertab, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\components, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\search, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\widget-api, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\radio, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\api, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\_metadata, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\images, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\shared, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\icons, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\USERS\VALERIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\POBEGIHDJNIEFKLCNKENODEPCHEBOFNN, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\widget-api\widgets\topapps\css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\widget-api\widgets\weather\css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\widget-api\widgets\radio\css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\defaultSearch\foreground, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\components\embedscript\html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\widget-api\widgets\topapps, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\widget-api\widgets\weather, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\components\embedhtml\html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\widget-api\widgets\radio, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\widget-api\widgets\test, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\components\embedscript, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\components\flare\icons, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\components\menu\images, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\radio\radioWrapper, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\widget-api\widgets\rss, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\moviereviews\html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\components\embedhtml, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\components\menu\html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\moviereviews\css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\components\menu\css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\widget-api\widgets, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\defaultSearch, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\supertab\html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\moviereviews, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\supertab\css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\components\flare, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\components\menu, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\search\html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\api\window, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\radio\css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\supertab, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\components, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\search, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\widget-api, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\radio, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\api, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\_metadata, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\images, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\shared, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\icons, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\USERS\VALERIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MDIFMMBIBDALCLBBOJMGGOLMKJOLLAHI, Delete-on-Reboot, [343], [301932],1.0.877

File: 187
PUP.Optional.PCMightyMax, C:\USERS\VALERIE\APPDATA\ROAMING\LICENSES\PCMIGHTYMAXD02439F6-C1DD-4F7B-9B01-93B9351D1876, Delete-on-Reboot, [13481], [234593],1.0.877
PUP.Optional.TotalSystemCare, C:\$RECYCLE.BIN\S-1-5-21-1343853513-471013651-1662923988-1000\$R7BIX86.EXE, Delete-on-Reboot, [2379], [352854],1.0.877
PUP.Optional.ScanGuard, C:\$RECYCLE.BIN\S-1-5-21-1343853513-471013651-1662923988-1000\$RV2DTT0.EXE, Delete-on-Reboot, [2767], [347644],1.0.877
PUP.Optional.OpenCandy, C:\$RECYCLE.BIN\S-1-5-21-1343853513-471013651-1662923988-1000\$RPOT547.EXE, Delete-on-Reboot, [645], [123245],1.0.877
PUP.Optional.ScanGuard, C:\$RECYCLE.BIN\S-1-5-21-1343853513-471013651-1662923988-1000\$RSRGNG7.EXE, Delete-on-Reboot, [2767], [347644],1.0.877
PUP.Optional.PCMightyMax, C:\USERS\VALERIE\APPDATA\ROAMING\PCMM2009\PCMM2009-CONFIGURATION, Delete-on-Reboot, [13481], [234594],1.0.877
PUP.Optional.PCMightyMax, C:\Users\valerie\AppData\Roaming\PCMM2009\diagnostic\last-scan, Delete-on-Reboot, [13481], [234594],1.0.877
PUP.Optional.ScanGuard, C:\PROGRAM FILES\SCANGUARD\SECURITYSERVICE.EXE, Delete-on-Reboot, [2767], [347132],1.0.877
PUP.Optional.ScanGuard, C:\$RECYCLE.BIN\S-1-5-21-1343853513-471013651-1662923988-1000\$RBFQR9M.EXE, Delete-on-Reboot, [2767], [347644],1.0.877
PUP.Optional.TotalSystemCare, C:\$RECYCLE.BIN\S-1-5-21-1343853513-471013651-1662923988-1000\$R7KEKH6.EXE, Delete-on-Reboot, [2379], [352854],1.0.877
PUP.Optional.TotalSystemCare, C:\$RECYCLE.BIN\S-1-5-21-1343853513-471013651-1662923988-1000\$RAA3SLW.EXE, Delete-on-Reboot, [2379], [352854],1.0.877
PUP.Optional.MindSpark, C:\USERS\VALERIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\POBEGIHDJNIEFKLCNKENODEPCHEBOFNN\12.202.10.30453_0\MANIFEST.JSON, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\components\embedhtml\html\embedHtmlTemplate.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\components\embedhtml\html\innerEmbedHtmlTemplate.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\components\embedscript\html\embedScriptTemplate.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\components\embedscript\html\innerEmbedScriptTemplate.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\components\flare\icons\Icon_Flare_blue.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\components\flare\icons\Icon_Flare_pink.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\components\flare\icons\Thumbs.db, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\components\menu\css\menuframe.css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\components\menu\html\menuframe.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\components\menu\images\right_arrow.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\components\menu\images\right_arrow_white.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\components\menu\README.txt, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\widget-api\widgets\radio\css\radio-widget.css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\widget-api\widgets\radio\radio-widget.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\widget-api\widgets\rss\rssWidget.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\widget-api\widgets\test\invalid.json, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\widget-api\widgets\test\qunit.css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\widget-api\widgets\test\resource.json, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\widget-api\widgets\test\resource.xml, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\widget-api\widgets\test\testWidget.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\widget-api\widgets\topapps\css\widget.css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\widget-api\widgets\topapps\widget.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\widget-api\widgets\weather\css\weatherButton.css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\common\widget-api\widgets\weather\weatherButton.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\api\window\hiddenWidgetWindow.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\api\window\widgetWindow.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\defaultSearch\foreground\07_buttons2.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\defaultSearch\foreground\08_buttons2.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\defaultSearch\foreground\defaultSearchModal.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\defaultSearch\foreground\defaultSearchModalInjector.css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\defaultSearch\foreground\tvf_btn_ok.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\defaultSearch\foreground\tvf_btn_ok2.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\defaultSearch\foreground\tvf_restart_alert_icon.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\defaultSearch\foreground\tvf_restart_icon.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\moviereviews\css\movieReviews.css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\moviereviews\html\movieReviews.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\radio\css\toolbar-item.css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\radio\radioWrapper\radioWrapper.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\search\html\searchSuggestions.css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\search\html\searchSuggestions.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\supertab\css\supertab.css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\components\supertab\html\supertab.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\icons\arrowSprite.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\icons\icon128.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\icons\icon16.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\icons\icon19disabled.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\icons\icon19on.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\icons\icon48.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\icons\tb_icon_search_disappearing_ask.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\images\231792684.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\images\226330088.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\images\226330124.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\images\226330125.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\images\226330126.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\images\226330127.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\images\226330128.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\images\226330129.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\images\226330135.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\images\226330172.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\images\226330189.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\images\226384108.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\images\231792586.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\images\231792691.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\images\down_arrow.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\images\IDR_PRODUCT_LOGO_16.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\images\IDR_WEBSTORE_ICON.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\images\magnifying_glass.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\images\RadioPlayerSprite.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\images\search_button.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\images\tvf_icon_guide.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\images\tvf_logo.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\images\wrench.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\shared\MindsparkGlobalNotes.txt, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\_metadata\computed_hashes.json, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\_metadata\verified_contents.json, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\spent.css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\bg.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\buildVars, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\contentScript.css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\debug.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\debug.jade, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\options.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\spent.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\spent2.css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\spent2.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\spentK.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\stub.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\stubby.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\toolbar.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\toolbarUI.css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn\12.202.10.30453_0\toolbarUI.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\USERS\VALERIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MDIFMMBIBDALCLBBOJMGGOLMKJOLLAHI\12.202.10.29650_0\MANIFEST.JSON, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\components\embedhtml\html\embedHtmlTemplate.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\components\embedhtml\html\innerEmbedHtmlTemplate.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\components\embedscript\html\embedScriptTemplate.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\components\embedscript\html\innerEmbedScriptTemplate.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\components\flare\icons\Icon_Flare_blue.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\components\flare\icons\Icon_Flare_pink.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\components\flare\icons\Thumbs.db, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\components\menu\css\menuframe.css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\components\menu\html\menuframe.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\components\menu\images\right_arrow.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\components\menu\images\right_arrow_white.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\components\menu\README.txt, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\widget-api\widgets\radio\css\radio-widget.css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\widget-api\widgets\radio\radio-widget.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\widget-api\widgets\rss\rssWidget.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\widget-api\widgets\test\invalid.json, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\widget-api\widgets\test\qunit.css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\widget-api\widgets\test\resource.json, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\widget-api\widgets\test\resource.xml, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\widget-api\widgets\test\testWidget.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\widget-api\widgets\topapps\css\widget.css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\widget-api\widgets\topapps\widget.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\widget-api\widgets\weather\css\weatherButton.css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\common\widget-api\widgets\weather\weatherButton.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\api\window\hiddenWidgetWindow.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\api\window\widgetWindow.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\defaultSearch\foreground\07_buttons2.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\defaultSearch\foreground\08_buttons2.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\defaultSearch\foreground\defaultSearchModal.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\defaultSearch\foreground\defaultSearchModalInjector.css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\defaultSearch\foreground\tvf_btn_ok.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\defaultSearch\foreground\tvf_btn_ok2.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\defaultSearch\foreground\tvf_restart_alert_icon.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\defaultSearch\foreground\tvf_restart_icon.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\moviereviews\css\movieReviews.css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\moviereviews\html\movieReviews.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\radio\css\toolbar-item.css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\radio\radioWrapper\radioWrapper.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\search\html\searchSuggestions.css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\search\html\searchSuggestions.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\supertab\css\supertab.css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\components\supertab\html\supertab.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\icons\arrowSprite.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\icons\icon128.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\icons\icon16.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\icons\icon19disabled.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\icons\icon19on.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\icons\icon48.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\icons\tb_icon_search_disappearing_ask.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\images\229253715.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\images\229253718.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\images\229253727.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\images\229253733.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\images\229253739.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\images\229253751.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\images\down_arrow.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\images\IDR_PRODUCT_LOGO_16.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\images\IDR_WEBSTORE_ICON.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\images\magnifying_glass.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\images\RadioPlayerSprite.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\images\search_button.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\images\tvf_icon_guide.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\images\tvf_logo.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\images\wrench.png, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\shared\MindsparkGlobalNotes.txt, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\_metadata\computed_hashes.json, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\_metadata\verified_contents.json, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\spent.css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\bg.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\buildVars, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\contentScript.css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\debug.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\debug.jade, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\options.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\spent.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\spent2.css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\spent2.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\spentK.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\stub.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\stubby.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\toolbar.html, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\toolbarUI.css, Delete-on-Reboot, [343], [301932],1.0.877
PUP.Optional.MindSpark, C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi\12.202.10.29650_0\toolbarUI.html, Delete-on-Reboot, [343], [301932],1.0.877

Physical Sector: 0
(No malicious items detected)


(end)

Juliet
2016-12-28, 20:46
My goodness, Chrome was infested bad!

Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

Download the Emsisoft Emergency Kit (https://www.emsisoft.com/en/software/eek/download/) and execute it. From there, click on the Extract button to extract the program in the EEK folder;
Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;

If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;

Save the log on your desktop, then open it, and copy/paste its content in your next reply;

Charval
2016-12-29, 12:28
Hi Juliet,

I can't run the scanner - it says that it won't work on anything prior to Windows 7. The computer is Vista

Juliet
2016-12-29, 14:37
Hi Juliet,

I can't run the scanner - it says that it won't work on anything prior to Windows 7. The computer is Vista

Oh poo, I don't like that, we'll try a different one


Please download Kaspersky Security Scan (http://special.kaspersky-labs.com/OZXA65G4OJNLDSK7I5CY/kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe) and save the file to your Desktop.
Temporarily disable your Anti-Virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Right-click KSS.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Kaspersky Security Scan Setup will commence.
Click Next, place a checkmark next to I agree to the terms of the licence agreement and click Install.
Click Finish.
Click http://i.imgur.com/XpMd66Z.png Full Scan.
Upon completion, re-enable your Anti-Virus software.
If problems are found, click http://i.imgur.com/XTNdd6U.png. If no problems are found, close the window.
A report will open in your default browser.
In your browser, press the Ctrl key + A key on your keyboard at the same time.
Copy the text and paste in your next reply.
Close the Kaspersky Security Scan window.

Charval
2016-12-29, 21:14
Hi juliet,

The link comes up with 403 page not found error. I dl Kaspersky scan from website - not sure if it's the right one, found 11 threats but i can't retrieve a report.

Juliet
2016-12-29, 21:26
dang....their making it harder for people with older operating systems to use their tools any more, I dislike this.

Can you see where the infections are located?

does it give an option to delete or quarantine?, and without having to pay?

Juliet
2016-12-29, 21:30
https://www.eset.com/us/home/online-scanner/

this one claims to be Vista compatible.

Charval
2016-12-31, 11:58
Hi Juliet,

Not having much luck! Where would the report from the online scan be stored? When I went to bed last night the scan was still running (3hrs at this point), when I looked this morning, the comp had rebooted but I can't find the log. I tried going back online but that just restares the scan...

Juliet
2016-12-31, 13:41
try a search for
ESET
ESETScan.txt
EsetOnlineScanner\log.txt

Charval
2017-01-01, 12:05
Happy New Year!

Hi Juliet,

here's the scan from Eset:

C:\AdwCleaner\quarantine\files\bgukgwojiahklsqqzjxavvmozhdcfkdf\Toolbar\Updater\IDC\IdcLdr.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\quarantine\files\bgukgwojiahklsqqzjxavvmozhdcfkdf\Toolbar\Updater\IDC\IdcSrv.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\quarantine\files\bgukgwojiahklsqqzjxavvmozhdcfkdf\Toolbar\Updater\IDC\IdcSrvStub.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\quarantine\files\esoexofynmwvfdiwczwotalrusthkjxm\Toolbar\Updater\IDC\IdcLdr.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\quarantine\files\esoexofynmwvfdiwczwotalrusthkjxm\Toolbar\Updater\IDC\IdcSrv.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\quarantine\files\esoexofynmwvfdiwczwotalrusthkjxm\Toolbar\Updater\IDC\IdcSrvStub.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\quarantine\files\xmtpssrdmpcmsmlhfndniuqvkfbzbuyz\Toolbar\Updater\IDC\IdcLdr.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\quarantine\files\xmtpssrdmpcmsmlhfndniuqvkfbzbuyz\Toolbar\Updater\IDC\IdcSrv.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\quarantine\files\xmtpssrdmpcmsmlhfndniuqvkfbzbuyz\Toolbar\Updater\IDC\IdcSrvStub.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\quarantine\files\xodblqmblihylsykpxejvdutbomtjukd\Toolbar\Updater\IDC\IdcLdr.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\quarantine\files\xodblqmblihylsykpxejvdutbomtjukd\Toolbar\Updater\IDC\IdcSrv.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\quarantine\files\xodblqmblihylsykpxejvdutbomtjukd\Toolbar\Updater\IDC\IdcSrvStub.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\quarantine\files\yhbxioprczuceehxwvdyartrsqtzuwjq\Toolbar\Updater\IDC\IdcLdr.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\quarantine\files\yhbxioprczuceehxwvdyartrsqtzuwjq\Toolbar\Updater\IDC\IdcSrv.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\quarantine\files\yhbxioprczuceehxwvdyartrsqtzuwjq\Toolbar\Updater\IDC\IdcSrvStub.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Program Files\CCleaner\ccsetup525.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\Installer\f54e8.msi a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application


We are still running slow - could that be due to age of computer?

Juliet
2017-01-01, 16:20
We are still running slow - could that be due to age of computer?
It's possible.

Let's remove those 2 files found by Eset, the other files found are already in a quarantine folder.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CreateRestorePoint:
CloseProcesses:
C:\Program Files\CCleaner\ccsetup525.exe
C:\Windows\Installer\f54e8.msi
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~

Let's see if there are any startup items we can disable to improve performance.

Go here to download HJT
http://www.bleepingcomputer.com/download/hijackthis/

Save HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.


~~~~~~~~~~~~~~

please post these 2 logs when finished.

Charval
2017-01-01, 18:23
Hi juliet,

here's the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 16:20:38, on 01/01/2017
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16811)

FIREFOX: 49.0.1 (x86 en-GB)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\valerie\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE /FU "C:\Users\valerie\AppData\Local\Temp\E_S59C8.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [KSS] "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [KSS] "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [KSS] "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun (User 'Default user')
O4 - Global Startup: Kaspersky Software Updater Beta.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Update Service (gupdate1c95fd8b90ceb00) (gupdate1c95fd8b90ceb00) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Kaspersky Security Scan Service (kss) - AO Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8001 bytes


And JRT Log:

Fix result of Farbar Recovery Scan Tool (x86) Version: 21-12-2016
Ran by valerie (01-01-2017 15:32:09) Run:3
Running from C:\Users\valerie\Desktop
Loaded Profiles: valerie (Available Profiles: valerie)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Program Files\CCleaner\ccsetup525.exe
C:\Windows\Installer\f54e8.msi
EmptyTemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files\CCleaner\ccsetup525.exe => moved successfully
C:\Windows\Installer\f54e8.msi => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10569121 B
Java, Flash, Steam htmlcache => 991 B
Windows/system/drivers => 597083469 B
Edge => 0 B
Chrome => 105472 B
Firefox => 275536507 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 65960 B
LocalService => 0 B
NetworkService => 27058 B
valerie => 70244064 B

RecycleBin => 1401 B
EmptyTemp: => 917.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:39:22 ====

Juliet
2017-01-02, 01:36
Are you using Microsoft Security Essentials and Kaspersky Internet Security?

Charval
2017-01-02, 12:51
Hi Juliet,

No, just Windows Essentials - the kaspersky is what we downloaded to scan the comp - but wouldn't run.

Also last night Firefox crashed, tried to refresh but wouldn't load up - so I've uninstalled it for now, so using IE.

Juliet
2017-01-02, 16:09
Thats strange about Firefox, I have no idea why it would do that.

I looked back through logs to check on Kaspersky, it doesn't appear to be listed in add/remove programs....odd because it was listed in startup programs.

Typically, these entries are infrequently used tasks that can be started manually, if necessary.
Removing/disabling these items from statup will help with system resources.

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE /FU "C:\Users\valerie\AppData\Local\Temp\E_S59C8.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [KSS] "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [KSS] "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
O4 - HKUS\S-1-5-18\..\Run: [KSS] "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [KSS] "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun (User 'Default user')
O4 - Global Startup: Kaspersky Software Updater Beta.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab


Reboot the computer to set the registry.

Juliet
2017-01-07, 14:14
Still need help?

Juliet
2017-01-09, 15:00
it's been several days since your last reply, do you still need help?

Juliet
2017-01-12, 15:42
Glad we could help. :)

Since this issue appears resolved ... this Topic is closed.