[ti]SOLVED[/ti]trojan.kotver!gm2 got me - please help

wikisend.com/download/550392/FRST.txt
wikisend.com/download/814500/Addition.txt


Thank you for your help. I really need it!

I have followed all your instructions and Malwarebytes reports no malware found after the second scan!

Here are the contents of the file FIXLOG.TXT:

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-10-2016
Ran by Linda (28-10-2016 07:30:10) Run:1
Running from C:\Users\Linda\Desktop
Loaded Profiles: Linda (Available Profiles: Linda)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3301335783-952878382-938087909-1001\...\Run: [**fojht<*>] => "C:\Users\Linda\AppData\Local\cb6f\1ba0.lnk" <===== ATTENTION (Value Name with invalid characters)
Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c85e.lnk [2016-10-25]
Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start-carmel-detector.vbs [2016-08-03] ()
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-06-26] (Coupons, Inc.)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1414128 2015-06-26] (Coupons.com Inc.)
CustomCLSID: HKU\S-1-5-21-3301335783-952878382-938087909-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Linda\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3301335783-952878382-938087909-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Linda\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3301335783-952878382-938087909-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Linda\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3301335783-952878382-938087909-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Linda\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3301335783-952878382-938087909-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Linda\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3301335783-952878382-938087909-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Linda\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3301335783-952878382-938087909-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Linda\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {03976B92-ADAC-4690-8696-DC9CD61338A4} - \GoogleUpdateTaskMachineUA1d1eb5539f44c70 -> No File <==== ATTENTION
Task: {0B71F048-F8AF-4D6A-9998-314DB2B6A3D0} - \SettingsEventHandlerMonitor -> No File <==== ATTENTION
Task: {0D21BBCE-5FF6-4613-B62C-48148CA6EAA1} - \Microsoft\Windows\RAC\RacTask -> No File <==== ATTENTION
Task: {0D79ABCE-D22F-4ACC-BF36-A3C81CFC1EB4} - \ShutdownOpt -> No File <==== ATTENTION
Task: {0E6680C4-65BD-4498-86A8-0291850EC248} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {11876664-549E-4225-8E35-C7A2DC4D2A97} - \SAgent -> No File <==== ATTENTION
Task: {129DE354-F6F5-4FA4-A5E1-E87B413FB29E} - \RTKCPL -> No File <==== ATTENTION
Task: {1A4230A2-E136-4936-9B22-DDF624BB8332} - \Microsoft\Windows\IME\SQM data sender -> No File <==== ATTENTION
Task: {205A3BC8-87A9-428F-8580-4216FBE78213} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {20AE5ACA-F4B4-49F0-BA01-24775477821D} - \Microsoft\Windows\WindowsUpdate\AUFirmwareInstall -> No File <==== ATTENTION
Task: {21A78A3D-74CD-4710-BBF4-458474161D82} - \Microsoft\Windows\MUI\Lpksetup -> No File <==== ATTENTION
Task: {23412AFF-CA34-451A-A7DA-A8E424BB7876} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {246FC8C3-FE91-4236-92C3-AA87E434D5C6} - \SUPatchForW10Up -> No File <==== ATTENTION
Task: {271757DE-49FA-4A68-B36B-10F9663AC66D} - \G2MUploadTask-S-1-5-21-3301335783-952878382-938087909-1001 -> No File <==== ATTENTION
Task: {3113F839-F1CC-46BB-8723-E2A473787A9F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {348222A2-7E46-46B5-B062-9FC5DBB5D628} - \Microsoft\Windows\MUI\Mcbuilder -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - \Microsoft\Windows\Workplace Join\Automatic-Workplace-Join -> No File <==== ATTENTION
Task: {3D738339-1760-4BBD-81E7-076564EDD8EB} - \{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} -> No File <==== ATTENTION
Task: {3F76D776-8EAF-4C28-965F-6DE399E26B45} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {454DBA59-C12E-4E6F-83A5-82AE731DFC0F} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
Task: {4A91E2DA-1860-404D-BDE3-47ED8AEFF453} - \IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon -> No File <==== ATTENTION
Task: {4B119C56-924D-4F83-AE04-47405CC2845F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4DCC31F7-F7A0-4BA6-837D-3680758389BC} - \G2MUpdateTask-S-1-5-21-3301335783-952878382-938087909-1001 -> No File <==== ATTENTION
Task: {58B3B2DC-E831-44B9-B23C-94DC342F57F0} - \Norton WSC Integration -> No File <==== ATTENTION
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - \Microsoft\Windows\Customer Experience Improvement Program\BthSQM -> No File <==== ATTENTION
Task: {5B165AE3-7AB3-47AA-96C5-50F6513D3CB4} - \Microsoft\Windows\RemovalTools\MRT_HB -> No File <==== ATTENTION
Task: {5BC15202-C1FE-45EE-A596-D96D5F69C1BB} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {5D2B6CCD-B184-42C1-B68F-EEF6B0A6303A} - \Microsoft\Windows\WindowsUpdate\Scheduled Start With Network -> No File <==== ATTENTION
Task: {5DE15E90-0934-4037-A24A-957F512BB1BD} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - \Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task -> No File <==== ATTENTION
Task: {72350DA9-AC2C-472E-B109-1F6C61519AF0} - \DropboxUpdateTaskUserS-1-5-21-3301335783-952878382-938087909-1001Core -> No File <==== ATTENTION
Task: {780B1F70-855B-4BAA-AE92-BF706973A594} - \SecTimeSync\TimeSyncInit -> No File <==== ATTENTION
Task: {7AA94521-55D2-4A9F-983F-2B6BBE7CED65} - \IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 -> No File <==== ATTENTION
Task: {7BBB7EF2-197E-4EA3-89C3-82161B1DA900} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7BC05875-B9C9-487D-A6D0-B731390EE95D} - \DropboxUpdateTaskUserS-1-5-21-3301335783-952878382-938087909-1001UA -> No File <==== ATTENTION
Task: {8096AAD0-E7A3-4F4B-8578-96E0C13A707B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {81F13089-967F-4470-9016-FC8B25B5F7E3} - \SamsungHomeSyncPC -> No File <==== ATTENTION
Task: {84D5F4EA-3DC6-444A-97D1-F6EEBA6F6A81} - \HPCustParticipation HP Officejet 6500 E710n-z -> No File <==== ATTENTION
Task: {8621FA74-14AD-4993-9E6B-8C6EAF3DBB8F} - \User_Feed_Synchronization-{B96534D5-AE5C-4C07-AF90-3B1706E88FD1} -> No File <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - \Microsoft\Windows\SkyDrive\Routine Maintenance Task -> No File <==== ATTENTION
Task: {8864E73B-F8CC-449D-8E4E-FC58E949BC25} - \WPD\SqmUpload_S-1-5-21-3301335783-952878382-938087909-1001 -> No File <==== ATTENTION
Task: {8DA2A36B-D543-420E-B80D-A6AB7F3C64DE} - \Microsoft\Windows\WindowsUpdate\AUSessionConnect -> No File <==== ATTENTION
Task: {95350FC2-7423-4DD6-8E99-F6EE1A11E112} - \Microsoft\Windows\WindowsUpdate\AUScheduledInstall -> No File <==== ATTENTION
Task: {9567E270-199F-4972-89A3-D7F6816C5917} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {978C7918-6AFF-4842-8A2F-E5DA433EE86E} - \Optimize Start Menu Cache Files-S-1-5-21-3301335783-952878382-938087909-1001 -> No File <==== ATTENTION
Task: {9A7E213E-1323-493C-A59A-59EFD834AE8A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9A96EABE-77A9-4E25-A679-7FA5FD27851F} - \HPCustParticipation HP Photosmart 6520 series -> No File <==== ATTENTION
Task: {A0C65CCB-0C45-492C-B6B1-D0CC3D414286} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {AB838BCC-D4EF-4479-88E4-10139E1C9050} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B1879823-BE35-47EB-9E66-713132998DBB} - \HPCeeScheduleForLinda -> No File <==== ATTENTION
Task: {B73492CF-C773-4DFC-BBAC-81619FDAB0A8} - \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report -> No File <==== ATTENTION
Task: {B92707FA-77F5-4096-8988-EA9BF86BF6A1} - \LaunchSettings -> No File <==== ATTENTION
Task: {BC17B55C-2AF2-48D4-B3B0-D602EED4FF40} - \GoogleUpdateTaskUserS-1-5-21-3301335783-952878382-938087909-1001UA -> No File <==== ATTENTION
Task: {C110C921-6361-4AED-A851-4135CDB68872} - \Microsoft\Windows\Shell\FamilySafetyUpload -> No File <==== ATTENTION
Task: {C3EC499D-80B2-4E29-A32B-CF6D900A8A47} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C4AE3C3E-C327-4689-B6FD-C11FB31AE88B} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
Task: {C53D54BC-1CF1-4819-8276-1694DADC49C1} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Task: {C8D9CDC7-0AD1-4C27-80B8-75941A286B98} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {C8DE05F2-1BD0-4B78-BA23-0B1C14ACF895} - \Optimize Start Menu Cache Files-S-1-5-21-3301335783-952878382-938087909-500 -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {D0728DC4-0BB5-4ACF-9057-132FD24CAFCA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {D6138D6B-6191-46D6-B0A4-C4C8A2E6CFA0} - \SettingsHibernateMonitor -> No File <==== ATTENTION
Task: {D6D9DE3A-BBC8-4822-8854-503D93D26051} - \User_Feed_Synchronization-{A721CD42-E922-4E19-B092-A4D98D6125B8} -> No File <==== ATTENTION
Task: {D8649A3F-4AC5-430A-B0A3-78F884A632FD} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {DA8D702E-593F-4689-8FE2-5B73A558EBC9} - \GoogleUpdateTaskMachineCore1d1eb5537c23c82 -> No File <==== ATTENTION
Task: {E100CED5-2464-4397-B626-08D39A38D97A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E1D27ED2-75EA-42BD-B93A-D635C342CC49} - \Remediation\AntimalwareMigrationTask -> No File <==== ATTENTION
Task: {E485FD1D-B2DE-4334-9A8A-4593E991559B} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {E519343F-33E9-4BB0-85C7-D65F34053A4B} - \Microsoft\Windows\Customer Experience Improvement Program\Uploader -> No File <==== ATTENTION
Task: {F2C39A3A-B8B2-49BC-A27A-B88A823CE6A1} - \GoogleUpdateTaskUserS-1-5-21-3301335783-952878382-938087909-1001Core -> No File <==== ATTENTION
Task: {FE9E71F4-D707-41E4-9418-0F285776ACCB} - \advRecovery -> No File <==== ATTENTION
Shortcut: C:\Users\Linda\AppData\Local\cb6f\1ba0.lnk -> C:\Users\Linda\AppData\Local\cb6f\932c.bat ()
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [261]
HKU\S-1-5-21-3301335783-952878382-938087909-1001\Software\Classes\c2c4: "C:\WINDOWS\system32\mshta.exe" "javascript:HdBC13="HTWcJC";D7v=new ActiveXObject("WScript.Shell");k5jBALs="BKKwO67";IN16ek=D7v.RegRead("HKCU\\software\\dincmc\\tirl");MKTBe0="Rd";eval(IN16ek);Q5cMV7="TEs";" <===== ATTENTION
DeleteKey: HKCU\\software\\dincmc
C:\Program Files (x86)\Coupons
C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll
2016-10-27 16:17 - 2016-10-27 16:17 - 02407936 _____ (Farbar) C:\Users\Linda\Desktop\FRST64.exe.lqljcq2.partial
C:\WINDOWS\SysWOW64\000*.tmp
2016-10-25 10:36 - 2016-10-25 10:36 - 00000000 ____D C:\Users\Linda\AppData\Local\cb6f
2016-10-25 10:36 - 2016-10-25 10:36 - 00000000 ____D C:\Users\Linda\AppData\Roaming\2daa
2016-10-01 01:55 - 2014-06-23 20:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-3301335783-952878382-938087909-1001\Software\Microsoft\Windows\CurrentVersion\Run\\**fojht<*> => value removed successfully
C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c85e.lnk => moved successfully
C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start-carmel-detector.vbs => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll" => not found.
CouponPrinterService => service not found.
"HKU\S-1-5-21-3301335783-952878382-938087909-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-3301335783-952878382-938087909-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-3301335783-952878382-938087909-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-3301335783-952878382-938087909-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
"HKU\S-1-5-21-3301335783-952878382-938087909-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-3301335783-952878382-938087909-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-3301335783-952878382-938087909-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03976B92-ADAC-4690-8696-DC9CD61338A4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03976B92-ADAC-4690-8696-DC9CD61338A4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1d1eb5539f44c70" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B71F048-F8AF-4D6A-9998-314DB2B6A3D0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B71F048-F8AF-4D6A-9998-314DB2B6A3D0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SettingsEventHandlerMonitor" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{0D21BBCE-5FF6-4613-B62C-48148CA6EAA1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D21BBCE-5FF6-4613-B62C-48148CA6EAA1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RAC\RacTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0D79ABCE-D22F-4ACC-BF36-A3C81CFC1EB4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D79ABCE-D22F-4ACC-BF36-A3C81CFC1EB4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShutdownOpt" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E6680C4-65BD-4498-86A8-0291850EC248}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E6680C4-65BD-4498-86A8-0291850EC248}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{11876664-549E-4225-8E35-C7A2DC4D2A97}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11876664-549E-4225-8E35-C7A2DC4D2A97}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{129DE354-F6F5-4FA4-A5E1-E87B413FB29E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{129DE354-F6F5-4FA4-A5E1-E87B413FB29E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RTKCPL" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1A4230A2-E136-4936-9B22-DDF624BB8332}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A4230A2-E136-4936-9B22-DDF624BB8332}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\IME\SQM data sender" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{205A3BC8-87A9-428F-8580-4216FBE78213}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{205A3BC8-87A9-428F-8580-4216FBE78213}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20AE5ACA-F4B4-49F0-BA01-24775477821D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20AE5ACA-F4B4-49F0-BA01-24775477821D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{21A78A3D-74CD-4710-BBF4-458474161D82}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21A78A3D-74CD-4710-BBF4-458474161D82}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\Lpksetup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{23412AFF-CA34-451A-A7DA-A8E424BB7876}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23412AFF-CA34-451A-A7DA-A8E424BB7876}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{246FC8C3-FE91-4236-92C3-AA87E434D5C6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{246FC8C3-FE91-4236-92C3-AA87E434D5C6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPatchForW10Up" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{271757DE-49FA-4A68-B36B-10F9663AC66D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{271757DE-49FA-4A68-B36B-10F9663AC66D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\G2MUploadTask-S-1-5-21-3301335783-952878382-938087909-1001" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3113F839-F1CC-46BB-8723-E2A473787A9F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3113F839-F1CC-46BB-8723-E2A473787A9F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{348222A2-7E46-46B5-B062-9FC5DBB5D628}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{348222A2-7E46-46B5-B062-9FC5DBB5D628}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\Mcbuilder" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{352E6CA0-7314-4DF4-89C4-682368D80D57}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{352E6CA0-7314-4DF4-89C4-682368D80D57}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D738339-1760-4BBD-81E7-076564EDD8EB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D738339-1760-4BBD-81E7-076564EDD8EB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F76D776-8EAF-4C28-965F-6DE399E26B45}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F76D776-8EAF-4C28-965F-6DE399E26B45}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{454DBA59-C12E-4E6F-83A5-82AE731DFC0F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{454DBA59-C12E-4E6F-83A5-82AE731DFC0F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Synaptics TouchPad Enhancements" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4A91E2DA-1860-404D-BDE3-47ED8AEFF453}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A91E2DA-1860-404D-BDE3-47ED8AEFF453}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B119C56-924D-4F83-AE04-47405CC2845F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B119C56-924D-4F83-AE04-47405CC2845F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DCC31F7-F7A0-4BA6-837D-3680758389BC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DCC31F7-F7A0-4BA6-837D-3680758389BC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\G2MUpdateTask-S-1-5-21-3301335783-952878382-938087909-1001" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58B3B2DC-E831-44B9-B23C-94DC342F57F0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58B3B2DC-E831-44B9-B23C-94DC342F57F0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A3FB241-0B11-4EA5-BC66-0D9F1B406040}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A3FB241-0B11-4EA5-BC66-0D9F1B406040}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\BthSQM" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B165AE3-7AB3-47AA-96C5-50F6513D3CB4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B165AE3-7AB3-47AA-96C5-50F6513D3CB4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemovalTools\MRT_HB" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BC15202-C1FE-45EE-A596-D96D5F69C1BB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BC15202-C1FE-45EE-A596-D96D5F69C1BB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D2B6CCD-B184-42C1-B68F-EEF6B0A6303A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D2B6CCD-B184-42C1-B68F-EEF6B0A6303A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5DE15E90-0934-4037-A24A-957F512BB1BD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DE15E90-0934-4037-A24A-957F512BB1BD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DFCB649-0769-4F83-BB10-F60F235F6D3D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DFCB649-0769-4F83-BB10-F60F235F6D3D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72350DA9-AC2C-472E-B109-1F6C61519AF0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72350DA9-AC2C-472E-B109-1F6C61519AF0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DropboxUpdateTaskUserS-1-5-21-3301335783-952878382-938087909-1001Core" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{780B1F70-855B-4BAA-AE92-BF706973A594}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{780B1F70-855B-4BAA-AE92-BF706973A594}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SecTimeSync\TimeSyncInit" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7AA94521-55D2-4A9F-983F-2B6BBE7CED65}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AA94521-55D2-4A9F-983F-2B6BBE7CED65}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BBB7EF2-197E-4EA3-89C3-82161B1DA900}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BBB7EF2-197E-4EA3-89C3-82161B1DA900}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BC05875-B9C9-487D-A6D0-B731390EE95D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BC05875-B9C9-487D-A6D0-B731390EE95D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DropboxUpdateTaskUserS-1-5-21-3301335783-952878382-938087909-1001UA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8096AAD0-E7A3-4F4B-8578-96E0C13A707B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8096AAD0-E7A3-4F4B-8578-96E0C13A707B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81F13089-967F-4470-9016-FC8B25B5F7E3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81F13089-967F-4470-9016-FC8B25B5F7E3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SamsungHomeSyncPC" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84D5F4EA-3DC6-444A-97D1-F6EEBA6F6A81}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84D5F4EA-3DC6-444A-97D1-F6EEBA6F6A81}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCustParticipation HP Officejet 6500 E710n-z" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8621FA74-14AD-4993-9E6B-8C6EAF3DBB8F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8621FA74-14AD-4993-9E6B-8C6EAF3DBB8F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\User_Feed_Synchronization-{B96534D5-AE5C-4C07-AF90-3B1706E88FD1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{872D0E53-FD2E-41E3-B431-698AF82882CE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{872D0E53-FD2E-41E3-B431-698AF82882CE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SkyDrive\Routine Maintenance Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8864E73B-F8CC-449D-8E4E-FC58E949BC25}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8864E73B-F8CC-449D-8E4E-FC58E949BC25}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-3301335783-952878382-938087909-1001" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8DA2A36B-D543-420E-B80D-A6AB7F3C64DE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DA2A36B-D543-420E-B80D-A6AB7F3C64DE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsUpdate\AUSessionConnect" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95350FC2-7423-4DD6-8E99-F6EE1A11E112}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95350FC2-7423-4DD6-8E99-F6EE1A11E112}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsUpdate\AUScheduledInstall" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9567E270-199F-4972-89A3-D7F6816C5917}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9567E270-199F-4972-89A3-D7F6816C5917}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Policy Install" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{978C7918-6AFF-4842-8A2F-E5DA433EE86E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{978C7918-6AFF-4842-8A2F-E5DA433EE86E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-3301335783-952878382-938087909-1001" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9A7E213E-1323-493C-A59A-59EFD834AE8A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A7E213E-1323-493C-A59A-59EFD834AE8A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A96EABE-77A9-4E25-A679-7FA5FD27851F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A96EABE-77A9-4E25-A679-7FA5FD27851F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCustParticipation HP Photosmart 6520 series" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0C65CCB-0C45-492C-B6B1-D0CC3D414286}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0C65CCB-0C45-492C-B6B1-D0CC3D414286}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB838BCC-D4EF-4479-88E4-10139E1C9050}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB838BCC-D4EF-4479-88E4-10139E1C9050}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1879823-BE35-47EB-9E66-713132998DBB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1879823-BE35-47EB-9E66-713132998DBB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCeeScheduleForLinda" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B73492CF-C773-4DFC-BBAC-81619FDAB0A8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B73492CF-C773-4DFC-BBAC-81619FDAB0A8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B92707FA-77F5-4096-8988-EA9BF86BF6A1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B92707FA-77F5-4096-8988-EA9BF86BF6A1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSettings" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC17B55C-2AF2-48D4-B3B0-D602EED4FF40}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC17B55C-2AF2-48D4-B3B0-D602EED4FF40}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3301335783-952878382-938087909-1001UA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C110C921-6361-4AED-A851-4135CDB68872}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C110C921-6361-4AED-A851-4135CDB68872}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\FamilySafetyUpload" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3EC499D-80B2-4E29-A32B-CF6D900A8A47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3EC499D-80B2-4E29-A32B-CF6D900A8A47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C4AE3C3E-C327-4689-B6FD-C11FB31AE88B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4AE3C3E-C327-4689-B6FD-C11FB31AE88B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C53D54BC-1CF1-4819-8276-1694DADC49C1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C53D54BC-1CF1-4819-8276-1694DADC49C1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C8D9CDC7-0AD1-4C27-80B8-75941A286B98}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8D9CDC7-0AD1-4C27-80B8-75941A286B98}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8DE05F2-1BD0-4B78-BA23-0B1C14ACF895}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8DE05F2-1BD0-4B78-BA23-0B1C14ACF895}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-3301335783-952878382-938087909-500" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE2DE968-E342-40D7-9566-427D45E4A886}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE2DE968-E342-40D7-9566-427D45E4A886}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0728DC4-0BB5-4ACF-9057-132FD24CAFCA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0728DC4-0BB5-4ACF-9057-132FD24CAFCA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6138D6B-6191-46D6-B0A4-C4C8A2E6CFA0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6138D6B-6191-46D6-B0A4-C4C8A2E6CFA0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SettingsHibernateMonitor" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6D9DE3A-BBC8-4822-8854-503D93D26051}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6D9DE3A-BBC8-4822-8854-503D93D26051}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\User_Feed_Synchronization-{A721CD42-E922-4E19-B092-A4D98D6125B8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8649A3F-4AC5-430A-B0A3-78F884A632FD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8649A3F-4AC5-430A-B0A3-78F884A632FD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DA8D702E-593F-4689-8FE2-5B73A558EBC9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA8D702E-593F-4689-8FE2-5B73A558EBC9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore1d1eb5537c23c82" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E100CED5-2464-4397-B626-08D39A38D97A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E100CED5-2464-4397-B626-08D39A38D97A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E1D27ED2-75EA-42BD-B93A-D635C342CC49}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1D27ED2-75EA-42BD-B93A-D635C342CC49}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Remediation\AntimalwareMigrationTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E485FD1D-B2DE-4334-9A8A-4593E991559B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E485FD1D-B2DE-4334-9A8A-4593E991559B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E519343F-33E9-4BB0-85C7-D65F34053A4B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E519343F-33E9-4BB0-85C7-D65F34053A4B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\Uploader" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2C39A3A-B8B2-49BC-A27A-B88A823CE6A1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2C39A3A-B8B2-49BC-A27A-B88A823CE6A1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3301335783-952878382-938087909-1001Core" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FE9E71F4-D707-41E4-9418-0F285776ACCB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE9E71F4-D707-41E4-9418-0F285776ACCB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\advRecovery" => key removed successfully
C:\Users\Linda\AppData\Local\cb6f\1ba0.lnk => moved successfully
C:\ProgramData\TEMP => ":0FF263E8" ADS removed successfully.
"HKU\S-1-5-21-3301335783-952878382-938087909-1001\Software\Classes\c2c4" => key removed successfully
HKCU\\software\\dincmc => key removed successfully
C:\Program Files (x86)\Coupons => moved successfully
"C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll" => not found.
C:\Users\Linda\Desktop\FRST64.exe.lqljcq2.partial => moved successfully

=========== "C:\WINDOWS\SysWOW64\000*.tmp" ==========

C:\WINDOWS\SysWOW64\00000459.tmp => moved successfully
C:\WINDOWS\SysWOW64\00001450.tmp => moved successfully
C:\WINDOWS\SysWOW64\00001822.tmp => moved successfully
C:\WINDOWS\SysWOW64\00002836.tmp => moved successfully
C:\WINDOWS\SysWOW64\00003435.tmp => moved successfully
C:\WINDOWS\SysWOW64\00003800.tmp => moved successfully
C:\WINDOWS\SysWOW64\00005068.tmp => moved successfully
C:\WINDOWS\SysWOW64\00005159.tmp => moved successfully
C:\WINDOWS\SysWOW64\00006476.tmp => moved successfully
C:\WINDOWS\SysWOW64\00006898.tmp => moved successfully
C:\WINDOWS\SysWOW64\00007324.tmp => moved successfully
C:\WINDOWS\SysWOW64\00007370.tmp => moved successfully
C:\WINDOWS\SysWOW64\00007442.tmp => moved successfully
C:\WINDOWS\SysWOW64\00008048.tmp => moved successfully
C:\WINDOWS\SysWOW64\00008091.tmp => moved successfully
C:\WINDOWS\SysWOW64\00008403.tmp => moved successfully
C:\WINDOWS\SysWOW64\00008468.tmp => moved successfully
C:\WINDOWS\SysWOW64\00008543.tmp => moved successfully
C:\WINDOWS\SysWOW64\00008799.tmp => moved successfully
C:\WINDOWS\SysWOW64\00010449.tmp => moved successfully
C:\WINDOWS\SysWOW64\00010568.tmp => moved successfully
C:\WINDOWS\SysWOW64\00010616.tmp => moved successfully
C:\WINDOWS\SysWOW64\00010711.tmp => moved successfully
C:\WINDOWS\SysWOW64\00011268.tmp => moved successfully
C:\WINDOWS\SysWOW64\00011351.tmp => moved successfully
C:\WINDOWS\SysWOW64\00011590.tmp => moved successfully
C:\WINDOWS\SysWOW64\00011858.tmp => moved successfully
C:\WINDOWS\SysWOW64\00012003.tmp => moved successfully
C:\WINDOWS\SysWOW64\00012429.tmp => moved successfully
C:\WINDOWS\SysWOW64\00012608.tmp => moved successfully
C:\WINDOWS\SysWOW64\00012828.tmp => moved successfully
C:\WINDOWS\SysWOW64\00012986.tmp => moved successfully
C:\WINDOWS\SysWOW64\00013980.tmp => moved successfully
C:\WINDOWS\SysWOW64\00015258.tmp => moved successfully
C:\WINDOWS\SysWOW64\00015699.tmp => moved successfully
C:\WINDOWS\SysWOW64\00015736.tmp => moved successfully
C:\WINDOWS\SysWOW64\00016338.tmp => moved successfully
C:\WINDOWS\SysWOW64\00016391.tmp => moved successfully
C:\WINDOWS\SysWOW64\00017069.tmp => moved successfully
C:\WINDOWS\SysWOW64\00017869.tmp => moved successfully
C:\WINDOWS\SysWOW64\00018213.tmp => moved successfully
C:\WINDOWS\SysWOW64\00018372.tmp => moved successfully
C:\WINDOWS\SysWOW64\00018852.tmp => moved successfully
C:\WINDOWS\SysWOW64\00019197.tmp => moved successfully
C:\WINDOWS\SysWOW64\00019215.tmp => moved successfully
C:\WINDOWS\SysWOW64\00019487.tmp => moved successfully
C:\WINDOWS\SysWOW64\00019842.tmp => moved successfully
C:\WINDOWS\SysWOW64\00019871.tmp => moved successfully
C:\WINDOWS\SysWOW64\00020594.tmp => moved successfully
C:\WINDOWS\SysWOW64\00021032.tmp => moved successfully
C:\WINDOWS\SysWOW64\00021333.tmp => moved successfully
C:\WINDOWS\SysWOW64\00021872.tmp => moved successfully
C:\WINDOWS\SysWOW64\00022036.tmp => moved successfully
C:\WINDOWS\SysWOW64\00022170.tmp => moved successfully
C:\WINDOWS\SysWOW64\00022172.tmp => moved successfully
C:\WINDOWS\SysWOW64\00022293.tmp => moved successfully
C:\WINDOWS\SysWOW64\00022450.tmp => moved successfully
C:\WINDOWS\SysWOW64\00022709.tmp => moved successfully
C:\WINDOWS\SysWOW64\00022843.tmp => moved successfully
C:\WINDOWS\SysWOW64\00023108.tmp => moved successfully
C:\WINDOWS\SysWOW64\00023178.tmp => moved successfully
C:\WINDOWS\SysWOW64\00023420.tmp => moved successfully
C:\WINDOWS\SysWOW64\00023709.tmp => moved successfully
C:\WINDOWS\SysWOW64\00023900.tmp => moved successfully
C:\WINDOWS\SysWOW64\00024562.tmp => moved successfully
C:\WINDOWS\SysWOW64\00024595.tmp => moved successfully
C:\WINDOWS\SysWOW64\00024637.tmp => moved successfully
C:\WINDOWS\SysWOW64\00025670.tmp => moved successfully
C:\WINDOWS\SysWOW64\00026478.tmp => moved successfully
C:\WINDOWS\SysWOW64\00026618.tmp => moved successfully
C:\WINDOWS\SysWOW64\00026650.tmp => moved successfully
C:\WINDOWS\SysWOW64\00027577.tmp => moved successfully
C:\WINDOWS\SysWOW64\00027771.tmp => moved successfully
C:\WINDOWS\SysWOW64\00028156.tmp => moved successfully
C:\WINDOWS\SysWOW64\00028849.tmp => moved successfully
C:\WINDOWS\SysWOW64\00030407.tmp => moved successfully
C:\WINDOWS\SysWOW64\00030835.tmp => moved successfully
C:\WINDOWS\SysWOW64\00032091.tmp => moved successfully

========= End -> "C:\WINDOWS\SysWOW64\000*.tmp" ========

C:\Users\Linda\AppData\Local\cb6f => moved successfully
C:\Users\Linda\AppData\Roaming\2daa => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons" => not found.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3301335783-952878382-938087909-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3301335783-952878382-938087909-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


=========== EmptyTemp: ==========

BITS transfer queue => 1398868 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 94476055 B
Java, Flash, Steam htmlcache => 68638 B
Windows/system/drivers => 1441556 B
Edge => 8820716 B
Chrome => 0 B
Firefox => 377725468 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 44262332 B
NetworkService => 0 B
Linda => 27940829 B

RecycleBin => 1261956538 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 07:39:38 ====



Here are the results of SYSTEM-LOG in the MBAR directory:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.321.14393.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.295000 GHz
Memory total: 8502034432, free: 5903618048

Downloaded database version: v2016.10.28.07
Downloaded database version: v2016.09.26.02
Downloaded database version: v2016.09.21.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
10/28/2016 07:56:16
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\system32\drivers\NISx64\1608000.032\SYMEFASI64.SYS
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\NISx64\1608000.032\ccSetx64.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\system32\drivers\NISx64\1608000.032\Ironx64.SYS
\??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\System32\Drivers\NISx64\1608000.032\SRTSP64.SYS
\SystemRoot\system32\drivers\NISx64\1608000.032\SRTSPX64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\System32\Drivers\NISx64\1608000.032\SYMNETS.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.7.0.76\Definitions\IPSDefs\20161027.002\IDSvia64.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\windows\system32\drivers\cbfs3.sys
\??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.7.0.76\Definitions\BASHDefs\20161027.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\TeeDriverx64.sys
\SystemRoot\System32\drivers\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\ETDSMBus.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\RadioHIDMini.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\btath_bus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\System32\drivers\usbprint.sys
\SystemRoot\system32\DRIVERS\dot4usb.sys
\SystemRoot\system32\DRIVERS\Dot4.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\drivers\Dot4Prt.sys
\SystemRoot\System32\drivers\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\tunnel.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
main: v2016.10.28.07
rootkit: v2016.09.26.02

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffff9d0e35a18060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffff9d0e349a3ae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff9d0e35a18060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffff9d0e335ffc40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffff9d0e329d8330, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffff9d0e329de060, DeviceName: \Device\00000031\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: B31AA872

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 973414617
GPT Header CurrentLba = 1 BackupLba 1953525167
GPT Header FirstUsableLba 34 LastUsableLba 1953525134
GPT Header Guid 4ed76b23-3c88-4f74-9fb9-a4d67f71cfb2
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 973414617
Backup GPT header CurrentLba = 1953525167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134
Backup GPT header Guid 4ed76b23-3c88-4f74-9fb9-a4d67f71cfb2
Backup GPT header Contains 128 partition entries starting at LBA 1953525135
Backup GPT header Partition entry size = 128

Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID db7ddbf8-4314-4489-9d60-d8eb814e45d
FirstLBA 2048 Last LBA 1023999
Attributes 1
Partition Name Basic data partition

Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID c4d2e874-42e9-430d-8a5f-3c9c401a89fd
FirstLBA 1024000 Last LBA 1638399
Attributes 0
Partition Name EFI system partition

GPT Partition 1 is bootable
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 2c791cf0-69c6-4226-828e-4e44ee9c2567
FirstLBA 1638400 Last LBA 1900543
Attributes 0
Partition Name Microsoft reserved partition

Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 68fbc44-cc6c-422e-a88e-78aec76ccdff
FirstLBA 1900544 Last LBA 1918476326
Attributes 0
Partition Name Basic data partition

Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID af12160-3617-4ed3-af6f-e5933a11785e
FirstLBA 1918478336 Last LBA 1920260095
Attributes 1
Partition Name

Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 53938bf8-be12-4d76-b95d-c6250757d35
FirstLBA 1920260097 Last LBA 1951426560
Attributes 1
Partition Name Basic data partition

Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID a53e5f4b-fa8c-4009-4173-636c65706975
FirstLBA 1951426561 Last LBA 1953523712
Attributes 1
Partition Name Basic data partition

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffff9d0e38933610, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffff9d0e389435c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff9d0e38933610, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffff9d0e3892f060, DeviceName: \Device\00000053\, DriverName: \Driver\USBSTOR\
------------ End ----------
File "C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.7.0.76\QBackup\index.qbs" is sparse (flags = 32768)
Infected: C:\Program Files (x86)\Internet Explorer\00000027.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00000095.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00000742.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00000900.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00001061.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00001231.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00002030.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00002500.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00002508.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00003218.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00004648.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00005378.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00005483.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00005655.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00005678.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00006397.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00006490.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00025193.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00025548.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00025647.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00026129.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00026521.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00026809.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00026913.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00026997.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00027043.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00027678.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00028158.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00028907.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00029692.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00031639.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00032046.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00032203.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00032337.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00032497.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00014748.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00015732.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00016455.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00016528.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00016599.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00016645.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00016921.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00017202.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00017279.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00017537.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00017595.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00018170.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00019061.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00019232.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00019784.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00019895.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00019929.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00019948.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00019988.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00020007.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00020102.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00020249.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00020958.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00021824.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00021860.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00023134.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00023618.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00024393.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00024570.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00024876.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00006675.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00006734.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00007052.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00007906.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00007990.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00008483.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00008784.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00008806.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00008835.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00010642.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00011056.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00011893.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00012197.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00013003.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00013478.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00013640.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00006634.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00014742.tmp --> [Trojan.Agent.ENM]
Infected: C:\Program Files (x86)\Internet Explorer\00025108.tmp --> [Trojan.Agent.ENM]
File "C:\Users\Linda\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.321.14393.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.295000 GHz
Memory total: 8502034432, free: 6519070720

Initializing...
======================
Driver version: 0.3.0.4
------------ Kernel report ------------
10/28/2016 08:41:02
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\system32\drivers\NISx64\1608000.032\SYMEFASI64.SYS
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\NISx64\1608000.032\ccSetx64.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\system32\drivers\NISx64\1608000.032\Ironx64.SYS
\??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\System32\Drivers\NISx64\1608000.032\SRTSP64.SYS
\SystemRoot\system32\drivers\NISx64\1608000.032\SRTSPX64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\System32\Drivers\NISx64\1608000.032\SYMNETS.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.7.0.76\Definitions\IPSDefs\20161027.002\IDSvia64.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\windows\system32\drivers\cbfs3.sys
\??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.7.0.76\Definitions\BASHDefs\20161027.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\TeeDriverx64.sys
\SystemRoot\System32\drivers\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\ETDSMBus.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\RadioHIDMini.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\btath_bus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\System32\drivers\usbprint.sys
\SystemRoot\system32\DRIVERS\dot4usb.sys
\SystemRoot\system32\DRIVERS\Dot4.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\Dot4Prt.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\tunnel.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
main: v2016.10.28.07
rootkit: v2016.09.26.02

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffff8a0533a0c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffff8a0533a0cae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff8a0533a0c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffff8a05309e1920, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffff8a0531446610, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffff8a0531448060, DeviceName: \Device\00000031\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: B31AA872

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 973414617
GPT Header CurrentLba = 1 BackupLba 1953525167
GPT Header FirstUsableLba 34 LastUsableLba 1953525134
GPT Header Guid 4ed76b23-3c88-4f74-9fb9-a4d67f71cfb2
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 973414617
Backup GPT header CurrentLba = 1953525167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134
Backup GPT header Guid 4ed76b23-3c88-4f74-9fb9-a4d67f71cfb2
Backup GPT header Contains 128 partition entries starting at LBA 1953525135
Backup GPT header Partition entry size = 128

Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID db7ddbf8-4314-4489-9d60-d8eb814e45d
FirstLBA 2048 Last LBA 1023999
Attributes 1
Partition Name Basic data partition

Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID c4d2e874-42e9-430d-8a5f-3c9c401a89fd
FirstLBA 1024000 Last LBA 1638399
Attributes 0
Partition Name EFI system partition

GPT Partition 1 is bootable
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 2c791cf0-69c6-4226-828e-4e44ee9c2567
FirstLBA 1638400 Last LBA 1900543
Attributes 0
Partition Name Microsoft reserved partition

Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 68fbc44-cc6c-422e-a88e-78aec76ccdff
FirstLBA 1900544 Last LBA 1918476326
Attributes 0
Partition Name Basic data partition

Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID af12160-3617-4ed3-af6f-e5933a11785e
FirstLBA 1918478336 Last LBA 1920260095
Attributes 1
Partition Name

Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 53938bf8-be12-4d76-b95d-c6250757d35
FirstLBA 1920260097 Last LBA 1951426560
Attributes 1
Partition Name Basic data partition

Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID a53e5f4b-fa8c-4009-4173-636c65706975
FirstLBA 1951426561 Last LBA 1953523712
Attributes 1
Partition Name Basic data partition

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffff8a0536901060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffff8a0536901ae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff8a0536901060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffff8a05368fa060, DeviceName: \Device\00000050\, DriverName: \Driver\USBSTOR\
------------ End ----------
File "C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.7.0.76\QBackup\index.qbs" is sparse (flags = 32768)
File "C:\Users\Linda\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished


Here are the contents of MBAR-LOG.TXT (from the second scan):

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2016.10.28.07
rootkit: v2016.09.26.02

Windows 10 x64 NTFS
Internet Explorer 11.321.14393.0
Linda :: ZELDA [administrator]

10/28/2016 8:41:16 AM
mbar-log-2016-10-28 (08-41-16).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 353912
Time elapsed: 34 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Glad your system is better; looks like we got the malware before it had a chance to dig deep into the system.  I will consider your offer and let you know soon.  In the meantime, please run these scans to check the rest of your system ....

FIRST >>>>

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.


SECOND >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:


Click the Scan button and wait for the scan to finish.

After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don't want to remove.

Click the Clean button.

Everything checked will be deleted.

When the program has finished cleaning a report appears.

Once done it will ask to reboot, allow this


On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C#].txt

Optional:
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


LAST >>>>

Malwarebytes' Anti-Malware
Please download the latest version of Malwarebytes' Anti-Malware from Here.

Double Click on the mbam-setup.exe file to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link


Once the program has loaded and updated, select "Scan Now >>" to start the scan.


The scan may take some time to finish, so please be patient.

If any malware is found, you will be presented with a screen like the one below.


If any malware is found, make sure that everything is checked, and click Remove Selected.
When the scan is complete, click View detailed log >> to view the results.
The report screen will open.
At the bottom click on Export and select as txt file, save the file to your desktop and click OK. When the export is complete, select OPEN.
The log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.

Your logs look good and you should be fine to get on with your activities ....  I will email you this weekend to find out more about the interview.  Thank you.


We need to remove the tools we've used during the cleaning of your machine.

[/a] or here
Ensure the following is ticked:

• Remove disinfection tools
• Create registry backup
• Purge system restore

[/ul]



Then click Run. The program will run for a few moments and then notepad will open with a log.

Please paste the log in your next reply. Once you have the log file saved, please reboot your system to complete the clean up process.

Your system looks clean and your logs are fine. Unless you want something else done, you are done and free to go.

Final words from me: Surf safely, and watch when installing or letting anything add itself to your system. Remember, the best security is not on your system but in the chair in front of it. Take care and thanks for sticking with us in this rushed time.


=== options ====
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here.

Also, consider adding MalwareBytes Antimalware to your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and uBlock Origin add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online

---

I'll leave this topic open for a few days so that if you have any questions you can come back here. Surf safe, my friend!!