Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Conduit & InternetHelper 3.6 Toolbar


  • This topic is locked This topic is locked
13 replies to this topic

#1 animemonster

animemonster

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:56 PM

Posted 14 November 2013 - 04:07 PM

New Tab window on Chrome stuck with Conduit search instead of Google.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16520
Run by chris at 13:00:28 on 2013-11-14
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4092.1048 [GMT -8:00]
.
AV: AVG AntiVirus 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\SysWOW64\Rundll32.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\chris\AppData\Local\NativeMessaging\CT3315827\1_0_0_4\TBMessagingHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.msn.com
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uURLSearchHooks: <No Name>: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - LocalServer32 - <no file>
uURLSearchHooks: InternetHelper3.6 Toolbar: {94625830-343a-4df0-88c1-444d195064d0} - C:\Program Files (x86)\InternetHelper3.6\prxtbInte.dll
mURLSearchHooks: Productivity 1.13 Toolbar: {0f3385fe-265e-4f39-b1fd-e597e64b289e} - C:\Program Files (x86)\Productivity_1.13\prxtbProd.dll
mURLSearchHooks: InternetHelper3.6 Toolbar: {94625830-343a-4df0-88c1-444d195064d0} - C:\Program Files (x86)\InternetHelper3.6\prxtbInte.dll
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Productivity 1.13 Toolbar: {0f3385fe-265e-4f39-b1fd-e597e64b289e} - C:\Program Files (x86)\Productivity_1.13\prxtbProd.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - LocalServer32 - <no file>
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: InternetHelper3.6 Toolbar: {94625830-343a-4df0-88c1-444d195064d0} - C:\Program Files (x86)\InternetHelper3.6\prxtbInte.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - LocalServer32 - <no file>
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Productivity 1.13 Toolbar: {0F3385FE-265E-4F39-B1FD-E597E64B289E} - C:\Program Files (x86)\Productivity_1.13\prxtbProd.dll
TB: InternetHelper3.6 Toolbar: {94625830-343A-4DF0-88C1-444D195064D0} - C:\Program Files (x86)\InternetHelper3.6\prxtbInte.dll
TB: Productivity 1.13 Toolbar: {0f3385fe-265e-4f39-b1fd-e597e64b289e} - C:\Program Files (x86)\Productivity_1.13\prxtbProd.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: InternetHelper3.6 Toolbar: {94625830-343a-4df0-88c1-444d195064d0} - C:\Program Files (x86)\InternetHelper3.6\prxtbInte.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [TBHostSupport] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\chris\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin
uRunOnce: [SpybotDeletingB3026] command.com /c del "C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
uRunOnce: [SpybotDeletingD8358] cmd.exe /c del "C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
uRunOnce: [SpybotDeletingB7831] command.com /c del "C:\END"
uRunOnce: [SpybotDeletingD5978] cmd.exe /c del "C:\END"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRunOnce: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
mRunOnce: [SpybotDeletingA6074] command.com /c del "C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
mRunOnce: [SpybotDeletingC8306] cmd.exe /c del "C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
mRunOnce: [SpybotDeletingA3173] command.com /c del "C:\END"
mRunOnce: [SpybotDeletingC1514] cmd.exe /c del "C:\END"
dRun: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://eagent.farmersinsurance.com/PLA/eAgent/eAuto/commonActiveX/smsx.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {354D91A8-E3C9-491F-BB89-0FB27DEEED86} - hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgXTwain61.cab
DPF: {3D03AEAF-38CC-4DB5-9FA1-1C3538B1CA85} - hxxps://eagent.farmersinsurance.com/PLA/eAgent/icms/viewers/crystalreportviewers11/ActiveXControls/PrintControl.cab
DPF: {45EEDB84-57BC-4FBD-8065-7AB8E971B545} - hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgXDialog61.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} - hxxps://www.member-data.com/rdc/EZTwainX.cab
DPF: {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} - hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgX61.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {B2D168E0-5597-101D-843A-DA16297B4C87} - hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/rm2.cab
DPF: {BE8EEE38-A7C5-4674-A6C4-C2D7421FDD10} - hxxps://bie.farmersinsurance.com/prweb/PRServletLDAP1/8gYJ4DHQrCXUTefMjim_tw%5B%5B*/prvisiointerface.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP27-10832/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{D48AB512-5EC7-4292-86F5-D5F78E716F0B} : DHCPNameServer = 192.168.1.254
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - LocalServer32 - <no file>
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - LocalServer32 - <no file>
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - LocalServer32 - <no file>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=  
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dstrmsd&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0DtBtByEtCyCyE0EtB0AtBtN0D0Tzu0CyCyBzztN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1Q1B2Z1C1H1B1Q&cr=1066955091&ir=
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - LocalServer32 - <no file>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - LocalServer32 - <no file>
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
x64-Run: [SysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - LocalServer32 - <no file>
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - LocalServer32 - <no file>
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - LocalServer32 - <no file>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-9-2 192824]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-9-2 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-8-20 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-8 31544]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-9-25 148792]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-9-2 241464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-9-2 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};C:\Program Files (x86)\HP\QuickPlay\000.fcl [2008-7-28 27632]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\AESTSr64.exe [2008-10-20 89088]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-10-3 3538480]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-25 301152]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2008-3-18 23040]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Windows\SMINST\BLService.exe [2008-7-28 361808]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-3 1153368]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2013-10-30 2099000]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2008-11-11 24652]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-1-24 60928]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2008-7-8 140888]
R3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;C:\Windows\System32\drivers\NETw5v64.sys [2008-10-20 4730368]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2013-9-18 14112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-7-28 193840]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2012-5-8 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 iscFlash;iscFlash;C:\Program Files (x86)\sp43867\iscflashx64.sys [2008-8-5 24568]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-7-20 1022632]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-6-12 89920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
SUnknown BackupStack;BackupStack; [x]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-11-13 23:23:54 82896128 ----a-w- C:\Windows\System32\mrt.exe
2013-10-30 10:27:10 40248 ----a-w- C:\Windows\System32\TURegOpt.exe
2013-10-30 10:27:00 42808 ----a-w- C:\Windows\System32\uxtuneup.dll
2013-10-30 10:27:00 35640 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
2013-10-30 10:27:00 29496 ----a-w- C:\Windows\System32\authuitu.dll
2013-10-30 10:27:00 25400 ----a-w- C:\Windows\SysWow64\authuitu.dll
2013-10-13 15:58:41 17847296 ----a-w- C:\Windows\System32\mshtml.dll
2013-10-13 15:09:57 10926080 ----a-w- C:\Windows\System32\ieframe.dll
2013-10-13 14:55:42 2334720 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-13 14:48:43 1346560 ----a-w- C:\Windows\System32\urlmon.dll
2013-10-13 14:47:43 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-10-13 14:46:53 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-10-13 14:46:27 237056 ----a-w- C:\Windows\System32\url.dll
2013-10-13 14:44:28 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2013-10-13 14:42:38 816640 ----a-w- C:\Windows\System32\jscript.dll
2013-10-13 14:42:36 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-10-13 14:42:11 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-10-13 14:39:50 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2013-10-13 14:38:57 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2013-10-13 14:36:11 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2013-10-13 14:35:12 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-13 14:29:31 248320 ----a-w- C:\Windows\System32\ieui.dll
2013-10-13 10:42:12 12344832 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-10-13 10:08:04 9739264 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-10-13 09:48:06 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-13 09:37:03 1104896 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-10-13 09:35:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-10-13 09:35:38 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-13 09:33:57 231936 ----a-w- C:\Windows\SysWow64\url.dll
2013-10-13 09:32:00 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-10-13 09:30:20 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-10-13 09:30:14 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-10-13 09:29:02 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-10-13 09:27:43 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-10-13 09:27:40 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-10-13 09:26:08 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-10-13 09:25:39 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-13 09:20:51 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-10-11 04:23:42 462848 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-11 04:23:21 781824 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-11 02:07:57 596480 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-09 00:03:59 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 00:03:59 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-03 15:03:41 389632 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 15:02:58 1278976 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-03 12:46:36 304128 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-10-03 12:45:45 993792 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-09-26 05:07:30 148792 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2013-09-09 06:11:42 31544 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-09-04 02:31:51 404992 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-03 21:35:10 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-09-02 18:59:14 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-09-02 18:29:18 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-09-02 18:26:50 192824 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-09-02 18:26:42 241464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-08-29 07:48:37 2775552 ----a-w- C:\Windows\System32\win32k.sys
2013-08-27 03:39:20 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-08-27 03:39:20 287232 ----a-w- C:\Windows\System32\d3d10core.dll
2013-08-27 03:39:20 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-08-27 03:39:20 1268224 ----a-w- C:\Windows\System32\d3d10.dll
2013-08-27 02:47:50 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-08-27 02:47:50 189952 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-08-27 02:47:50 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-08-27 02:47:50 1029120 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-08-27 02:32:30 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-08-27 02:30:51 566272 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-08-27 02:06:03 834048 ----a-w- C:\Windows\System32\d2d1.dll
2013-08-27 02:00:46 1556480 ----a-w- C:\Windows\System32\DWrite.dll
2013-08-27 02:00:46 1149952 ----a-w- C:\Windows\System32\FntCache.dll
2013-08-27 01:52:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-08-27 01:50:40 486400 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-08-27 01:32:20 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-08-27 01:28:36 1069056 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-08-21 06:53:58 123704 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
.
============= FINISH: 13:01:25.76 ===============
 


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:56 AM

Posted 15 November 2013 - 01:27 AM


Hello animemonster

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 animemonster

animemonster
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:56 PM

Posted 15 November 2013 - 08:07 AM

Thank you, Gringo!
 
# AdwCleaner v3.012 - Report created 15/11/2013 at 03:01:00
# Updated 11/11/2013 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : chris - CHRIS-PC
# Running from : C:\Users\chris\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : BackupStack
Service Deleted : Viewpoint Manager Service
 
***** [ Files / Folders ] *****
 
[!] Folder Deleted : C:\ProgramData\Conduit
[!] Folder Deleted : C:\ProgramData\DnsBasic
[!] Folder Deleted : C:\ProgramData\PC Optimizer Pro
[!] Folder Deleted : C:\ProgramData\Viewpoint
[!] Folder Deleted : C:\ProgramData\WeCareReminder
[!] Folder Deleted : C:\Program Files (x86)\Conduit
[!] Folder Deleted : C:\Program Files (x86)\DnsBasic
[!] Folder Deleted : C:\Program Files (x86)\NCH Software
[!] Folder Deleted : C:\Program Files (x86)\PC Health Kit
[!] Folder Deleted : C:\Program Files (x86)\Searchprotect
[!] Folder Deleted : C:\Program Files (x86)\Viewpoint
[!] Folder Deleted : C:\Program Files (x86)\Webfetti_52
[!] Folder Deleted : C:\Program Files (x86)\InternetHelper3.6
[!] Folder Deleted : C:\Program Files (x86)\Productivity_1.13
[!] Folder Deleted : C:\Users\chris\AppData\Local\apn
[!] Folder Deleted : C:\Users\chris\AppData\Local\Supreme Savings
[!] Folder Deleted : C:\Users\chris\AppData\Local\Temp\AirInstaller
[!] Folder Deleted : C:\Users\chris\AppData\LocalLow\BabylonToolbar
[!] Folder Deleted : C:\Users\chris\AppData\LocalLow\Conduit
[!] Folder Deleted : C:\Users\chris\AppData\LocalLow\FunWebProducts
[!] Folder Deleted : C:\Users\chris\AppData\LocalLow\Kiwee Toolbar
[!] Folder Deleted : C:\Users\chris\AppData\LocalLow\MyWebSearch
[!] Folder Deleted : C:\Users\chris\AppData\LocalLow\PriceGong
[!] Folder Deleted : C:\Users\chris\AppData\LocalLow\Webfetti_52
[!] Folder Deleted : C:\Users\chris\AppData\LocalLow\InternetHelper3.6
[!] Folder Deleted : C:\Users\chris\AppData\LocalLow\Productivity_1.13
[!] Folder Deleted : C:\Users\chris\AppData\Roaming\AGI
[!] Folder Deleted : C:\Users\chris\AppData\Roaming\DefaultTab
[!] Folder Deleted : C:\Users\chris\AppData\Roaming\NCH Software
[!] Folder Deleted : C:\Users\chris\AppData\Roaming\PC Health Kit
[!] Folder Deleted : C:\Users\chris\AppData\Roaming\UpdaterEX
[!] Folder Deleted : C:\Users\chris\Documents\PC Health Kit
[!] Folder Deleted : C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem
[!] Folder Deleted : C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff
[!] Folder Deleted : C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp
[!] Folder Deleted : C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp
[!] Folder Deleted : C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp
[!] Folder Deleted : C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp
[!] Folder Deleted : C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeedhehdfjahfpjhaedmaohbfcdkoolg
[!] Folder Deleted : C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeedhehdfjahfpjhaedmaohbfcdkoolg
[!] Folder Deleted : C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki
[!] Folder Deleted : C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki
File Deleted : C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerTrust\UnifiedToolbar.cfg
File Deleted : C:\Users\chris\AppData\Local\mysearchdial-speeddial.crx
File Deleted : C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\Tasks\UpdaterEX.job
File Deleted : C:\Windows\System32\Tasks\UpdaterEX
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bcjagnifjocnddgeknajocbkkhlgibem
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\heoldelcflnigdllmlopiefhkkobendj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKCU\Software\Google\Chrome\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp
Key Deleted : HKCU\Software\Google\Chrome\Extensions\jeedhehdfjahfpjhaedmaohbfcdkoolg
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jeedhehdfjahfpjhaedmaohbfcdkoolg
Key Deleted : HKCU\Software\Google\Chrome\Extensions\neebgdeaohaofdhldpobdpfocdonmgki
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\neebgdeaohaofdhldpobdpfocdonmgki
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduitapps.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\contenthandler.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\contenthandler.contentselection
Key Deleted : HKLM\SOFTWARE\Classes\contenthandler.contentselection.1
Key Deleted : HKLM\SOFTWARE\Classes\InstallerControl.InstallerObject
Key Deleted : HKLM\SOFTWARE\Classes\InstallerControl.InstallerObject.1
Key Deleted : HKLM\SOFTWARE\Classes\KiweeIEToolbar.KiweeToolbar
Key Deleted : HKLM\SOFTWARE\Classes\KiweeIEToolbar.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\KiweeIEToolbar.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2905155
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3315827
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A5461FCA-320C-4D6F-A150-A53823CE8142}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E15D3C4-C6FC-4F02-B130-77CC5B1F09DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E6375F37-E4D1-4F51-B651-4658C27AC5BF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94625830-343A-4DF0-88C1-444D195064D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C66B4F5-6D6C-4A1A-9466-EFE6E4077A3A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F3385FE-265E-4F39-B1FD-E597E64B289E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D906FD4-7A01-490D-BC63-A187E0521AFB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E16A203-C0AA-4D44-ACC5-38A70A8C76DA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5663B370-F3C3-40D1-9C46-0E800AA4D0E8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94625830-343A-4DF0-88C1-444D195064D0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F3385FE-265E-4F39-B1FD-E597E64B289E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{94625830-343A-4DF0-88C1-444D195064D0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F3385FE-265E-4F39-B1FD-E597E64B289E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D906FD4-7A01-490D-BC63-A187E0521AFB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{94625830-343A-4DF0-88C1-444D195064D0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F3385FE-265E-4F39-B1FD-E597E64B289E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6E15D3C4-C6FC-4F02-B130-77CC5B1F09DB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4C66B4F5-6D6C-4A1A-9466-EFE6E4077A3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7D906FD4-7A01-490D-BC63-A187E0521AFB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A0B80B-5BA7-4CB0-9553-105D68777D60}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C6000B4A-C9BB-4287-B920-BA0DEB9AEB57}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{589EB348-446C-441B-B2AD-E5BB18C159D0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8A6F9019-8C7F-443E-9A77-45C6720DB19E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E16A3F01-1108-4D5A-9D8C-F634EFBF7089}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D499FF20-FC53-4EF0-A2A8-B30D8276CBCC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{94625830-343A-4DF0-88C1-444D195064D0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0F3385FE-265E-4F39-B1FD-E597E64B289E}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D499FF20-FC53-4EF0-A2A8-B30D8276CBCC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{94625830-343A-4DF0-88C1-444D195064D0}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0F3385FE-265E-4F39-B1FD-E597E64B289E}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0BC6E3FA-78EF-4886-842C-5A1258C4455A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{94625830-343A-4DF0-88C1-444D195064D0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{94625830-343A-4DF0-88C1-444D195064D0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0F3385FE-265E-4F39-B1FD-E597E64B289E}]
Key Deleted : HKCU\Software\AGI
Key Deleted : HKCU\Software\Binary Noise\mPlayer\kiwee_toolbar_installer.exe
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\InternetHelper3.6
Key Deleted : HKCU\Software\AppDataLow\Software\Productivity_1.13
Key Deleted : HKLM\Software\AGI
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\DnsBasic
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Supreme Savings
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\Software\InternetHelper3.6
Key Deleted : HKLM\Software\Productivity_1.13
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DnsBasic
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Productivity_1.13 Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DnsBasic
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DomaIQ Uninstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Productivity_1.13 Toolbar
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16520
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v31.0.1650.57
 
[ File : C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [19668 octets] - [15/11/2013 03:00:03]
AdwCleaner[S0].txt - [17573 octets] - [15/11/2013 03:01:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17634 octets] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows ™ Vista Home Premium x64
Ran by chris on Fri 11/15/2013 at  4:56:40.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?
 
    Value Name          Type                             Value Data                     
========================================================================================
    TBHostSupport    REG_SZ    "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\chris\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin
 
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1DD19FB9-B106-4258-A274-59C1C42BE580}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7E655DA2-8ABD-141A-1AC0-68202078D255}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{80F9CE9F-1811-48D0-AB07-45BF1DBB1FF0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8548F34C-3305-470E-A035-6629D40BCD02}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{993f1df9-4ef3-450c-bf9c-f312f7be85d0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C0042B07-DEB7-4DCD-8806-A198F803A6FE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F799C188-332D-4973-B193-8F8197E73F0A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{993f1df9-4ef3-450c-bf9c-f312f7be85d0}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\Users\chris\AppData\Roaming\w3i, llc"
Successfully deleted: [Folder] "C:\Users\chris\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{00170D81-63FD-4B57-B28D-63502C0EE0D7}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{00BE9F37-D848-469E-9B63-2181FE0781A2}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{00C1E9DE-BDF9-4DE2-B191-42984D1E2F28}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{017ED10F-ACDF-4230-BD14-DAA1228FDE14}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{02659CBA-AA0B-4EA7-8134-C342C2F3A58E}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{03723A5C-4D4B-4B06-892F-098A4C40F786}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{03890BB2-D854-48E0-A440-1F52930DFB5D}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{03896465-6B50-48E8-93E1-787DDD72D5B0}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{03AB92D5-C306-41AC-AB5F-EADFF27E8C7E}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{0431C96B-9913-44C5-9236-387D161F56EF}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{0518857E-6DBE-4D62-B854-590DB54EE543}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{05194A8F-1688-4316-A329-D2794BFFFBC1}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{051CC09D-1663-4676-941E-80C201104C12}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{064F2EC3-FC93-44B6-9D0A-608C26206ADF}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{068E3E8C-1D74-4DA6-B39E-656576820700}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{069C6C2A-D508-48A0-B21D-07072EAEF908}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{0715F1E0-7CE0-48A5-9201-41556D22992A}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{07992516-0F3A-4D95-8FE2-8EC83FF45770}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{0805FC29-44C4-4BD1-B919-4CA7D415F2A6}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{08D7C4E0-E912-46F4-ADBC-6467F08DDA38}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{08E8B889-8C2C-4239-8328-732075D52FC6}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{09135F3E-92CB-40C8-8AC8-EA01F870124C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{0984F754-1010-41F4-A31C-7C1ACFCD843C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{09A81840-1BB6-4B21-8D97-E5743C4ED35E}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{09D48673-B908-46DD-80A2-D3AD0AF0A2E4}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{0A79CC3B-181D-4DCE-A8FF-F772ABBE9F19}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{0A8DCAAD-B406-425A-997E-CD533E9A021B}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{0B5A7CE1-C17A-4BAD-B038-DC86CE2F0BA5}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{0B5B50CE-C526-4AC7-AB9B-4C7F756A5036}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{0BE85694-8795-4355-ABF7-9A12EF217C06}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{0C06B049-0222-466C-A9E6-FC62173C59D4}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{0C1D6858-FD21-4A08-9E61-FC4CE491600E}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{0C26A0AE-4B80-462F-9B4C-9276CFDB0252}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{0CFFC49A-45F9-4EAA-BE3E-0CA3222A99B4}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{0D003931-6C36-427F-9A73-08E5CA511673}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{0DF1E62D-1C48-4B62-92DC-73C6FD4CB4CA}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{0E1BD602-B2C9-435B-9B44-986EC6FB1241}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{0E598CB9-8B5C-4115-81FD-AC85360CE333}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{0F4559FA-031C-4295-ADBD-2F6948D42541}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{0F8F3B49-B513-4051-B3AE-18F1B79D102F}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{103DA30C-EBD7-448D-9314-EC80483C466A}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{10FD8452-E8D4-487B-8038-0B92F086CEBB}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{110BF462-13EC-4D03-A938-A976BCA37FED}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{119ABF57-4E95-44D1-BED4-14AC07057FDB}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{12688DCE-BFDC-4C33-A2A6-16B220A68585}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{1333CE13-FE92-4B87-839A-9F7D222B26AF}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{1360F493-44FF-40A9-8C79-36FBEEAECFB2}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{138283D8-D150-4B43-9708-727D3C28D0F3}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{13AE1350-39A4-43A8-A65D-796BFB7EAA31}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{13B1A70B-4789-4C64-B1BE-5FA7BAE33873}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{151E96A3-4A0F-4097-B621-6DAFBABFABA8}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{15281E76-472C-402F-A965-782770F035FB}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{152AEE84-EC26-4B88-8984-0CCA4E939015}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{15BE6716-B524-421D-A0E5-68FF7E94AA67}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{15F8636B-41D1-4FB7-B68C-2E633D1E84AB}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{16061674-E3ED-4605-A1C4-052FF70B7B1C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{161C2F4B-E8DF-47E6-8BC6-C8D7C495F723}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{161F935A-4DC9-450D-9AC6-4F4CEE18A24E}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{16479A11-B5C9-4FBD-B8E4-E2994181A305}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{16679373-27BB-4C8C-B245-C3A0BA2B4BF7}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{172388DF-FE61-4D7C-B285-9DA1AC16FE83}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{17935D25-7237-491F-8BAD-B62F3189556B}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{17B1960B-99B4-43D4-B4AC-CE3E50178A36}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{17BF10E9-33E5-4183-A81C-942D1435D63C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{17E1966D-FA4D-41CE-90C0-4C9C57B2A6D4}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{17E6540B-1BBC-4949-9051-137BD9484729}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{183AC7B2-27D8-4E25-8753-1498CA58B47D}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{18ACCAB1-C177-4E57-A8FB-E9334C0F1E18}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{1A26F5FE-0DD5-4BA2-8602-EE4C51AC3503}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{1AEF984E-D9E3-496B-B55D-884DE70D706A}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{1B4D1E7A-741E-4EB2-AE36-4B8C57391514}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{1B50BAB5-B2FD-46DD-B824-ABC806340295}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{1B610519-7F45-45E1-815D-64275ED52DD3}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{1B92887C-5781-44FC-8430-E02A3B7AA917}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{1CCCEB8D-589B-4AC6-B0BD-3FB6A19BC330}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{1D335714-DC35-475D-962E-619226E109D5}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{1E1EF575-3F6C-4B03-A44F-1AAEC6AD1CE8}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{1E9FD72F-94A1-454C-A528-3AE6B3C2DBA3}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{1EDD7528-CB03-4A64-943D-76FA8A569935}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{1F35FCD1-C376-4059-8B5C-236CD90B56B1}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{1F5B8B24-299D-4A0C-8FF1-0034A336B7EB}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{1F9B7DA2-E195-40DB-9498-550A3BCBE64E}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{1FB7CA09-8ACE-46BA-A9DF-0FB67271A203}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{201FA740-EBD2-440C-9B30-1F09EDA40086}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{20E814E0-17AA-4B2C-A2D5-4BF234D7292B}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{217FD40B-F46E-42CC-9085-AFCA031A4D2F}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{21AE3CD2-B195-4A7D-8907-A59BBA68107E}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{21E0B648-915C-4B86-B410-6B773413F981}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{2231ABCF-524E-45DC-AC26-EF947354A72E}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{22D583C2-D30E-4208-80D4-73F19C8989C9}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{22F964D8-B910-4BAE-9A31-DDE6D02D9224}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{23595B91-6CFB-490B-A7CC-2D34E86BBD4E}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{237067A1-2E49-4FAB-AD66-D5DD3FB0FA15}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{241676AE-E73E-4560-8461-BCA976C0FA12}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{242795FB-2B85-42B8-B6CF-3742E5B1005A}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{2445EEF2-78BE-411B-9186-6B0018747FE9}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{24F2FA56-A960-43D1-8CBF-19CCDC344EBA}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{25806B02-3D24-4D78-8F75-DB885EBDBDE7}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{26082460-4A3F-4358-B78C-48FC82FD462C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{26816FED-AE93-4ED6-B09A-0CE968A26927}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{269ABB49-4BC3-46A0-B45D-DDC24AEC08B3}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{26F994B1-7716-4645-91D1-3308E866A97A}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{27602330-4F3B-45D5-A1EB-33AAEA681AB1}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{279B3EB6-1766-4AB5-9E7C-70991D3029EF}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{27DF2D0C-8A8E-49EF-9704-6E754C477DD0}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{285998C5-BEF0-479E-807B-7A1A0C1151E2}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{28876BDF-85AA-440A-9C7F-8D0365EFFD80}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{296B962C-B60C-452E-B36E-94944EC3F791}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{299D9A08-274C-46C7-8F2E-DA32074C4C98}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{2A187D22-1E38-411C-ABF7-5477642922A2}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{2A5BB355-2C4C-46CD-8929-5BF884B5D48C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{2A82D587-A99D-4E09-A521-0FA12774F029}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{2AC64E98-A5AD-4293-AD69-4AB4AA4CA2CB}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{2AC809EF-F4BE-4FAB-B284-7D64AEFBD877}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{2ACCC0BA-AB04-4C13-B023-535C38F3BB16}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{2B3A6431-24DF-4BC2-9A8D-4F817F561E48}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{2BBD1CD8-E8EB-4EEC-B9E8-F2B471384B69}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{2C33B9F9-E55F-4B10-A8DB-09B0F2227685}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{2CADC1BD-A216-40F2-868B-1D500448400E}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{2DC3EA7A-E143-4B4A-8BE5-A9EC31109B7A}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{2E11F25A-1660-46BF-BC24-F8167A1227A1}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{2E6FD722-435D-4541-88E1-75724CBA6D11}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{2E94C365-4A8D-4691-811A-0DA6B3BF343A}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{2EC74543-3EAF-40B6-B2E4-2A7CC329220F}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{2ED05949-F26C-4FEE-AB35-D7334BDC28D4}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{2ED84D2E-8089-4951-A9F8-A40F7F6CD6DD}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{2F49F687-7AF6-44BC-9760-6295409D3FE5}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{30737061-751C-47DB-90FF-B38DC13004A8}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{30A8B78E-3EC7-4655-A700-23444A4922FC}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{318B659C-F55E-4CC7-BA25-62E56175A70C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{31A2D6C1-0DAA-45AD-AA9B-2C6D9823EBBF}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{31CBF90B-DB79-4ACA-98C9-97FD6C917443}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{31F694AA-85A1-4EBC-82A1-8F2B2B95D68B}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{32783E62-B3BE-4F78-A8DF-E28E8F199B3D}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{3302A283-C460-48E0-A303-9DF6CB21FAB6}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{34ADBCC7-57D4-40A9-99DD-B32E6729CE77}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{3711F2F3-6287-430F-94F3-E7FECA78AD3E}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{3729AA02-0843-4DB3-AFD1-267ECE7591F0}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{37E9F120-A049-4688-9930-45E347F6F829}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{3800804E-9DAE-4029-B21E-7FF29BF48850}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{38026593-B0B3-4F0D-B4B4-7C6D4FA7FA61}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{39123079-2A81-4168-B952-AAAF2730DC97}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{3A21C22D-6524-4D70-A142-91EACA80AB58}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{3A498D7C-851A-412A-941C-C132B9CCCDE2}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{3A5735A5-CDB8-4D28-95D8-DDC8EB204B15}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{3AAF84CE-B8E7-4816-A960-F9948A4C8A1F}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{3B1A75A6-F7B3-4693-8138-840E0BE1F3B2}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{3B9B8AC9-AE28-40BB-BFC3-5DE89AD6FC40}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{3BDA5083-34EC-4000-BEB2-1DF1361A31BE}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{3C054A87-92CC-46BE-801C-E36BDAFD9834}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{3C0E5AB0-447C-487B-8931-344B9687F590}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{3CFA4BB6-4C52-446D-A209-1C49B858DECA}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{3E0D0C84-DE21-4042-B007-1C728D62CF10}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{3E77D48B-D15C-4DB4-B8CC-882DE3DA1F0F}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{3E9E7656-9880-418F-B0A5-6D15C49C1C80}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{3EE5812F-83AB-4400-ACF9-1BC56ECF82A8}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{4010E58E-5245-4B64-9001-1AABCD4F5B6C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{405B5DA7-7FAA-40F2-8685-052DD67373F5}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{4084065D-C3F3-4BBA-876A-2FF93B3E70A8}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{409D4026-7C78-4AA3-931E-365CE41F110D}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{40AB85D2-937A-4A5D-A696-E42586EB9DFC}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{40BB9D78-4992-49B1-A1E6-7FB17843E755}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{41A3DB34-740E-4DD3-852F-760D04DF25CA}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{41E99D54-5A56-4105-9EFD-F4611F4CD4E1}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{423C0FC3-5573-48B1-9AC0-F6D85F631A70}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{42A37B2D-3A44-4568-9B77-8294DEF1A252}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{42D69865-2FE2-4B6E-AE34-515692790B3A}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{433D3CE8-FD4D-4903-82CE-575AF29764BA}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{44AD8D71-263E-4106-BA43-FC47C811BC59}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{44B5286D-7E4F-4243-9E38-4E22D518991E}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{44C3A4FA-FF70-4893-83F9-895B87D99657}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{44EB3C14-8716-4076-B5BF-C4F67D5F0F00}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{45D9C808-F189-41BB-A07B-6F674F74955B}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{45F2A592-73BD-4922-B5E6-B86DF8C7706B}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{4626055B-D73D-481B-B6EA-37380AE3E7B7}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{46CAF791-0961-416D-B57D-81B9A4C6ECF5}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{46E40AD7-4483-41E6-A3A0-50833E067B24}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{474B8144-1380-4481-A94A-F8F7F2A15B0F}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{485D294B-669C-4471-899E-6C4BC1F4B944}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{489B98B9-14FA-4E00-96F7-149EB62D0C19}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{48CFDD6E-F814-4048-8A5F-067B0D458032}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{491601D4-DDDD-435B-BD97-4B2D42F2E5F2}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{498DEBF6-8AF5-4AC2-94C6-7164C2366A03}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{49B12EBA-8AE3-4095-8872-7A217A59E190}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{4A1F9BAB-AE26-456A-865D-ECB6F6F57A1F}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{4A8E25E8-7598-4941-95FB-8B6DB17C3CD9}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{4B6B6F32-A4FC-4AAF-98CD-15951F718F00}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{4B939542-48AE-41D6-AEF2-2BA66CE257D6}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{4B9DF297-430B-42E2-8FD0-AE064A47C8D0}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{4BB13328-BDA9-4DD7-BB47-65DDD4A01912}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{4BE3D81D-1CD6-4CD5-9203-B1C214EAE0FD}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{4C237BAD-D110-4E70-A716-523F71B991B5}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{4D6900E3-8830-4770-BF08-84E619677113}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{4DCABAC8-67A4-4D31-B4A3-F6F3480B0035}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{4E211E32-57DC-4A7C-8D02-58D39ABE5E70}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{4E43410C-38EF-40B0-A8AA-D17E7FF52FC1}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{4F7427F2-FD32-4CCB-A50D-3550586BC854}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{4FED13FA-5263-4F08-A9A7-A60B89D79876}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{50215C5E-DB3D-4AB8-8F75-8F0F902E5E6D}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{51236E2E-57B7-40C7-B8B8-43C8B781B8AB}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{5308247C-484E-49DD-B31A-20D61D7483EC}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{533F4396-532B-4A37-8D1B-BCC64869DCD7}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{53677AC4-42CD-4BAC-88EC-13723F4E620F}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{53820048-75C1-45AB-8447-AE235AE0AEE3}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{539C7295-751A-40F4-B233-1D6D927FB7E2}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{53A2E812-7D33-42AE-8044-B2E86A83D8FF}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{550BEF76-05BC-46DE-8A71-93C0FE19AD42}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{552047DE-A523-4DE1-9389-74644CAA7F46}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{564F0426-AC70-4589-B194-0B11818F5FC4}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{57821CD5-308E-48EF-9C22-9BADC24518E6}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{57EA5FA9-181A-47E8-96AC-1609ECC334BC}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{57F7229D-1C1E-4354-AE59-7FFF647B6CF2}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{58A3DF99-E97A-4623-8434-C9207A25A8D4}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{58CE1D79-073D-41C4-833F-B4E60B68A57C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{58EB2047-D348-4024-ABD3-9BD13B2CF38A}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{58EDD28B-75DC-49BA-85DA-1AA97BD7A3CB}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{58F85BA5-B427-4563-9D37-A8487D068CB1}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{591CCA8D-47DD-4CB8-AE04-56543363D4F2}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{595D06F1-ED0A-4552-8B3D-14FF98B723A3}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{59DA0D80-9BFA-4CF2-A32F-4F53E0AED98A}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{59DB102C-4A1C-49BA-8657-AC72B81852FE}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{5A42B606-E889-43CB-894E-AA4325882A7C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{5A6A2FDF-C524-4321-88AB-047C8D34CE6F}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{5B15110B-B538-46C7-B521-9BD953851CB5}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{5B9F54E4-F4C6-45C1-A257-A8A76FF0333D}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{5C731D64-95E9-49E9-AD7E-B812D24F8861}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{5D0BEC88-643D-4CE4-B45B-0F089D094EC0}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{5E47660B-BF86-48E6-A121-84806BBB140C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{5E61BE4C-3671-4BC1-BB5F-24ADC77E30F1}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{5E956361-6E69-4AD0-B8D7-27F4606BC3BD}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{5EABDA2C-B7A8-47CA-AA08-161CEF3623B7}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{5EF42BF6-FE40-4DE1-A10F-ACA2FA1CC144}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{5F242615-156E-414F-B5AB-2697CDB01DAB}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{5F49E536-40DC-4FD6-AC27-FB33A52B9BB5}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{5FC5710C-B628-45AA-989E-450BD49EDEF8}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{601690AD-2D83-41D5-B3A9-284015F451C0}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{6076E2D4-0858-4788-8D61-30C0A1B57F3B}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{60CF38A8-6193-4B49-8C7B-10A818DCDAEF}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{611F1D37-58D3-4F28-B02F-7D58D85690A8}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{61B879E8-20FA-4F94-B533-207258D79ADE}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{61F0EC58-7801-4B4E-A4DB-6D45DC9EAF65}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{62006D74-A540-49DA-AB51-DADB4E659D16}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{62073068-491E-4EDA-8ABB-5C335832550B}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{620C4863-7EE5-4683-AE97-182B95DA0D03}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{6279ABCE-5F04-46F2-8B2C-777DE6D073B0}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{629A495D-39DF-4E66-A80C-525CEDA4809D}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{63C17677-5441-4855-907A-90D9E100B67A}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{643EE6A7-2760-4B54-BF1A-21A2B0E0C62B}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{646C6D86-B2C2-4F77-A6D3-32CDFBBEBE00}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{64813229-DF03-4D7F-AF36-6B18FB20C7AB}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{648260DF-E2A5-4DFA-A15B-D77B138706DA}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{64E3D985-6DD9-4B56-9A58-035A6BC0EC82}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{650E6885-63CC-4556-8F21-33C57E2340DB}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{6568C967-AEA0-42DA-A12B-79D54494CC67}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{65A6F065-47D3-4C77-91DA-B02CFB3B5155}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{65FD767A-97DA-405E-957E-F046C649B264}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{66154268-F1F6-4099-B101-E7B196B4938E}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{66356ABE-398F-48BF-974C-6CC9049317A4}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{66FC5331-EEDB-458E-9197-79AFD6B644A6}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{67361BBB-AD10-4AF4-8F48-8DB036A2E49E}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{67D67ADF-33B6-412A-8D98-4382ADED5F4D}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{67F78BAE-57F5-4695-AA19-3693DEA7BC29}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{67FBE6F6-A918-441E-B3C8-8CF91A000D87}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{68A6AC6B-3835-4499-AFCC-1DB5F6052097}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{68B0B48D-154B-407E-BE93-9B675E67A496}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{69DCB675-4360-4486-ABEA-05E2441A12B8}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{6ABD675E-D4E9-46BC-A957-0632E5F3C14C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{6AE6C045-B412-41AD-A829-E6EF7432B574}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{6B02B263-3B3B-4C8C-812F-C2CFDB24D171}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{6B089A66-E8E6-4738-ADB4-72C646931B96}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{6BB5DD17-DE64-49A8-80F9-D308ABB0A472}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{6C3714EF-81A7-4A4B-99EE-E67764836575}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{6C59D04D-219A-446B-8EED-62EE8B9A1761}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{6D1378B2-463C-45A8-84A5-9FAC94ABC150}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{6D93B807-42BB-40E3-8291-CB21541927CA}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{6DCD1EF4-9331-4176-B35D-E8FCBC7712F0}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{6DEBA9D9-7C55-43D8-BDFA-93B136F1CDB9}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{6E1FE342-934E-45DB-A066-A2161ED78089}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{6E37A782-06A3-4E14-82C5-D89384B749EF}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{6EB721E3-150C-4E4D-ADAC-5092CC651EDC}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{6ECE76F3-2515-4DB4-8275-D0C36D4341FA}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{6EF0E5A6-7251-4F90-9601-4A8544091C01}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{6F66D1BA-ED5A-4F01-BA7F-159024B74DCC}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{6F835C70-61F7-4781-9D3A-FB2C5C8259BD}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{7075C18D-85C5-45A4-8FB6-D4DCCCF69D2D}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{718FF2BD-238B-43BD-8976-09A27FF6D6C1}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{71B7CFE5-AFDB-4DB1-AB3F-9532D97DAF0D}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{720B8467-DAC2-4C57-9CF1-4818B24F66F7}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{720D8F05-E51E-4AF6-B7F7-58650670E32C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{73487C23-D0F4-4BA4-96CA-4DC1124A5B2B}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{749631CB-D564-41E1-B7BA-708064D5F58B}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{74E3C6C1-AF3A-47BB-A290-098EEEF9FB42}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{74EB4366-0188-4245-AC72-7555E1D111C6}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{75058B89-1DA6-4B9F-9E7C-5CD09FAEF090}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{761B5C4C-1A2F-4841-81C8-5DEAC134C413}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{764DFB65-E2A7-4D76-A2A6-BC066EAEEE02}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{768AF1B4-6A40-46FA-8279-882CFB70626E}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{77606C78-9B69-46E5-8B16-B2A6D6B956BD}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{779B3955-1AD2-4E55-B903-BC6A8BF91A8D}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{77BD6AA2-1F58-4A75-A3D2-246DEC62953A}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{7897198F-2E92-4AE6-AAD2-7D0A583251C1}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{78E76C56-5CFC-49FB-90D9-24E672F2F7BD}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{792A05F0-D56B-404B-B57B-949173C61D3F}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{79EF5D8D-79BB-49B0-BB73-EBF7A092588C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{7A58DF21-A295-4591-86CC-9E53DAD3116C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{7B554F3D-7D47-44BA-8E96-77EADEC26969}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{7B784192-32D6-4F1A-9F2B-74438A1D8DA5}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{7C86FDF6-5DC5-43E5-A8DE-C25B333CC1C5}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{7D977761-F203-4C10-B0A7-3BA0A9359B58}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{7DB16D89-3C82-4E39-A791-4ABE0BF882FE}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{7E36F44B-F6CA-4F89-8B90-25621DFCF976}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{7E4108C4-8B64-440B-B8D8-A808EBF37A33}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{7E6DEBD1-4649-4762-A667-DA9937630378}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{7E7E3261-E274-4E0C-B50B-289289C927AC}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{7F7626F2-D6C0-4181-94EF-9C8BADA1DD2C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{7F9DAC75-4E3F-43DF-8BB8-7C23CD815C04}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{807DEECA-06B9-49E4-BC8E-FB9894E3A287}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{80AAD2AF-9A14-4DD8-B7C2-9D44D8A97526}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{80BE6D2A-9FE8-4798-B59E-951874F2FF0B}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{816B5805-8D5D-44E6-97DE-2D3FB2BEFE18}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{823FF218-7B21-4EE2-B5C1-30C7ACCF85BA}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{82B8FF8B-7A28-4C84-9FFD-5B7E7FAF1C5D}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{83695019-4C7D-4DB8-8523-FA54A81F7340}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{84204D5A-B5AE-4E6D-8842-706C4B1A244D}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{84B565F2-3F2D-46B3-A19B-2B3FBF2DCD4A}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{85E1E48B-6D2C-4870-9F27-1BBC9E8175F1}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{86D1FA74-526D-4969-9AC0-A8E44F88B906}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{87858AE2-63C6-43CF-B468-A9EAB7D60ED9}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{878EBEE3-875F-4C61-9B25-931FB6B439BB}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{87D8FEA7-E5C2-43AC-A1A8-B67FBB211535}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{889B5076-2226-4C1B-9AD9-6E593D941DFD}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{8A1AC35E-C0D5-44B7-B467-FBEBE6814E9D}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{8A297F09-AB2E-4CA0-AB7A-A336D5E3BBBB}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{8BE672AC-EEEA-477F-A61C-9CE65F5CA275}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{8CA965F6-A685-4F0B-9A9B-4CBE67690360}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{8D9B455A-474C-418B-BB62-8630C1F3A6D8}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{8DF235B1-50B1-4CC9-AB62-CE2C4C61D84D}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{8E666966-1357-4534-8E02-536EB8BCFD6D}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{8F390745-9583-49B7-BD06-00AE1AD19B8E}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{8FA182FE-FE67-4FC8-95B3-37AA960599CD}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{909CAE9A-0FE2-4F53-BA89-4AC64D297DD3}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{90EC14C4-1E9C-45CD-A466-60E0A97C4B21}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{916C99E1-A2AA-44D5-8DD7-96BDF14FB4A4}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{91D8E1F3-A0F7-4C15-BA64-722DD201B864}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{92C95970-8661-4240-8D13-B101D30F9D08}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{931BBF96-6663-4A01-98B6-87BE1AF605E3}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{93F65FE8-AD8F-4122-973E-D242CEBFB616}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{93F9C286-D84C-4434-9D8A-92E6F5F43CD9}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{93FCF2D4-728F-411C-849F-49CA8EE7ED7A}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{9450D907-6FBD-46DE-8BAF-1AF589403A72}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{945263C0-4D8B-4210-A2FE-8A41FA0C0B3A}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{9522FA4B-9074-4A80-A089-81B9EFFF9CDB}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{954EA010-D23B-4878-9872-CB885697B307}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{957878A8-6991-465E-961C-AFE11BE46D6A}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{9635D303-A81E-4B2A-89CA-BA9617677F06}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{965648F6-D206-4923-9BB2-3FF60DE29162}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{966FEACD-0DE1-4D2D-8EAB-A1619A671418}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{96FF0ECB-0120-4568-92D2-72E05B6B9F16}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{971C0589-4EF2-48FA-885C-D6912397A63E}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{97435549-075E-4E84-A87E-53157E5B3B7C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{97B9A9BA-2E89-4D21-A87D-B2453C30D961}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{97E311A4-D584-4BD0-B7CB-9665A41A6D79}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{984B4288-B818-473A-B5B4-2F0168074C2D}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{99962E1A-0769-497F-BF1D-D57454BB198D}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{99B7440E-2848-417A-AD91-886C9AD5BF78}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{9A638083-38CD-4913-B606-9440C3B4466A}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{9A661080-6FD3-4CA0-AD31-D5697D17D80E}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{9BAB308B-32D2-40D3-B5F3-1EAB774A76FB}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{9BB2CEB7-EF96-4E55-A83C-0DE98DBDA39F}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{9BE31C61-A492-4892-8909-273AE0C8E5A6}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{9BECBBA0-3A3A-4E0D-BD29-56A833CBD30C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{9BF5DF5A-E1BE-4F96-8EF4-66488767525D}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{9C65135D-E769-495C-9101-9F2B2ACE8569}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{9C9CB6EA-ED58-4778-9D33-81F9FD6F8122}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{9CAA440D-2458-484F-AAEF-AA1A231730F0}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{9CAFB8DA-8696-4A27-A818-5F2A15107E27}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{9CEB93E2-EE22-4B4D-AC1E-E19BEDC85EEE}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{9CF0EDFA-088E-46D6-9A3F-28470DAF2EA7}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{9D871E79-E44E-4588-9522-EC877888C42A}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{9DD2242E-4734-4626-94C6-C866400F0C36}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{9DDEC889-AAF7-47DE-B558-B8726E6DF5A5}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{9DFB5AF4-7D7C-4068-AFB0-F494B85DC4DA}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{9EF1EE7D-B701-47F2-8278-678F656F3106}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{9EF6B00B-8421-4B63-BB4F-E53DFC3608A9}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{9F98E617-F1A6-40A9-8AF1-98779A414CF1}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{9F9A2D39-C755-4683-A228-1742511F13D9}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A096D45B-0A6D-4DC3-818C-346A5FFB2DDD}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A112098C-92C9-46B3-AAD1-4A4053BAAEBD}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A13035B5-25FA-47F8-8701-1983D7171B4B}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A1B7F7B4-1A6F-448F-8C50-A237395BBCC6}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A1DB629E-D579-410B-A8E4-FF9E1D4D527E}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A2C06012-56B3-461F-A069-4776CAFF77C1}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A318854A-DC45-4FBB-A57F-44F3D29B29A8}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A36AD332-88CE-4536-ADC9-BD0A8775A0B6}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A384C482-0331-4270-8156-449F4CF14091}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A4338867-BAC8-45B2-91A9-B8EBB79DF118}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A473699C-B61B-41CA-866F-926334D55D63}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A48414FF-5299-4DFF-9637-6FD07100D78A}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A4EA221D-81E1-4ADC-BB36-7E9E27DDBE44}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A4F0B67F-F1D6-414C-9E38-7EA93218778C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A56FEC58-83CD-4690-BC2D-25B8880B45A0}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A59EBB4D-115B-4947-AC44-3ED3387A7911}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A5E9F9B1-212B-4F49-AD88-7C6BD2C9F674}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A68E18EF-A889-40A2-9B65-A9AF67E89F5F}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A70DA809-35DC-4E82-A638-8D6C0DF0A204}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A787B057-609A-41DE-823C-25C204D09148}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A7DCAA52-203A-47C3-AC25-45743B1FF26C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A8014412-0DA5-4D2D-A140-866DF1FBB11F}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A820A049-759A-45BF-9880-CAD9360BFD52}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A82255BE-12A0-4950-A372-ED74E2914C26}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A8234BCB-2A8B-4795-BB90-4D01DECF876D}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A8295D35-DBBE-4B38-A601-5E960CACF58A}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A865C344-7A27-490A-8955-C4D322209249}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A86C9393-2E41-4E5D-92DE-200C4CAE2082}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A873E674-48EA-486F-B1FA-8C51FE4D25B4}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A87A1A25-ECEF-40BD-AC2B-9693A88B6500}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A8E0B4C6-9C37-4B70-BE74-00593FEBA280}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A91D597F-2E9E-4968-BD08-D1C814718D94}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A9863F70-E748-4399-892B-92E594B9B7BB}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{A9C23C1E-DC1D-45A4-8FA9-D90C60E31523}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{AAE0D46B-C617-4ECE-972A-C6A1354823C1}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{ABFB80BB-A831-41DB-BB7A-9670BBFB8F18}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{ACD8E157-28AC-44B6-A832-1CE8E9414D5C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{ACE697AE-7156-4F90-B7BD-19578CCAEE30}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{AD98DE74-6575-4C8E-B72A-2D19F43429A9}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{AE1EB6B2-1D70-4CF1-AEA4-E5446739329B}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{AE459DB8-DC35-4E3A-8784-A25BC1ECB52B}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{AE8B4D36-4D3E-46A6-B414-9BBE729FA107}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{AEE99A77-DFC1-45E3-8ADA-D6237490008F}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{AEF5D36E-0027-49A1-98BB-98B39C593B7B}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{AEF819C7-FBD5-4A43-AE91-B308E5EABB7B}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{AF150C7E-B3A2-47E1-A10B-6E0F84BE9587}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{AF534C06-1F98-494A-AC2D-A040C71029BC}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{AF70AB71-A4A6-4F8E-9D8E-097C4B23C100}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{B04F8131-A211-400E-A7C8-9ED0133FA5B7}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{B084F79E-8A8E-4724-A063-C4C37E5BB700}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{B11A624D-5F54-412E-BEA8-A7DD74C837DF}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{B12A5690-2B13-4806-8205-1102270C5A01}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{B178494D-119D-4303-885A-66C26AEE6828}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{B1F96C3F-701D-457C-8A8A-2A97FDCB8969}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{B26710B2-C35E-40C5-AE51-B775D92307A0}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{B2A9D03D-F8D5-43E0-804F-48CFF5441134}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{B348F175-2948-48C0-81E5-639ABE872395}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{B4172AE0-269E-41E4-B2E6-A73D4A0D4A14}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{B49C62DB-A4A9-40E8-B921-0B4BE583EFCF}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{B4ADDA8F-B3CF-4932-943B-99C4556ECA95}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{B55919B0-42F3-4F5B-8CCC-E26F0F7B03E0}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{B56823C7-0D94-4BA2-BFFF-FA6692F16961}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{B6D80D28-E250-4BBC-AE6D-8B9499F26261}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{B7488055-DD7C-476E-91A0-4EC12D8E70AE}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{B7D2C38D-C049-408C-BBD5-1CAFCC6FB988}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{B805EE9B-AE41-43E1-BF2B-8B3698ABA3B7}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{B93DBD56-5D8E-4C1A-8803-AE11646A4057}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{BA0FE8D5-34F3-420C-8317-92E911710F34}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{BA725261-316B-4022-856F-AFA81F5E950C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{BA7AAD2D-E3F5-45F5-AF95-706E144D2BA9}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{BA8EBBD6-54FD-4826-8528-45BA8DC56123}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{BB3DC36D-F29B-4C05-A70A-0057897C9B86}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{BB7C848C-3EEC-4DC8-932A-89EB223DB5D4}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{BC0E1BC1-A606-4B88-B931-26BBC30C1316}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{BC50207D-C3F9-49FB-BCB4-7E1B30586C3E}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{BC6996A6-E853-42DA-8306-514812F53DF5}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{BC6D3A09-5395-47FE-8D9C-28BF3962F11C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{BCAD226D-C1E0-402A-AAB9-81FFC56BED9B}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{BCBE76FB-7B47-4755-B4BA-DE52F4BEED5E}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{BDBA4441-9C8D-41F5-8335-CA49D78DE6D3}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{BDE3DE6A-2AD4-44EC-B4E6-9F1BBB416685}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{BE2D5A9C-E092-4552-A5F4-376B2F763FA0}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{BE77C5D1-F06F-436D-B767-BF916EA6F0A0}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{BECAFE48-BD88-4570-B04F-B3889CC2907D}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{BF39CFF9-3011-44F0-BA58-69EF711839F6}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C03F4F21-97B5-4E63-B118-52534DA8115B}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C08ADA62-6D46-4BAC-9265-B48E0C0EB23D}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C09F4A16-DE91-4EEA-8A64-917606C81059}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C0BE84C3-88AA-404B-9887-97695D4CC797}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C0EF5A62-5765-4E29-92F1-95038A1D1314}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C13D1A08-D1E2-46D2-8D11-B9B9CB5F9115}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C16D4EEC-815D-47E6-A368-796FC7AB45C2}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C19B3402-E258-49E5-82B7-544EC0DB28FF}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C1BC81A2-2F71-495B-BDD7-D834BAD23FB8}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C1D069EF-ED52-495E-A951-496E86BE3DB5}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C2224886-58FA-4612-9B9D-F2BAB4D76020}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C223A0DF-19B4-40BA-8CD0-D6EF71DD67D7}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C334D2DF-0E28-4485-9B8C-2E6E5ED0DF7E}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C3636D13-DCE8-4836-A6E7-73345F568828}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C3662CE0-7315-4779-AAF0-8F67049FC6EC}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C3F9B1C3-DCDD-4984-A2BC-17BB3C4570D0}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C3FAD8D1-4FB8-48CE-A7F5-92CC02CC72D0}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C40944FA-7745-4D77-A53D-C1CB124C811C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C42A3896-F131-4880-B365-8A077C24A3BF}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C48EF86E-C626-44AA-8461-FD93CFDE4576}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C50B9A74-3CC3-4F6A-962C-EF4268CF2E1E}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C5360FD8-7422-4925-8063-45A5DDFDC5D6}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C56CDD21-A239-4B57-979E-CAA8983CADF9}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C60BE017-AB0A-46B1-9548-3CAD79D4A4E3}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C6313498-5802-45D0-9267-617127214317}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C70EA828-F156-46FD-8CF1-EA849B0BE57C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C751E1E0-0D15-4BE0-8796-0AB37FF4BA70}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C77F2FEE-26D1-4537-96F2-3D4057F63777}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C7E8D858-DA85-4236-9E59-8A4AAE0D5516}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C7F464C1-80C3-4F06-B0EB-766014B6538B}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C7F5C36F-C5F7-4B0B-A68A-BC04F30B4438}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C852540E-0508-41B9-B2B4-F335D2000F2B}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C8A85C3E-F991-4C35-9F3B-908BACE9A6E0}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C8AFC2CC-049E-4455-9059-539EB86125FB}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C8C083FE-497A-4610-B958-B47441C00D00}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C8DCB668-D134-44F0-BD54-E8539D2D452C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C9256489-9FF6-46A2-88BE-F9AE5265C691}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C98247F9-7D78-4086-887D-8156F28DA10D}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{C9E4C862-29DA-445E-B363-F0E0FC2320C3}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{CA33514F-6EE6-456F-8CA9-C19BEB5EB5AD}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{CA7021AD-C9F0-42D9-BA7B-070481F0B1A5}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{CA84C502-A881-40D2-9A0A-0BC35727C22F}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{CAACF67A-2CD9-45CE-B12C-B7857EF96E6B}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{CB0F95B8-0701-464A-A75E-4FE8AFAF1F47}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{CB179D1C-6748-4C2C-B712-9673CBE4D160}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{CB555702-390C-43BA-85CB-5752BAAB0562}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{CB652430-1C72-46B8-864C-FDDD4F15FA05}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{CB76FC31-5046-4FA5-8F83-0AF33AB2943B}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{CBFD85A6-23D8-4C67-90E5-C842DC594760}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{CC307FAA-69F3-423D-852B-2FEF0707E391}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{CC8D3501-DEA4-4C66-8552-3E38229F969C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{CCE61486-B21E-4FF8-91B8-DCFF44FF3F4E}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{CD8A693C-9C48-4721-B80A-9FFFEA4091FD}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{CDC6D246-AD5B-49F9-B1FA-6017ADB03B06}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{CDD36A9C-2290-4A42-B8A5-DD2672F845BB}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{CDFD0C5D-AC0F-495B-88B4-70F55C01F8EF}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{CE29ABC9-AA3B-4F6B-9299-7648E4F36682}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{CF00A1B5-CA9C-4C73-B36E-1391A3C520B1}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{CF27352E-F18F-4AB6-B66F-F3F77510C23A}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{CF36488C-0E63-4BA4-8DFD-16A7A9FBC588}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D0504D01-D3FD-42CE-AC2D-36932C3999EA}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D0BC39E5-6D82-4C89-9A93-899CCAA9E219}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D0BF101D-FFF3-474B-BB71-6303E199EC8E}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D1009554-87D6-4E27-9C43-ABFC069B2CD1}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D13EC22F-1F60-4F5B-8DB8-E12B4BE015BF}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D2294E59-05C6-4D20-9F2D-0CEFAF820F39}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D2CA1BB6-FB66-4A00-8B55-ED4BF070124E}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D39F264F-0D07-4F42-BF33-2BB6C0E668A2}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D4DE6C77-A37F-4D37-9653-D2CEF884CC18}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D522C8D2-F4D5-42B3-8D96-0E4DAA5A28F3}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D62C84EE-0F9B-440A-A5BF-9AD1A52E0CC4}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D638BEF8-9235-4440-96E6-40281E66EB7C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D68B09CA-82AB-40A0-81AB-D9C36CBE9E1B}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D698549D-BC68-4E6D-8339-ED06EBE5C27D}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D6FFE0EC-F62A-49EA-84D9-178E8B17F13F}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D701DDE8-6F2A-4841-901B-5CAF05CC8CF5}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D7029711-3A72-4CC3-B71C-0906729A4FC6}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D7126CC6-9B42-4789-B464-93705F53389D}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D756849D-DD28-4789-A584-343E889EBA6F}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D7B238F6-6251-4B82-A01B-B3DD0B120512}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D7DD69C5-AB8C-4D0A-8CCD-0D241F1BAB3D}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D7F338FC-A996-47C5-A404-A8D1A168ED16}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D800540B-AF05-4112-B424-E04A86207544}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D807E10E-FBE1-4A29-B1F7-8CDCAF035A29}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D9142D1B-D4AC-4C71-AB31-A385391A6FF6}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D945527B-49A2-4127-A334-7E04E248DE04}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D9879142-C86F-4763-BBCD-C95E777FB35A}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D9BED15C-F3A0-4CF0-8037-FEE5CA002939}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{D9EC771A-4D86-4D17-BE96-63D1ECAB50F2}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{DA5C6987-1CAF-47FF-8D6E-8D90BF66DF3E}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{DAD8CECD-C961-4A44-A6B5-5318891878E1}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{DB213C10-71BA-4E26-A4C1-8CFA5968B8BE}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{DB3FF9FC-817E-4D3B-95FB-EB48E57B8252}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{DBAFDD83-2B00-4DA5-947E-DE89BAF6AA3D}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{DBD7E1E8-67E3-4F94-98B5-6DD98323C70C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{DCE3AFF3-9F70-41C8-94EC-49765E3E1B36}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{DDD39A0E-EB92-47E4-A0D7-B86E05724161}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{DDF04EC5-7B90-43E1-9B2A-C73E90D6F3B5}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{DDF92526-DCC7-492C-89E6-8265D260B44C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{DE766D44-FA8A-4A6F-A60E-8E6E6D136125}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{DE87E99D-FB6F-473E-99DE-CEB8B78D7F6A}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{DE89E5A8-4CFE-48E1-9B81-345EE1BE7B54}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{DEB82E8E-8A26-4D0D-8396-8C2CD35ED1FE}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{DFB8E668-3E92-414C-907C-18FEFC6F268C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{E011EBA2-A800-49CD-86A7-21FD80DBB91F}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{E0252D74-149D-4B7D-9177-29638A94C9B8}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{E0DD2D42-DC9A-46D3-87DA-8389EA66A9B1}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{E0DE4F01-5165-4F9C-9172-86BD9C3349CB}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{E13FADBC-2B16-4519-B89B-A5E5234364AD}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{E25D9BCA-4DF9-4932-8497-256B58E01B43}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{E295E21D-5230-4C52-91BD-5EEDDF9FA485}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{E2D039E0-C856-4A16-87B5-451A488626E1}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{E300711C-593A-490E-81C8-1A09A0117B5C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{E36FCE7B-267D-4976-9722-AD53ADBF12BA}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{E3E88100-FD70-4AD5-AA4C-30D7EA998DF0}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{E4166D21-7BBD-4D95-9D71-AB76837BC772}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{E46DF41F-40AD-4399-A21D-6F9A77341E47}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{E55DAFA3-2B95-4CD8-A6DC-F52F623C867F}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{E5CE85D6-E1FA-4B5D-96B4-A9167251BFC3}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{E63D66A2-DFD2-4DB3-A03A-D2732154741A}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{E657E507-0BFB-436C-9484-7673955FFE34}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{E67DE593-A5D3-45CA-A85D-C61EDC514C0C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{E688B5A5-0EEE-40E3-AD38-487467F96CB6}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{E6DB3268-0BED-4E1D-BA00-AFCD24AF86A8}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{E7B02757-F644-4E11-918A-959FF7865C5B}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{E7FB1180-8C78-4A8D-9DB3-DCCDF74DAA83}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{E8040F8C-6C0A-457B-9FE4-104F23AA6F22}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{E915D9F0-D999-44FF-A7A4-E76368814820}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{E970F2B6-2A57-42DB-B448-EB0BEBCE3AAF}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{E98E7FA3-19B4-4CDF-80E0-78E0B2F39683}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{EA7A72D9-367E-403C-82A6-6D933DEC1C37}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{EA9A6959-254E-4F3C-911D-0E8ABAC6B426}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{EB431D39-1D8C-42F3-92BA-8873126C5AB5}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{EBCBB6DA-9702-4351-8C77-ACC5DA2BA623}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{EC17E6DA-58C9-4576-B9A1-4086BCA1151B}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{EC204512-91D2-41BD-AFB1-5042C7E54BD4}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{EC49F21F-DF65-4A64-9E18-566190A4EC26}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{ED4B1C4B-30C0-4143-A7C0-DD98E11CA2A5}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{ED517578-6800-47F6-A5C2-C40F9D84E690}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{EDFF8DEE-8A64-495E-A661-F1F0127FEE2A}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{EE61180A-E4A2-451A-AEC9-F484AF96F31C}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{EEF53C58-09CA-4087-A267-FADF39FF6530}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{EF12B833-2DF9-4AE1-8E68-3D40F8DFF8E0}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{EFA6FD80-A6E1-4195-AD2C-25D6B49C3C71}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{F119A68D-4754-4D1E-BB8B-262DAA1EA036}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{F14B786D-E144-46C4-807E-3B1DFE1481A8}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{F1655A47-DB74-456D-A9A5-D3D62D93EAD5}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{F1F03DD7-7A34-4FED-AAAE-62A77BBEA177}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{F1F2C013-AAE7-4718-9686-FE072C138AE2}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{F2B0F447-AC68-42C5-92A1-8FDCC9B49C69}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{F2F82A3B-144D-4E3E-8930-1A99E33E0942}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{F3293A91-6B5F-4624-9818-C071358F42D9}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{F32D62AA-0130-4FD0-9C00-04A128CE9F93}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{F3BEB906-260F-4D74-8AB8-6925FFBFBE63}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{F40FA7DE-FADB-4369-ACA1-2CF97962AA02}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{F4453A28-7EE7-4864-A1D6-0099728231B2}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{F483533E-FBD0-4DED-BB44-9764DE6805A8}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{F5C0E118-54F7-4C75-BF37-11A8383BF254}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{F6037556-BE1A-4A53-B8A4-82CB68399974}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{F629D796-32FB-4C63-81EF-96E389F482E1}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{F69D6F9E-810C-4EF4-9E3A-5421A856E2B7}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{F6A72D16-ED0B-46EC-A010-66C809912C5F}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{F6C35B37-207E-42BE-AB35-5BB806CF5E28}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{F7AD1B09-6661-43FA-988B-8F531BE70312}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{F888C015-1C3E-4E03-97C5-B0D700B6AE24}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{F8F65B27-7E01-4CD4-96FD-3FC9F0533A7B}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{F916B906-D8BA-4A3C-B65A-93A01484E3B4}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{F9941F28-E39E-4DA1-837B-D16DD09E41FE}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{F9A5206A-245C-4CDB-B5CE-4D302B264959}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{FAC265DD-95AA-42E3-BC4C-D746A0A0690F}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{FB1BEC38-9283-47A4-9173-C9A68B72C985}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{FB3426E0-EABD-4AF3-AE64-95444109F7D1}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{FB852CF5-9F63-458D-94AA-E5EA2E9F1D70}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{FBFBECEE-BBD5-42A5-A94D-FA62AA0F8C6D}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{FC29655D-84CA-422E-8857-278CB90C12BE}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{FE000592-7910-49A9-9460-207DC42FBB99}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{FE70373F-5899-45A8-88CF-7CA1D43BB51E}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{FE8CD33A-ACBD-4EA8-BD69-0BAA4CBDE304}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{FECB9C06-763D-4857-A2B2-2F1AEA0B0A98}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{FF1C5751-8B86-4F75-9E50-0096700CD17A}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
Successfully deleted: [Empty Folder] C:\Users\chris\appdata\local\{FFA4B1F3-163F-4A8A-A2A4-58D5BE55B596}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/15/2013 at  5:06:24.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:56 AM

Posted 15 November 2013 - 01:12 PM


Hello animemonster

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 animemonster

animemonster
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:56 PM

Posted 16 November 2013 - 07:08 AM

I'm responding from a different computer to not interrupt the one that has the problems.

 

The computer that you had me run combofix on has been running for fourteen hours. For about eight hours it ran with obvious changes. But then it stopped. The latest information showing is:

 

C:\Users\chris\NTUSER.DAT{bf2365ea-78ac11df-9d3b-001eecea7394}.TMContainer0000000000000000001regtrans-ms

C:\Users\chris\NTUSER.DAT{bf2365ea-78ac11df-9d3b-001eecea7394}.TMContainer0000000000000000002regtrans-ms
C:\Users\chris\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf

C:\Users\chris\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001regtrans-ms

C:\Users\chris\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002regtrans-ms

C:\Users\chris\ntuser.dat{d73d0b3e-b28f-11e0-a547-001eecea7394}.TM.blf

C:\Users\chris\ntuser.dat{d73d0b3e-b28f-11e0-a547-001eecea7394}.TMContainer000000000000000000001regtrans-ms

C:\Users\chris\ntuser.dat{d73d0b3e-b28f-11e0-a547-001eecea7394}.TMContainer000000000000000000002regtrans-ms

C:\Users\chris\ntuser.ini

C:\Users\desktop.ini

C:\Windows\SysWow64\FlashPlayerApp.exe

C:\Windows\SysWow64\frapsvid.dll

C:\Windows\wininit.ini

 

Deleting Folders:

 

C:\Program Files (x86)\DictionaryBossEI

C:\Users

 

There is a blinking cursor under the last folder.



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:56 AM

Posted 16 November 2013 - 11:11 AM


Hello animemonster

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 animemonster

animemonster
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:56 PM

Posted 16 November 2013 - 05:59 PM

Here is the ComboFix log. To run it, even in safe mode, I had to use a command prompt and use C:\User\chris\Desktop>start ComboFix.exe.
 
When I restarted the computer to normal windows operation and opened Chrome, all bookmarks were gone and Chrome is giving me a message about a new extension: Bucksbee Loyalty Plugin -W3i 1.0.9.7
 
ComboFix 13-11-15.01 - chris 11/16/2013  14:23:45.2.2 - x64 MINIMAL
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4092.3392 [GMT -8:00]
Running from: c:\users\chris\Desktop\ComboFix.exe
AV: AVG AntiVirus 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-16 to 2013-11-16  )))))))))))))))))))))))))))))))
.
.
2013-11-16 22:43 . 2013-11-16 22:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-16 22:43 . 2013-11-16 22:43 -------- d-----w- c:\users\chris\AppData\Local\temp
2013-11-15 12:56 . 2013-11-15 12:56 -------- d-----w- c:\windows\ERUNT
2013-11-15 11:00 . 2013-11-15 11:02 -------- d-----w- C:\AdwCleaner
2013-11-14 02:23 . 2013-11-14 02:23 -------- d-----w- c:\users\chris\AppData\Local\TBHostSupport
2013-11-13 20:55 . 2013-11-13 20:55 -------- d-----w- c:\users\chris\AppData\Local\WhiteListing
2013-11-13 14:52 . 2013-10-03 15:02 1278976 ----a-w- c:\windows\system32\crypt32.dll
2013-11-13 14:52 . 2013-10-03 12:45 993792 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-11-13 14:52 . 2013-10-11 04:23 462848 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-13 14:52 . 2013-10-11 04:23 781824 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-13 14:52 . 2013-10-11 02:07 596480 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-11-13 14:52 . 2013-10-03 15:03 389632 ----a-w- c:\windows\system32\gdi32.dll
2013-11-13 14:52 . 2013-10-03 12:46 304128 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-11-13 14:50 . 2013-09-04 02:31 404992 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-10 10:55 . 2013-10-30 10:27 29496 ----a-w- c:\windows\system32\authuitu.dll
2013-11-10 10:55 . 2013-10-30 10:27 25400 ----a-w- c:\windows\SysWow64\authuitu.dll
2013-11-10 10:55 . 2013-10-30 10:27 42808 ----a-w- c:\windows\system32\uxtuneup.dll
2013-11-10 10:55 . 2013-10-30 10:27 35640 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2013-11-10 10:52 . 2013-10-30 10:27 40248 ----a-w- c:\windows\system32\TURegOpt.exe
2013-11-10 10:52 . 2013-11-10 10:52 -------- d-----w- c:\users\chris\AppData\Roaming\AVG
2013-11-10 10:46 . 2013-11-10 10:58 -------- d-----w- c:\programdata\AVG
2013-11-10 10:46 . 2013-11-10 11:14 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-11-09 16:36 . 2013-11-09 16:36 -------- d-----w- c:\users\chris\AppData\Roaming\TuneUp Software
2013-11-09 16:34 . 2013-11-09 16:34 -------- d-----w- C:\$AVG
2013-11-09 16:33 . 2013-11-10 10:48 -------- d-----w- c:\program files (x86)\AVG
2013-11-09 16:29 . 2013-11-09 16:29 -------- d-----w- c:\users\chris\AppData\Local\NativeMessaging
2013-11-09 16:29 . 2013-11-09 16:42 -------- d-----w- c:\users\chris\AppData\Local\Avg2014
2013-11-09 16:29 . 2013-11-16 19:01 -------- d-----w- c:\programdata\MFAData
2013-11-09 16:29 . 2013-11-09 16:29 -------- d-----w- c:\users\chris\AppData\Local\MFAData
2013-11-09 16:29 . 2013-11-09 16:29 -------- d-----w- c:\users\chris\AppData\Local\Avg2013
2013-11-09 16:03 . 2013-11-09 16:03 -------- d-----w- c:\users\chris\AppData\Local\cache
2013-11-09 16:03 . 2013-11-16 03:19 -------- d-----w- c:\users\chris\AppData\Local\Mobogenie
2013-11-09 03:04 . 2013-10-16 08:20 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{290BAC6E-7B7B-4DB0-8905-313E4124D5AD}\mpengine.dll
2013-11-08 16:46 . 2013-11-08 16:46 -------- d-----w- c:\program files\iPod
2013-11-08 16:46 . 2013-11-08 16:48 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-08 16:46 . 2013-11-08 16:48 -------- d-----w- c:\program files\iTunes
2013-11-08 16:46 . 2013-11-08 16:48 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-13 23:23 . 2006-11-02 12:35 82896128 ----a-w- c:\windows\system32\mrt.exe
2013-10-09 00:03 . 2011-10-04 20:38 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-26 05:07 . 2013-09-26 05:07 148792 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-09-09 06:11 . 2013-09-09 06:11 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-09-03 21:35 . 2009-10-03 15:24 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-09-02 18:59 . 2013-09-02 18:59 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-09-02 18:29 . 2013-09-02 18:29 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-09-02 18:26 . 2013-09-02 18:26 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-09-02 18:26 . 2013-09-02 18:26 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-08-29 07:48 . 2013-10-09 10:53 2775552 ----a-w- c:\windows\system32\win32k.sys
2013-08-27 03:39 . 2013-10-09 10:53 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-08-27 03:39 . 2013-10-09 10:53 287232 ----a-w- c:\windows\system32\d3d10core.dll
2013-08-27 03:39 . 2013-10-09 10:53 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2013-08-27 03:39 . 2013-10-09 10:53 1268224 ----a-w- c:\windows\system32\d3d10.dll
2013-08-27 02:47 . 2013-10-09 10:53 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-08-27 02:47 . 2013-10-09 10:53 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-08-27 02:47 . 2013-10-09 10:53 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-08-27 02:47 . 2013-10-09 10:53 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-08-27 02:32 . 2013-10-09 10:53 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2013-08-27 02:30 . 2013-10-09 10:53 566272 ----a-w- c:\windows\system32\d3d10level9.dll
2013-08-27 02:06 . 2013-10-09 10:53 834048 ----a-w- c:\windows\system32\d2d1.dll
2013-08-27 02:00 . 2013-10-09 10:53 1556480 ----a-w- c:\windows\system32\DWrite.dll
2013-08-27 02:00 . 2013-10-09 10:53 1149952 ----a-w- c:\windows\system32\FntCache.dll
2013-08-27 01:52 . 2013-10-09 10:53 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-08-27 01:50 . 2013-10-09 10:53 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-08-27 01:32 . 2013-10-09 10:53 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-08-27 01:28 . 2013-10-09 10:53 1069056 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-08-21 06:53 . 2013-08-21 06:53 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"TBHostSupport"="c:\users\chris\AppData\Local\TBHostSupport\TBHostSupport.dll" [2013-11-13 458016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-10-08 4908592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\AESTSr64.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-15 08:19 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 00:04]
.
2013-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-17 23:45]
.
2013-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-17 23:45]
.
2013-11-15 c:\windows\Tasks\HPCeeScheduleForchris.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-07-28 03:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 685568]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [2008-06-27 443904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: billerweb.com
Trusted Zone: farmersinsurance.com
Trusted Zone: farmersinsurance.com\eagent
Trusted Zone: foremostfarmers.com
Trusted Zone: foremoststar.com
Trusted Zone: proveit2.com\www
TCP: DhcpNameServer = 192.168.1.254
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {B2D168E0-5597-101D-843A-DA16297B4C87} - hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/rm2.cab
DPF: {BE8EEE38-A7C5-4674-A6C4-C2D7421FDD10} - hxxps://bie.farmersinsurance.com/prweb/PRServletLDAP1/8gYJ4DHQrCXUTefMjim_tw%5B%5B*/prvisiointerface.cab
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
WebBrowser-{21D8071D-9060-4090-8758-A712EAC6041F} - (no file)
AddRemove-UpdaterEX - c:\users\chris\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files (x86)\HP\QuickPlay\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3581203319-3861266658-208506385-1000\¬ î**]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:a2,e2,93,68,22,41,64,00
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
@DACL=(02 0010)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@DACL=(02 0010)
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-11-16  14:47:02
ComboFix-quarantined-files.txt  2013-11-16 22:46
.
Pre-Run: 197,913,288,704 bytes free
Post-Run: 197,661,106,176 bytes free
.
- - End Of File - - B1F1B7BF9FC4D9889ABD9C9A0E987FC0
85D751F0E41B8E520AEE8C07A8DA777B


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:56 AM

Posted 16 November 2013 - 06:55 PM



Hello animemonster

Lets get a deeper look into the system and lets see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 animemonster

animemonster
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:56 PM

Posted 16 November 2013 - 09:43 PM

OTL logfile created on: 11/16/2013 6:28:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\chris\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 66.47% Memory free
8.21 Gb Paging File | 6.48 Gb Available in Paging File | 78.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.67 Gb Total Space | 183.48 Gb Free Space | 64.00% Space Free | Partition Type: NTFS
Drive D: | 11.41 Gb Total Space | 1.88 Gb Free Space | 16.43% Space Free | Partition Type: NTFS
 
Computer Name: CHRIS-PC | User Name: chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\chris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\SMINST\BLService.exe ()
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (AVG)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (AVG)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (AVG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\DRIVERS\avgdiska.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\DRIVERS\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\DRIVERS\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation                                            )
DRV:64bit: - (NETw5v64) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Corporation)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XV) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (iscFlash) -- C:\Program Files (x86)\sp43867\iscflashx64.sys (Insyde Software)
DRV - ({22D78859-9CE9-4B77-BF18-AC83E81A9263}) -- C:\Program Files (x86)\HP\QuickPlay\000.fcl (Cyberlink Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{80F9CE9F-1811-48D0-AB07-45BF1DBB1FF0}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
IE:64bit: - HKLM\..\SearchScopes\{8548F34C-3305-470E-A035-6629D40BCD02}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{80F9CE9F-1811-48D0-AB07-45BF1DBB1FF0}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
IE - HKLM\..\SearchScopes\{8548F34C-3305-470E-A035-6629D40BCD02}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3581203319-3861266658-208506385-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKU\S-1-5-21-3581203319-3861266658-208506385-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3581203319-3861266658-208506385-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3581203319-3861266658-208506385-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3581203319-3861266658-208506385-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3581203319-3861266658-208506385-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3581203319-3861266658-208506385-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLJ_en
IE - HKU\S-1-5-21-3581203319-3861266658-208506385-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3581203319-3861266658-208506385-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.DictionaryBoss.com/Plugin: C:\Program Files (x86)\DictionaryBossEI\Installr\1.bin\NPv4EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll File not found
FF - HKLM\Software\MozillaPlugins\@Webfetti_52.com/Plugin: C:\Program Files (x86)\Webfetti_52\bar\1.bin\NP52Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20002\7.5.1107\7.5.1107\FIREFOXEXTENSION
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/10 12:34:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/26 03:02:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\52ffxtbr@Webfetti_52.com: C:\Program Files (x86)\Webfetti_52\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1107\7.5.1107\firefoxextension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/10 12:34:10 | 000,000,000 | ---D | M]
 
[2012/03/03 15:57:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Extensions
[2009/12/05 12:54:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Extensions\[email protected]
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: fcreward.100750.b = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfpkoabioenlbhfelfcneeikegoobjd\1.0.9.7_0\
CHR - Extension: fcreward.100750.b = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfpkoabioenlbhfelfcneeikegoobjd\1.2.4_0\
CHR - Extension: Google Wallet = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\
 
O1 HOSTS File: ([2013/07/20 17:01:25 | 000,449,253 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15450 more lines...
O2:64bit: - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found.
O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3581203319-3861266658-208506385-1000\..\Toolbar\WebBrowser: (no name) - {21D8071D-9060-4090-8758-A712EAC6041F} - No CLSID value found.
O3 - HKU\S-1-5-21-3581203319-3861266658-208506385-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3581203319-3861266658-208506385-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-3581203319-3861266658-208506385-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3581203319-3861266658-208506385-1000..\Run: [TBHostSupport] C:\Users\chris\AppData\Local\TBHostSupport\TBHostSupport.dll (Conduit Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3581203319-3861266658-208506385-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3581203319-3861266658-208506385-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3581203319-3861266658-208506385-1000\..Trusted Domains: billerweb.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3581203319-3861266658-208506385-1000\..Trusted Domains: farmersinsurance.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3581203319-3861266658-208506385-1000\..Trusted Domains: farmersinsurance.com ([eagent] https in Trusted sites)
O15 - HKU\S-1-5-21-3581203319-3861266658-208506385-1000\..Trusted Domains: foremostfarmers.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3581203319-3861266658-208506385-1000\..Trusted Domains: foremoststar.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3581203319-3861266658-208506385-1000\..Trusted Domains: proveit2.com ([www] http in Trusted sites)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://eagent.farmersinsurance.com/PLA/eAgent/eAuto/commonActiveX/smsx.cab (MeadCo ScriptX)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {354D91A8-E3C9-491F-BB89-0FB27DEEED86} https://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgXTwain61.cab (ImgXTwain6.ImgXTwain)
O16 - DPF: {3D03AEAF-38CC-4DB5-9FA1-1C3538B1CA85} https://eagent.farmersinsurance.com/PLA/eAgent/icms/viewers/crystalreportviewers11/ActiveXControls/PrintControl.cab (Crystal Reports Print Control 11.0)
O16 - DPF: {45EEDB84-57BC-4FBD-8065-7AB8E971B545} https://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgXDialog61.cab (ImgXDialog6.ImgXDialog)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} https://www.member-data.com/rdc/EZTwainX.cab (EZTwainX by Dosadi)
O16 - DPF: {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} https://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgX61.cab (Atalasoft ImgXCtrl6.ImgXCtrl (CAB))
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {B2D168E0-5597-101D-843A-DA16297B4C87} https://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/rm2.cab (SnowBound Control)
O16 - DPF: {BE8EEE38-A7C5-4674-A6C4-C2D7421FDD10} https://bie.farmersinsurance.com/prweb/PRServletLDAP1/8gYJ4DHQrCXUTefMjim_tw%5B%5B*/prvisiointerface.cab (prVisioInterface.EmVisioInterface)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP27-10832/webex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D48AB512-5EC7-4292-86F5-D5F78E716F0B}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp - No CLSID value found
O18:64bit: - Protocol\Handler\tmpx - No CLSID value found
O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\tmbp - No CLSID value found
O18 - Protocol\Handler\tmpx - No CLSID value found
O18 - Protocol\Handler\tmtbim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O32 - HKLM CDRom: AutoRun - 1
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/16 18:26:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\chris\Desktop\OTL.exe
[2013/11/16 14:47:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/11/16 14:47:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/11/16 14:47:04 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\temp
[2013/11/16 14:22:49 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/11/15 14:40:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/11/15 14:40:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/11/15 14:40:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/11/15 14:38:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/11/15 14:37:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/11/15 14:36:27 | 005,146,278 | R--- | C] (Swearware) -- C:\Users\chris\Desktop\ComboFix.exe
[2013/11/15 04:56:34 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/15 03:00:01 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/13 18:23:32 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\TBHostSupport
[2013/11/13 15:26:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/13 15:26:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/11/13 15:26:52 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/13 15:26:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/13 15:26:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/13 15:26:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/13 15:26:51 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/13 15:26:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/13 15:26:50 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/13 15:26:50 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/13 15:26:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/13 15:26:50 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/13 15:26:49 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/13 15:26:49 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/13 15:26:49 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/13 12:55:49 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\WhiteListing
[2013/11/13 06:52:37 | 001,278,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/11/13 06:52:22 | 000,781,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/11/13 06:52:22 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013/11/13 06:52:18 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/11/10 02:55:22 | 000,029,496 | ---- | C] (AVG) -- C:\Windows\SysNative\authuitu.dll
[2013/11/10 02:55:22 | 000,025,400 | ---- | C] (AVG) -- C:\Windows\SysWow64\authuitu.dll
[2013/11/10 02:55:19 | 000,042,808 | ---- | C] (AVG) -- C:\Windows\SysNative\uxtuneup.dll
[2013/11/10 02:55:19 | 000,035,640 | ---- | C] (AVG) -- C:\Windows\SysWow64\uxtuneup.dll
[2013/11/10 02:52:56 | 000,040,248 | ---- | C] (AVG) -- C:\Windows\SysNative\TURegOpt.exe
[2013/11/10 02:52:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014
[2013/11/10 02:52:23 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\AVG
[2013/11/10 02:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2013/11/10 02:46:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2013/11/09 08:37:43 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\AVG2014
[2013/11/09 08:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/11/09 08:36:18 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\TuneUp Software
[2013/11/09 08:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/11/09 08:34:59 | 000,000,000 | ---D | C] -- C:\$AVG
[2013/11/09 08:33:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/11/09 08:29:50 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\NativeMessaging
[2013/11/09 08:29:45 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\Avg2014
[2013/11/09 08:29:28 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\MFAData
[2013/11/09 08:29:28 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/11/09 08:29:28 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\Avg2013
[2013/11/09 08:03:39 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\cache
[2013/11/09 08:03:37 | 000,000,000 | ---D | C] -- C:\Users\chris\Documents\Mobogenie
[2013/11/09 08:03:37 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\Mobogenie
[2013/11/08 08:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/11/08 08:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/11/08 08:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/11/08 08:46:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/11/08 08:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2008/11/19 19:20:06 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2008/11/19 19:20:05 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2008/11/19 19:20:05 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2008/11/19 19:20:05 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/16 18:26:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\chris\Desktop\OTL.exe
[2013/11/16 18:19:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/16 18:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/16 16:51:38 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/16 16:51:38 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/16 14:51:52 | 000,089,391 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/11/16 14:51:48 | 000,089,391 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/11/16 14:51:48 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/16 14:51:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/16 14:10:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/11/16 08:45:17 | 000,002,009 | ---- | M] () -- C:\Users\chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/15 14:36:32 | 005,146,278 | R--- | M] (Swearware) -- C:\Users\chris\Desktop\ComboFix.exe
[2013/11/15 03:07:02 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForchris.job
[2013/11/15 00:20:28 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/10 09:21:18 | 000,314,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/10 02:52:43 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
[2013/11/10 02:52:43 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
[2013/11/10 02:52:42 | 000,001,917 | ---- | M] () -- C:\Users\chris\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC TuneUp 2014.lnk
[2013/11/09 19:08:46 | 209,715,200 | ---- | M] () -- C:\Users\chris\Documents\Data Safe.avgfv
[2013/11/09 08:39:44 | 000,000,541 | ---- | M] () -- C:\Users\chris\Desktop\Data Safe.lnk
[2013/11/09 08:36:18 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/11/08 16:40:29 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/08 08:48:18 | 000,001,654 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/11/06 12:43:05 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/06 12:43:05 | 000,604,752 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/06 12:43:05 | 000,104,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/30 02:27:10 | 000,040,248 | ---- | M] (AVG) -- C:\Windows\SysNative\TURegOpt.exe
[2013/10/30 02:27:00 | 000,042,808 | ---- | M] (AVG) -- C:\Windows\SysNative\uxtuneup.dll
[2013/10/30 02:27:00 | 000,035,640 | ---- | M] (AVG) -- C:\Windows\SysWow64\uxtuneup.dll
[2013/10/30 02:27:00 | 000,029,496 | ---- | M] (AVG) -- C:\Windows\SysNative\authuitu.dll
[2013/10/30 02:27:00 | 000,025,400 | ---- | M] (AVG) -- C:\Windows\SysWow64\authuitu.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/11/15 14:40:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/11/15 14:40:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/11/15 14:40:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/11/15 14:40:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/11/15 14:40:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/11/13 06:52:23 | 000,217,074 | ---- | C] () -- C:\Windows\SysNative\WFP.TMF
[2013/11/10 02:52:43 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
[2013/11/10 02:52:43 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
[2013/11/10 02:52:42 | 000,001,917 | ---- | C] () -- C:\Users\chris\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC TuneUp 2014.lnk
[2013/11/10 02:52:42 | 000,001,905 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk
[2013/11/09 08:39:44 | 000,000,541 | ---- | C] () -- C:\Users\chris\Desktop\Data Safe.lnk
[2013/11/09 08:39:30 | 209,715,200 | ---- | C] () -- C:\Users\chris\Documents\Data Safe.avgfv
[2013/11/09 08:36:18 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/11/08 08:48:18 | 000,001,654 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/04/23 17:21:22 | 000,000,000 | ---- | C] () -- C:\ProgramData\2b21213d3c5f292b_c
[2013/01/25 20:11:14 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/05/22 09:44:36 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012/02/28 14:48:25 | 000,722,292 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/04 09:00:04 | 000,870,128 | ---- | C] () -- C:\Users\chris\AppData\Roaming\mcs.rma
[2008/11/12 14:27:07 | 000,004,390 | ---- | C] () -- C:\Users\chris\AppData\Roaming\wklnhst.dat
[2008/11/11 17:15:24 | 000,089,391 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/11/11 17:13:23 | 000,089,391 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/10/20 10:40:09 | 000,000,253 | ---- | C] () -- C:\ProgramData\hpqp.ini
 
========== ZeroAccess Check ==========
 
[2011/11/18 12:55:05 | 000,000,000 | -HSD | M] -- C:\Users\chris\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L
[2012/07/31 08:25:42 | 000,000,000 | -HSD | M] -- C:\Users\chris\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U
[2006/11/02 07:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 09:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 09:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/10 23:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 18:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 374 bytes -> C:\ProgramData\TEMP:B4273EB5
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:D346F792
 
< End of report >


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:56 AM

Posted 18 November 2013 - 12:14 PM


Hello animemonster

I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Run OTL Script
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png text box.
    :OTL
    IE - HKU\S-1-5-19\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
    IE - HKU\S-1-5-20\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@ei.DictionaryBoss.com/Plugin: C:\Program Files (x86)\DictionaryBossEI\Installr\1.bin\NPv4EISB.dll File not found
    FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll File not found
    FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Webfetti_52.com/Plugin: C:\Program Files (x86)\Webfetti_52\bar\1.bin\NP52Stub.dll File not found
    O2:64bit: - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
    O2:64bit: - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found.
    O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
    O2 - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found.
    O3 - HKU\S-1-5-21-3581203319-3861266658-208506385-1000\..\Toolbar\WebBrowser: (no name) - {21D8071D-9060-4090-8758-A712EAC6041F} - No CLSID value found.
    O3 - HKU\S-1-5-21-3581203319-3861266658-208506385-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\tmbp - No CLSID value found
    O18:64bit: - Protocol\Handler\tmpx - No CLSID value found
    O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\livecall - No CLSID value found
    O18 - Protocol\Handler\msnim - No CLSID value found
    O18 - Protocol\Handler\tmbp - No CLSID value found
    O18 - Protocol\Handler\tmpx - No CLSID value found
    O18 - Protocol\Handler\tmtbim - No CLSID value found
     IE:64bit: - HKLM\..\SearchScopes\{8548F34C-3305-470E-A035-6629D40BCD02}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKLM\..\SearchScopes\{1DD19FB9-B106-4258-A274-59C1C42BE580: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dstrmsd&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0DtBtByEtCyCyE0EtB0AtBtN0D0Tzu0CyCyBzztN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1Q1B2Z1C1H1B1Q&cr=1066955091&ir=
    IE - HKLM\..\SearchScopes\{8548F34C-3305-470E-A035-6629D40BCD02}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
     O4 - HKU\S-1-5-21-3581203319-3861266658-208506385-1000..\Run: [TBHostSupport] C:\Users\chris\AppData\Local\TBHostSupport\TBHostSupport.dll (Conduit Ltd.)
    
    :Files
    ipconfig /flushdns /c
    C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [reboot]
    
  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

    Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFiles

    It will be named - mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.


Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 animemonster

animemonster
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:56 PM

Posted 18 November 2013 - 06:23 PM

The Bucksbee Loyalty Plugin seems to have added itself back to Chrome. All bookmarks are missing again.
 
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@ei.DictionaryBoss.com/Plugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@oberon-media.com/ONCAdapter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@TrendMicro.com/FFExtension\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Webfetti_52.com/Plugin\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3581203319-3861266658-208506385-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21D8071D-9060-4090-8758-A712EAC6041F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21D8071D-9060-4090-8758-A712EAC6041F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3581203319-3861266658-208506385-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control CabBuilder
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\CabBuilder\ not found.
File oft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmbp\ deleted successfully.
File Protocol\Handler\tmbp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmpx\ deleted successfully.
File Protocol\Handler\tmpx - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmtbim\ deleted successfully.
File Protocol\Handler\tmtbim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ not found.
File Protocol\Handler\livecall - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ not found.
File Protocol\Handler\msnim - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmbp\ not found.
File Protocol\Handler\tmbp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmpx\ not found.
File Protocol\Handler\tmpx - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmtbim\ not found.
File Protocol\Handler\tmtbim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8548F34C-3305-470E-A035-6629D40BCD02}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8548F34C-3305-470E-A035-6629D40BCD02}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1DD19FB9-B106-4258-A274-59C1C42BE580: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DD19FB9-B106-4258-A274-59C1C42BE580: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8548F34C-3305-470E-A035-6629D40BCD02}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8548F34C-3305-470E-A035-6629D40BCD02}\ not found.
Registry value HKEY_USERS\S-1-5-21-3581203319-3861266658-208506385-1000\Software\Microsoft\Windows\CurrentVersion\Run\\TBHostSupport deleted successfully.
C:\Users\chris\AppData\Local\TBHostSupport\TBHostSupport.dll moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\chris\Desktop\cmd.bat deleted successfully.
C:\Users\chris\Desktop\cmd.txt deleted successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Sync Data folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Session Storage folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.manhub.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.lubeyourtube.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#s.ytimg.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\www.manhub.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\www.gayboystube.com\includes\player\flowplayer-3.2.16.swf folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\www.gayboystube.com\includes\player folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\www.gayboystube.com\includes folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\www.gayboystube.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\www.gay-porn-tubes.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\vox-static.liverail.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\us-stiampornspamming#2.com\videoplayerC.swf folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\us-stiampornspamming#2.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\static.xvideos.com\swf\xv-player.swf\hexa# folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\static.xvideos.com\swf\xv-player.swf folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\static.xvideos.com\swf\flv_player_site_v4.swf folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\static.xvideos.com\swf folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\static.xvideos.com\##F13E72137282220E folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\static.xvideos.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\secure-us.imrworldwide.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\s0.2mdn.net\##8521111F543885EA folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\s0.2mdn.net folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\s.ytimg.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\mpsnare.iesnare.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\macromedia.com\support\flashplayer\sys\#www.manhub.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\macromedia.com\support\flashplayer\sys\#www.gayboystube.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\macromedia.com\support\flashplayer\sys\#www.gay-porn-tubes.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\macromedia.com\support\flashplayer\sys\#us-stiampornspamming#2.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\macromedia.com\support\flashplayer\sys\#static.xvideos.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\macromedia.com\support\flashplayer\sys\#secure-us.imrworldwide.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\macromedia.com\support\flashplayer\sys\#s0.2mdn.net folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\macromedia.com\support\flashplayer\sys\#s.ytimg.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\macromedia.com\support\flashplayer\sys\#mpsnare.iesnare.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\macromedia.com\support\flashplayer\sys\#hdgaysextube.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\macromedia.com\support\flashplayer\sys\#core.insightexpressai.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\macromedia.com\support\flashplayer\sys\#cache.btrll.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\macromedia.com\support\flashplayer\sys\#18twinkstube.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\macromedia.com\support\flashplayer\sys folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\macromedia.com\support\flashplayer folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\macromedia.com\support folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\macromedia.com\##FD37CED9AB029DE0 folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\macromedia.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\hdgaysextube.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\core.insightexpressai.com\adserver\fscookie\fscookie.swf folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\core.insightexpressai.com\adserver\fscookie folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\core.insightexpressai.com\adserver folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\core.insightexpressai.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\cdn1.static.youporn.phncdn.com\##BE355EEFD2BE97D9 folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\cdn1.static.youporn.phncdn.com\##028568E857E893EA folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\cdn1.static.youporn.phncdn.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\cdn-static.liverail.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\cache.btrll.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF\18twinkstube.com folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WQCNPYXF folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\DZ8WEWS6 folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Media Cache folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\neebgdeaohaofdhldpobdpfocdonmgki folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkpdpkjmmdacleogmmlinafnhdfdlmp folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\IndexedDB folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\GPUCache folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\File System\Origins folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\File System folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\zh_TW folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\zh_CN folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\vi folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\uk folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\tr folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\th folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\sv folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\sr folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\sl folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\sk folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\ru folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\ro folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\pt_PT folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\pt_BR folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\pl folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\nl folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\nb folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\lv folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\lt folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\ko folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\ja folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\it folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\id folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\hu folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\hr folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\hi folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\fr folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\fil folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\fi folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\et folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\es_419 folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\es folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\en_GB folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\en folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\el folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\de folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\da folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\cs folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\ca folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales\bg folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\_locales folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\images folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\html folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\css folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1 folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfpkoabioenlbhfelfcneeikegoobjd\1.2.4_0\UI\icon folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfpkoabioenlbhfelfcneeikegoobjd\1.2.4_0\UI folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfpkoabioenlbhfelfcneeikegoobjd\1.2.4_0\newtab folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfpkoabioenlbhfelfcneeikegoobjd\1.2.4_0\css\fonts folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfpkoabioenlbhfelfcneeikegoobjd\1.2.4_0\css folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfpkoabioenlbhfelfcneeikegoobjd\1.2.4_0 folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfpkoabioenlbhfelfcneeikegoobjd\1.0.9.7_0\UI\icon folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfpkoabioenlbhfelfcneeikegoobjd\1.0.9.7_0\UI folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfpkoabioenlbhfelfcneeikegoobjd\1.0.9.7_0 folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfpkoabioenlbhfelfcneeikegoobjd folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\databases\http_www.flirt4free.com_0 folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\databases\https_www.netspend.com_0 folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\databases\file__0 folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\databases folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cache folder moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default folder moved successfully.
========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: All Users
 
User: AppData
 
User: chris
->Java cache emptied: 38453286 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Java Files Cleaned = 37.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: AppData
 
User: chris
->Flash cache emptied: 2648920 bytes
 
User: Default
->Flash cache emptied: 56475 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 3.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11182013_151113


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:56 AM

Posted 18 November 2013 - 08:31 PM


Hello animemonster

We need to reset Chrome back to defaults to completely clear out what is going on.

We can keep the bookmarks by exporting them - Export Bookmarks


Then I need you to go Google Sync and sign into your account

scroll down untill you see the "Stop and Clear" button and click on button

At the prompt click on "Ok"

Now we need to uninstall chrome

I want you to uninstall Chrome and if asked about user data or settings then remove this also

restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome

After you have Chrome reinstalled please check things out and let me know how it is doing.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:56 AM

Posted 22 November 2013 - 01:08 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:56 AM

Posted 26 November 2013 - 12:59 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users