Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How do I get rid of 'SoftwareUpdateSetup' & 'ICReinstall_SoftwareUpdateSetup'?


  • This topic is locked This topic is locked
4 replies to this topic

#1 slevin9

slevin9

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 30 October 2013 - 12:51 PM

Novice here.
These 2 applications cause a popup in the lower right of my screen asking me to update a variety of different programs on my computer. Typically, the programs mentioned are already up to date, but the Software Update process wants to install a variety of NEW toolbars, etc.
It appears the SoftwareUpdate program comes from file.org Downloader (whatever that means)
I delete the apps from: (C:\users\steve\AppData\local\temp\...)but within a day or so they reappear. Is there a way to rid my system of this bother?
Steve
slevinxxx9@hotmail.com

Never give you E-mail address in a Forum unless you want spammers to use it.

Edited by nasdaq, 31 October 2013 - 10:10 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:40 AM

Posted 02 November 2013 - 08:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 slevin9

slevin9
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 04 November 2013 - 10:16 AM

I followed the procedure you outlined but the 2 undesireable files are still there in C:\users\steve\AppData\local\temp\...) and the popups continue.

There were 2 Rogue Reports generated:

First:

RogueKiller V8.7.6 _x64_ [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Steve [Admin rights]
Mode : Scan -- Date : 11/02/2013 22:12:12
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

 

216.239.32.20 www.google.ae # bck9

216.239.32.20 www.google.at # bck9

216.239.32.20 www.google.be # bck9

216.239.32.20 www.google.ca # bck9

216.239.32.20 www.google.ch # bck9

216.239.32.20 www.google.cl # bck9

216.239.32.20 www.google.co.il # bck9

216.239.32.20 www.google.co.in # bck9

216.239.32.20 www.google.co.jp # bck9

216.239.32.20 www.google.co.kr # bck9

216.239.32.20 www.google.co.nz # bck9

216.239.32.20 www.google.co.uk # bck9

216.239.32.20 www.google.co.ve # bck9

216.239.32.20 www.google.co.za # bck9

216.239.32.20 www.google.com # bck9

216.239.32.20 www.google.com.ar # bck9

216.239.32.20 www.google.com.au # bck9

216.239.32.20 www.google.com.br # bck9

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD1001FAES-75W7A0 ATA Device +++++
--- User ---
[MBR] f36cf15ed88e0047a582a456f2d258a2
[BSP] 4556c1c5d7172108693fe5d86725391e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 11318 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 23261184 | Size: 942510 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_11022013_221212.txt >>

 

Then, a minute later:

RogueKiller V8.7.6 _x64_ [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Steve [Admin rights]
Mode : Remove -- Date : 11/02/2013 22:13:04
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

 

216.239.32.20 www.google.ae # bck9

216.239.32.20 www.google.at # bck9

216.239.32.20 www.google.be # bck9

216.239.32.20 www.google.ca # bck9

216.239.32.20 www.google.ch # bck9

216.239.32.20 www.google.cl # bck9

216.239.32.20 www.google.co.il # bck9

216.239.32.20 www.google.co.in # bck9

216.239.32.20 www.google.co.jp # bck9

216.239.32.20 www.google.co.kr # bck9

216.239.32.20 www.google.co.nz # bck9

216.239.32.20 www.google.co.uk # bck9

216.239.32.20 www.google.co.ve # bck9

216.239.32.20 www.google.co.za # bck9

216.239.32.20 www.google.com # bck9

216.239.32.20 www.google.com.ar # bck9

216.239.32.20 www.google.com.au # bck9

216.239.32.20 www.google.com.br # bck9

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD1001FAES-75W7A0 ATA Device +++++
--- User ---
[MBR] f36cf15ed88e0047a582a456f2d258a2
[BSP] 4556c1c5d7172108693fe5d86725391e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 11318 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 23261184 | Size: 942510 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_11022013_221304.txt >>
RKreport[0]_S_11022013_221212.txt

 

ADW Cleaner report:

# AdwCleaner v3.010 - Report created 02/11/2013 at 22:22:00
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Steve - AAPOLY
# Running from : C:\Users\Steve\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\SpeedyPC Software
Folder Deleted : C:\Users\Steve\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Steve\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Steve\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Steve\AppData\Roaming\SpeedyPC Software
File Deleted : C:\END

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\5308cd9b06ab814
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SpeedyPC Software
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Description
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\SpeedyPC Software

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

-\\ Mozilla Firefox v

*************************

AdwCleaner[R0].txt - [3635 octets] - [02/11/2013 22:15:46]
AdwCleaner[S0].txt - [3082 octets] - [02/11/2013 22:22:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3142 octets] ##########

 

Junkware Removal Tool Report:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Professional x64
Ran by Steve on Sat 11/02/2013 at 22:29:23.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2106177758-1893847509-3135993274-1000\Software\SweetIM

 

~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\regwork.job

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\regwork"
Successfully deleted: [Folder] "C:\Users\Steve\appdata\local\filetypeassistant"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\regwork"
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{00A11420-86EF-49EB-BD68-D040372972FB}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{01F086B1-B699-46BD-B008-434FD0DDA259}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{033A325B-3A06-411B-BDE8-D1EC60AC7F23}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{03BD9226-3CB2-4A76-B40F-02D0926DD7AF}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{064ECF1E-0B72-406B-91A1-9A1C1EA87695}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{06547A7F-F810-4E54-8F31-F3A71453A034}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{06F20D8C-3763-478D-B92B-677C8412D3B5}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{07DF73FD-11F9-435D-BC76-389594004EC7}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{090445F3-386F-40A6-AFAA-4F989DADC80C}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{0A6AB3FE-E477-4132-9CDB-7EAE9E0F1862}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{0DB37CFE-4F98-4765-B203-4D26C5496394}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{0DBA4CB4-16AB-4B72-BD34-A32A3036FC83}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{0F705729-88BE-4F7A-A77A-9BDEA253336F}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{0F7105FA-8FD4-4203-994E-7BD05E3EFBE5}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{1002F8C9-0906-4FE3-92A1-31D3E07DF188}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{11140991-730D-4AA1-BC3E-620518BA8C43}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{11448F32-4793-43EE-AFB2-07794831E9BF}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{11EF24CF-543C-4E1E-81D8-4EA15B162C23}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{1247B137-166A-4DA2-AC40-05F684DE7B14}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{138B9B0F-D8EC-462D-B850-6A9240627CE3}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{1417BE86-D709-4EF5-992C-AF5F632EAEAF}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{142628F2-3FD2-4212-97FA-5536BAF17871}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{1892B997-B4A0-42F8-BA2C-377EBBCE339A}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{18C96E2E-1E53-4B7F-9B26-EF225FFC6761}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{19A89FFD-1532-46FC-A353-D9BEBEBC0B14}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{19E2952D-D105-49A6-8E61-0F5407C2DDEF}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{1AC88CF0-4B55-4C42-BD3C-76405A93A1BC}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{1C4A9E97-10A4-4047-B1D1-E96E51960B77}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{1DAEE45E-ACA3-46D0-8A3E-5A6A49F3D49A}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{1ECA1A87-F09B-4C65-9348-C4FD7A7403C0}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{1F57DDD9-EF59-4DC5-B9A7-196498346D5B}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{214EDA92-0D1A-4818-BD1E-17C1F899C553}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{216300C5-102F-4482-8D90-95F3DCE603CE}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{21DAE872-AF16-4840-BAEC-F885671CC33B}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{2263FA4B-18A9-43F6-8417-AE013379D9A0}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{22F79C41-4EB9-4BEB-BD63-4F6E21BC894D}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{2452E93A-074D-4807-8AF0-43E387AF37B8}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{297663AA-D754-4EEF-81D5-CF9A1BB973E7}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{2B32DD46-95FF-46A4-B2E5-3F7862CD7417}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{2E29F0E2-3ACA-4C1E-9D7D-C7C9A0412456}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{2EEBC8BD-9192-4025-AF91-E1D39AAB3337}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{315CB5F1-3376-40CA-9C45-F7F3A189EBF8}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{340DA20E-FCF0-4401-8E48-F28C83BDFD7B}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{3500A905-5AEC-4BD5-9675-797B7DE7E082}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{38C695F6-5251-488E-990E-BE65CAAA8A95}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{3963FB63-3DF5-4E59-862F-3F2AB6BEB355}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{39B265E5-F65B-45A2-99A9-B1AC344E3BEF}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{39EE6838-65CD-41FE-8730-2E8F5E7C8C39}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{3A7DA9C3-0D24-4987-A0D1-D0D81B58C6F7}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{3C19DB75-6204-4BC1-A1B3-5A9C70FA5AB6}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{3CF9312B-45FD-4CFF-B33F-A3EE918D196C}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{3D2DED60-BFE6-4B46-9B4D-84C6E19FE44B}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{3D7D9620-5D48-4F12-B954-E94CFC0EDF05}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{3DFE5FDC-867F-4A59-864C-498445ED109C}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{40A1F91D-F118-4E33-9C9E-D028C46CC492}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{44D1BB3C-2EED-46D5-B771-F4B6C2669263}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{479EC446-F2CB-4AAE-8259-67B5D31C1C49}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{484892B1-13E1-496F-833A-4FC01D85E06A}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{48EB199B-C574-42C5-A615-8D3396A3BA04}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4947DE55-1A9F-41B9-8752-465D862AE8CA}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4A817744-2171-4823-94E5-AFE81299D71E}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4AF5B1C4-A5A9-4975-878C-1E62728843BA}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4B453F25-5582-4C39-8BF2-27D078D2C832}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4B7766FF-D3A6-49B6-84A5-823A54C521F0}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4D156415-50A7-411B-837D-C69C9BC20D86}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4D610BFB-8E93-4EC8-AECF-AEC0BE0792FD}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4E9E3CD5-E179-40C7-94A3-D96E9249DD25}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4ED25787-9A9D-44A5-8C51-40456E1CE6C4}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4F00ECF1-E4FD-4310-8513-33BFC00E4476}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{5007DD1A-2CD0-4EB2-BF13-C8D80A468AAF}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{506E17D3-371F-4771-A851-BE684138C433}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{52B5D4F9-A6C0-428D-968A-90E3C1D0C867}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{56FA86E6-A04B-4A5B-9ADC-BEE58B64BAE6}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{571D9F71-B8E2-460A-9301-F4AF3ED91AB4}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{595E0EF6-08CD-4F35-A4C8-28479B6F71B0}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{5988BBD7-66D4-4456-BE56-D9B39C37BBFE}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{5A27BEBA-77F2-4C9F-B837-2C586BAF9830}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{5B36DD00-66C8-4C2C-A85E-89BA9912AD16}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{5BB8F01A-A196-4AE6-B86A-2B0E50CBFC52}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{5BD120DE-4085-499C-8BF2-C049A764372D}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{5CD01C01-B331-4386-960B-4879E15F29D2}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{63E78BE7-41AB-4AC6-8FEE-91BDF5BA7F97}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{63F04958-404D-4BEB-9875-FF4938730734}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{6491FEFC-0CD1-4CFD-80AD-9EC50795370D}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{6545C98D-083A-4ADD-AC60-DE0D4E9D2596}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{65C8E3FA-A49F-4567-A837-CF75550D2949}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{67001EED-8717-4520-8A88-E45302B23F81}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{67199A7F-01C2-4549-8209-FF8A58060D7C}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{68BF1118-C298-4B03-9595-89A3C2C4A723}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{68E05C4C-4311-4907-AF02-231DC6E8B157}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{6969B975-4B2E-4F36-AC3E-488504D97811}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{6CD68B96-3422-47EE-BF88-5332AEF6A017}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{6D386570-6A91-46E1-8450-0186A69B1ECA}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{6D47550C-38AA-46BD-AB97-66C2F9A82D53}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{6EF5B199-181A-4BD2-94FE-8E80E2B18975}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{6F394453-6893-4EE8-936C-4EED0E280CF6}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{6FC7FFFA-79FE-423C-8A2C-6608F1138286}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{705CB4EF-984B-4781-8BD4-C44979E33A33}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{706EC2E7-7DE6-486A-92DA-A45DC53C324E}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{716F773F-E929-4AE3-913C-859B8BFFC8F0}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{723AE6F3-1AC0-415A-99AE-ACC788BD4E37}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{74BEA5EB-F7DA-4413-9101-02BD5A07A131}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{74C8F1CC-2EAB-4F07-9438-C41C47CBBADE}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{74E622EA-C359-44CC-9AD0-2A02891BB76C}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{77D21770-EFDA-472D-8BA7-62A93BBE57CC}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{78016CBC-046F-44E6-A801-07417370F8D8}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{78387EB8-9ACC-4359-81EE-CD6FA6113115}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{788DDD31-3DCC-4B1D-AB8C-5224E2CE2584}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{78CB82EB-82F1-40EB-818D-E3AF26F0BB1D}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{7A659BA1-5DD3-4AA2-8CAB-E3DA5264E97C}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{7C2CA728-C274-4D06-B4B9-CD0E48D52C01}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{7D7D50EB-3672-422F-A9A7-FCFF8D226736}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{7E33906A-1CB1-4E6A-A417-5495AB0B9DCC}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{7EBA470E-41AE-4537-B88C-449627FC031F}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{815F7390-2EC8-42EF-B6D4-6BD7DF05177C}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{81FB7346-6D83-4E7E-B93C-08902E2031D1}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{823C1D4D-8705-4F15-8BC2-4AB654FF16D3}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{83653CEB-337A-4719-8A86-8CB400E0184F}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{838FFB2A-7A11-4A3F-B7C7-B26BC22EBDB6}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{83A72651-B0D8-4579-A7F4-32A4BEC0F31F}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{84480D0E-A7C5-470C-84C6-EC0302DED4B7}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{85180FDA-A6F4-49C3-B689-7153C6D3BF82}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{85D9C437-DFD3-4C25-86A2-D84C52B6773F}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{882FCF4D-27A0-4DD7-B389-6CD3510C1A50}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{8C27D83E-91E9-47C9-B916-3823F4D29037}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{8E34F7D4-6573-4CA5-9369-8B044AA62A5F}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{8E945C20-A195-48CB-8617-C2F5A960373F}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{8F5D80B9-4756-4130-96C8-28EB5707D177}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{8F6D9EBB-3C5A-472A-9C29-63736224816C}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{90B1D015-AA94-4078-A5DA-78B36DC226E4}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{9221C9BE-7092-465F-8D61-5BF97A0A61A9}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{92416027-4420-418B-B187-FF79546F1E57}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{93D5267B-EF80-465A-8462-B3CC9A7D7556}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{9468B2E9-6A3B-4123-ACAD-3A0C4FE33F43}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{94FBEFCC-208E-4814-A2AE-2BADF596CD63}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{954D580F-F54D-4445-BA7D-D9FA7518D723}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{961B3FBA-161A-4F84-A453-D152E68C4260}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{98DAB443-0F39-4D2B-AAAA-180E0C4F4BCA}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{99D5EE7E-9F19-4CB7-A507-DF73F60BF19C}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{9B1FA2DB-4B07-45DB-AEBA-8F03E3B17AFE}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{9C065FFF-3186-4766-B823-FE6FB1E8ABD8}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{9CAB0B41-E94E-4A37-A703-8A3649E86B75}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{9D14CE11-E0E5-47DA-BD8E-AE5EA5E24447}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{9D589FDC-70CD-4F22-B5A4-A48CD9D7C735}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{A0CEB966-E733-4BC8-B2F9-18C44596F6FC}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{A1C1A574-39BB-448E-8E1B-C2ADC718EED0}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{A5E821EC-98F7-40DA-A6B6-C80A0E791539}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{A5F9EB73-B725-498F-9433-7C57F8BD9DEC}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{A7953515-4168-4F78-BD6C-6D339F8A271D}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{A795FDD3-F9FF-42EA-9CB2-197C708DD7ED}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{A82ADDBA-D346-4145-9CD9-27D6DA2489D3}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{AA5C1924-7D3D-4F74-9E88-8D8AF94942EA}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{AB25DD34-0D3C-4856-BA93-A35F884C27B8}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{ACA9C2EB-D1BE-48A8-9E7E-B2A53B70967B}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{ACBEE069-5548-4CC2-93B5-A860F145C235}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{AD63698C-458D-484D-9E3E-0D8163758019}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{AE4277A2-A7BE-4EB0-89AF-13B479EB34BD}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{AE9CAE64-E9E1-44EC-850D-463C758486D3}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{B00DA0F6-4367-4455-85B0-7FB93DD5DE2B}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{B0268A6E-60EC-4372-83AA-8560095FB0CD}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{B1A6F4E2-6BD3-4BEB-8DC8-F0F542F3013A}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{B1E010F9-1DC2-464A-8148-1CB9E23E30FC}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{B3826F88-FC9C-4680-8B49-0ED18F6AA9D2}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{B462EE75-38BA-4C0B-B667-58DF31F8F2A5}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{B6CF4DE5-8382-4296-B853-9E63647C8A86}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{B70FA15B-36C5-49FC-AC96-A259D650AADB}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{B71B820F-264B-4F50-A9D6-4767E3DBF5CA}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{B7DCCA77-F4C3-48E7-91AD-99F26BF5A92A}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{B8E98394-C319-46D7-9A46-5008641913F3}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{B9EF3831-3D95-4467-BC8F-EC828F6649AE}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{BA2EE52F-10FE-4CBF-B4EA-9DB4E59AD725}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{BA649017-4B38-4516-B2C9-F9908A40DE16}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{BCBC5138-1838-4917-81FA-CE03E8EC5A2F}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{BCD2A021-295F-421D-B76B-BB0F51B592AB}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{BEE83AF7-86D5-42FD-B21C-95B6C26A6627}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{C0504B64-FD5E-40D1-9789-606B98DA95C0}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{C34F8D83-89C8-4DD7-8B15-6802C30555D5}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{C6787EE0-3226-4102-BCA3-17E65BDB6B5B}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{CA26B8BE-9AF1-4E89-83B8-95E7FC6E8EC3}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{CB76955B-2E88-4CF5-8185-D8B791985411}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{CC6B2138-49B5-4A3A-8DB6-3DFB1A080EF2}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{CDBAD214-DCD1-4429-9AF0-5967A54119E5}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{CE42C687-30C4-4949-A75C-23E1D4A7A644}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{CE4E107F-8579-4DBF-A7D3-3F6ECA81E122}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{D01E8806-7091-469E-A61F-11974D8A0DB0}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{D3403AFA-7392-4A2E-B0A6-C2C5A5840E9B}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{D47588C5-D9A2-4E12-82AA-4D14E46E7375}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{D609C85B-3741-4627-B734-BDD071CCAECF}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{D74CBA1C-937F-4FA9-B2F0-36620DEE16B2}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{D7E9DEA4-1B47-4987-8ED5-9FC32EF654DD}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{D8D13229-56C4-4A00-A809-E1B7C84E3F0B}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{DA994B9F-6E4D-4209-B630-C9B687B06F7E}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{DAA03A6B-019A-494B-8CD1-F909D628899E}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{DAC7980A-D885-4A1C-8B71-B9CF91556C53}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{DB51748A-85BC-4258-9DBD-7B5E05E9AAA2}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{DD0830A5-923E-4A5D-9FBA-5F6F840BEDBF}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{E0F9C0A4-CC97-43F0-B2A6-C198D488EC46}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{E2B21E0F-A8A0-426D-A0D7-06A6C542A801}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{E44E023F-DD5D-4853-A7D2-5553627F0561}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{E454A8B5-8ACE-4750-A269-602951C4815A}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{E5D1CF47-FC2B-46E2-9660-11F46A3BCA6A}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{E66F03F2-71E1-4465-87D0-C4778ACB0276}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{E89444DE-6F3A-483A-BFF7-019B01966926}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{E97530BD-3E86-4289-85ED-BC2DF11A4516}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{EB7406FF-0F2C-4A72-8660-BBF3C629C350}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{EB7B05C3-0223-43B9-8EED-D6711D7C00C7}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{EB8BC30F-3AFB-4C8C-A524-C79034B06C45}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{ED16325E-15BC-4352-9B9B-091BF6C6B78F}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{EE4BADD5-4C2B-4140-9BEC-F0E62D2B624D}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{EEFF473A-47FD-4778-A313-4A7740976460}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{F2812392-F025-49D5-871D-C59573AD533A}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{F4B64CD6-81ED-41BF-9D65-E1C129629219}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{F511EB66-26E9-4DDF-BA5F-F2606CE52BD0}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{F93AF4C8-4544-45D3-A178-ABF7EE89E723}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{FB993C91-32A3-4C25-A0B6-37E408510306}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{FBF2FDD6-9160-48B2-99D8-D47607D8AAEA}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{FC9F6B52-9448-4912-87A7-169D85468B77}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{FCB6A2FD-9D7E-406B-B6C3-A646AC81B3C0}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{FF922CB3-9C1C-454A-A453-C5BEA9F408DF}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/02/2013 at 22:34:29.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

There were 2 DDS notepad documents generated. One was titled ATTACH and it specifically said to NOT attach it. Here are the first few lines from that document:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/27/2010 12:48:16 PM
System Uptime: 11/2/2013 9:23:27 PM (1 hours ago)

 

The second DDS notepad document was titled simply DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720
Run by Steve at 22:38:13 on 2013-11-02
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3895.2398 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\UPS\WSTD\WSTDMessaging.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\system32\NOTEPAD.EXE
C:\UPS\WSTD\UPSNA1Msgr.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\explorer.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://msn.com/
mWinlogon: Userinit = userinit.exe
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Facebook Update] "C:\Users\Steve\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
uRun: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
StartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UPSWOR~2.LNK - C:\UPS\WSTD\WSTDMessaging.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UPSWOR~1.LNK - C:\UPS\WSTD\wstdPldReminder.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
TCP: NameServer = 192.168.17.1
TCP: Interfaces\{AC11B410-BA7B-42DA-95AF-70CD5F197207} : DHCPNameServer = 192.168.17.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 216.239.32.20 www.google.ae # bck9
Hosts: 216.239.32.20 www.google.at # bck9
Hosts: 216.239.32.20 www.google.be # bck9
Hosts: 216.239.32.20 www.google.ca # bck9
Hosts: 216.239.32.20 www.google.ch # bck9
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-7 55856]
R1 bckd;bckd;C:\Windows\System32\drivers\bckd.sys [2012-2-13 108304]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]
R2 bckwfs;Blue Coat K9 Web Protection;C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2012-2-13 2122000]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-12-18 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-11-29 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-12-21 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-12 701512]
R2 MSSQL$UPSWSDBSERVER;SQL Server (UPSWSDBSERVER);c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe -sUPSWSDBSERVER --> c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe -sUPSWSDBSERVER [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-7 673088]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2009-6-30 411136]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-9-7 56344]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-9-7 271872]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-9-7 321064]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-3-21 25928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-6 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-9-7 158976]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2011-8-17 271640]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-8-19 351136]
S3 LVUVC64;Logitech Webcam 200(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-8-19 4869024]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 139616]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-17 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-17 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-28 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-11-03 03:29:20 -------- d-----w- C:\Windows\ERUNT
2013-11-03 03:15:40 -------- d-----w- C:\AdwCleaner
2013-11-02 08:35:15 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CAE87FF0-8ED4-4BAB-91D7-B9A46026BD4F}\mpengine.dll
2013-11-01 08:37:13 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-24 09:10:34 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-10-24 09:10:34 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-10-24 09:10:34 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-10-24 09:10:34 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-10-24 09:10:34 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-10-24 09:10:34 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-10-24 09:10:34 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-10-21 03:09:24 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-21 03:09:24 -------- d-----w- C:\Program Files\iTunes
2013-10-21 03:09:24 -------- d-----w- C:\Program Files\iPod
2013-10-21 03:09:24 -------- d-----w- C:\Program Files (x86)\iTunes
2013-10-18 08:29:03 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{92524238-F7FA-4AD2-94C8-696C1DD10006}\gapaengine.dll
2013-10-10 05:14:50 633856 ----a-w- C:\Windows\System32\comctl32.dll
.
==================== Find3M  ====================
.
2013-10-28 13:41:24 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2013-10-28 13:41:23 92488 ----a-w- C:\Windows\System32\LMIinit.dll
2013-10-28 13:41:23 35656 ----a-w- C:\Windows\System32\LMIport.dll
2013-10-23 13:41:24 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2013-10-09 07:33:19 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-09 07:33:18 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-08-26 09:13:02 354656 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2013-08-07 22:54:02 94208 ----a-w- C:\Windows\SysWow64\dpl100.dll
.
============= FINISH: 22:38:50.61 ===============

 

All 4 of these processes ran smoothly and quickly, but the popups remain.

Steve
 

 

 

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:40 AM

Posted 04 November 2013 - 02:01 PM

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.mydigitallife.info/2007/02/17/how-to-open-elevated-command-prompt-with-administrator-privileges-in-windows-vista/
<<<>>>

Please let me know if the redirection issue is with Firefox, IE or Chrome. May be all?

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:40 AM

Posted 10 November 2013 - 09:16 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users