Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirection - Zero Access Toolkit


  • This topic is locked This topic is locked
27 replies to this topic

#1 pamheld

pamheld

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 01 April 2014 - 04:53 PM

Hello,

 

A colleague's browser is being redirected - both IE and Firefox on a 64 bit machine running Win7.

 

AVG Antivirus Business Edition moved some items to the virus vault, but the problem continued.

 

We ran Malwarebytes, which found Scorpion Saver and SavingBull, which were deleted.

 

We downdownloaded and ran RKill - which found ZeroAccess toolkit.

 

We downloaded and ran Hitman Pro, which found nothing.

 

We re-ran Malwarebytes, and nothing was found.

 

I see lots of suggestion for dealing with ZeroAccess toolkit.  Is there a consensus on the best method to do so?

 

Here's the DDS log file:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16540
Run by dmiller at 14:44:43 on 2014-04-01
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.6057.3892 [GMT -7:00]
.
AV: AVG Anti-Virus Business Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Business Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\dmiller\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Users\dmiller\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\ScanSoft\PaperPort\Pptd40nt.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.yahoo.com/
uSearch Bar = Preserve
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
uRun: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe"
uRun: [ivezxrz] regsvr32.exe /s "C:\ProgramData\ivezxrz.dat"
uRun: [PCShowServer] "C:\Users\dmiller\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [PC Meter Connect] C:\Program Files (x86)\Pitney Bowes\PC Meter Connect\mailstationAssistant.exe minimize
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [zzzHPSETUP] D:\Setup.exe
mRun: [PaperPort PTD] c:\progra~2\scansoft\paperp~1\pptd40nt.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxps://eds.bankofthewest.com/MerchantCaptureWebClient/Reserved.ReportViewerWebControl.axd?ReportSession=410w0uicfyl0lyq0eoicen55&ControlID=cdaa8f9b2bfd444ab0cc8012a9d82203&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CED616F0-2859-4BF8-8538-9DAF544AF2CB} - hxxps://www.yardiasp.com/52523creekbridge/ysiComm.CAB
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP28EP1-11759/support/ieatgpc1.cab
TCP: NameServer = 192.168.60.76
TCP: Interfaces\{2D9285D5-C4CD-49E8-AC65-F7446C37FB79} : DHCPNameServer = 192.168.60.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-7-1 55856]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-4-11 384800]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-11-8 49952]
R1 RapportCerberus_44365;RapportCerberus_44365;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_44365.sys [2012-11-15 508024]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2011-7-28 137232]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2013-10-16 5175856]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-1 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-1 857912]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-7-1 689472]
R2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [2014-3-20 1771032]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-7-1 317440]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2009-6-17 74256]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2009-6-17 13328]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-3 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-1 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-1 63192]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-1 413800]
R3 TsUsb2;Driver for TellerScan Device;C:\Windows\System32\drivers\TSUSB2.SYS [2010-8-16 53760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 DM150Drv;DM150Drv;C:\Windows\System32\drivers\DM150Drv.sys [2013-5-10 24312]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RapportIaso;RapportIaso;C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\46125\RapportIaso64.sys [2012-11-15 175352]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-21 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-04-01 16:35:57    --------    d-----w-    C:\ProgramData\HitmanPro
2014-04-01 16:08:32    119512    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-01 16:08:06    88280    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-01 16:08:06    63192    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-04-01 16:08:06    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-20 19:09:10    --------    d-----w-    C:\ProgramData\AVG Secure Search
2014-03-15 18:03:17    --------    d-----w-    C:\Program Files\Level Quality Watcher
2014-03-12 10:06:00    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-03-12 10:05:59    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-03-12 10:05:59    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-03-12 10:05:59    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-03-12 10:05:58    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-03-12 10:05:58    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
.
==================== Find3M  ====================
.
2014-03-20 19:08:55    49952    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2014-03-12 19:01:15    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 19:01:15    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-05 16:26:04    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-02-23 06:54:58    2334720    ----a-w-    C:\Windows\System32\jscript9.dll
2014-02-23 06:48:31    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2014-02-23 06:46:42    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-02-23 06:45:36    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-02-23 06:45:27    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2014-02-23 06:44:02    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-02-23 05:47:19    1806848    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-02-23 05:40:18    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-23 05:39:28    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-02-23 05:38:08    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-02-23 05:37:49    421376    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-02-23 05:36:22    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 14:45:10.71 ===============
 

 

Pam H.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:29 AM

Posted 01 April 2014 - 05:17 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Regards,

Georgi


cXfZ4wS.png


#3 pamheld

pamheld
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 01 April 2014 - 05:36 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by dmiller (administrator) on DMILLER-PC on 01-04-2014 15:30:40
Running from C:\Users\dmiller\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NDS Technologies) C:\Users\dmiller\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
() C:\Users\dmiller\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Pitney Bowes, Inc.) C:\Program Files (x86)\Pitney Bowes\PC Meter Connect\mailstationAssistant.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Scansoft Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\Pptd40nt.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055816 2011-05-30] ()
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-12-11] (LogMeIn, Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-05-30] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe [4144448 2010-11-10] (Dell, Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [PC Meter Connect] - C:\Program Files (x86)\Pitney Bowes\PC Meter Connect\mailstationAssistant.exe [3514368 2012-02-07] (Pitney Bowes, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2544664 2014-03-20] ()
HKLM-x32\...\Run: [zzzHPSETUP] - D:\Setup.exe
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\ScanSoft\PaperPort\Pptd40nt.exe [29184 2002-03-19] (Scansoft Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2525335773-3161513007-335672579-1000\...\Run: [Adobe Reader Synchronizer] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1272912 2013-05-10] (Adobe Systems Incorporated)
HKU\S-1-5-21-2525335773-3161513007-335672579-1000\...\Run: [ivezxrz] - regsvr32.exe /s "C:\ProgramData\ivezxrz.dat"
HKU\S-1-5-21-2525335773-3161513007-335672579-1000\...\Run: [PCShowServer] - C:\Users\dmiller\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [525240 2012-10-15] (NDS Technologies)
HKU\S-1-5-21-2525335773-3161513007-335672579-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-2525335773-3161513007-335672579-1000\$232e74302446a19c8772883976a52136\n. ATTENTION! ====> ZeroAccess?

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBEA09D249493CE01
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPBBD11295-3E09-4210-98C1-34C1BA87D256&q={searchTerms}&SSPV=
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPBBD11295-3E09-4210-98C1-34C1BA87D256&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPBBD11295-3E09-4210-98C1-34C1BA87D256&q={searchTerms}&SSPV=
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {0D221D00-A6ED-477C-8A91-41F3B660A832} https://eds.bankofthewest.com/MerchantCaptureWebClient/Reserved.ReportViewerWebControl.axd?ReportSession=410w0uicfyl0lyq0eoicen55&ControlID=cdaa8f9b2bfd444ab0cc8012a9d82203&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
DPF: HKLM-x32 {CED616F0-2859-4BF8-8538-9DAF544AF2CB} https://www.yardiasp.com/52523creekbridge/ysiComm.CAB
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP28EP1-11759/support/ieatgpc1.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.60.76

FireFox:
========
FF ProfilePath: C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AD5&o=APN10090&locale=en_US&apn_uid=2d9b21ea-c128-4fec-b56e-4651426febd3&apn_ptnrs=%5EA5G&apn_sauid=5F1CB1C6-DAE3-4B33-936E-D845BFF782E3&apn_dtid=%5EYYYYYY%5EYY%5EUS&&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nds.com/PCShowPlugin - C:\Users\dmiller\AppData\Local\DIRECTV Player\npPCShowPlugin.dll No File
FF Plugin HKCU: @nds.com/PlayerPlugin - C:\Users\dmiller\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin HKCU: NDS.com/PlayerPlugin - C:\Users\dmiller\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4\ []

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPBBD11295-3E09-4210-98C1-34C1BA87D256&SSPV=
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchURL: http://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPBBD11295-3E09-4210-98C1-34C1BA87D256&q={searchTerms}&SSPV=
CHR Extension: (Docs) - C:\Users\dmiller\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-20]
CHR Extension: (Google Drive) - C:\Users\dmiller\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-20]
CHR Extension: (YouTube) - C:\Users\dmiller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-20]
CHR Extension: (Google Search) - C:\Users\dmiller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-20]
CHR Extension: (AVG Security Toolbar) - C:\Users\dmiller\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-02-20]
CHR Extension: (Google Wallet) - C:\Users\dmiller\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-20]
CHR Extension: (Gmail) - C:\Users\dmiller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-20]
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.0.5.292\avg.crx [2014-03-20]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-01-20] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-01-20] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-12-11] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-20] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-03-20] (AVG Technologies)
S3 DM150Drv; C:\Windows\System32\DRIVERS\DM150Drv.sys [24312 2010-07-30] (Pitney Bowes)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-12-11] (LogMeIn, Inc.)
U4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
R1 RapportCerberus_44365; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_44365.sys [508024 2012-11-15] ()
S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\46125\rapportiaso64.sys [175352 2012-11-15] (Trusteer Ltd.)
R3 TsUsb2; C:\Windows\System32\Drivers\TSUSB2.sys [53760 2010-08-16] (HTL)
R3 TsUsb2; C:\Windows\SysWOW64\Drivers\TSUSB2.sys [53760 2007-05-25] (HTL)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-01 15:30 - 2014-04-01 15:30 - 00020487 _____ () C:\Users\dmiller\Desktop\FRST.txt
2014-04-01 15:29 - 2014-04-01 15:30 - 00000000 ____D () C:\FRST
2014-04-01 15:29 - 2014-04-01 15:29 - 02157056 _____ (Farbar) C:\Users\dmiller\Desktop\FRST64.exe
2014-04-01 15:20 - 2014-04-01 15:26 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-04-01 15:20 - 2014-04-01 15:20 - 00000000 ____D () C:\Users\dmiller\AppData\Local\LogMeIn
2014-04-01 15:20 - 2014-04-01 15:20 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-04-01 15:20 - 2014-01-20 13:35 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-04-01 15:20 - 2014-01-20 13:35 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-04-01 15:20 - 2014-01-20 13:35 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-04-01 15:20 - 2013-12-11 17:11 - 00072216 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMIRfsDriver.sys
2014-04-01 14:58 - 2014-04-01 15:20 - 00001024 _____ () C:\.rnd
2014-04-01 14:55 - 2014-04-01 14:56 - 25010176 _____ () C:\Users\dmiller\Downloads\LogMeIn.msi
2014-04-01 14:45 - 2014-04-01 14:46 - 00018583 _____ () C:\Users\dmiller\Desktop\dds.txt
2014-04-01 14:45 - 2014-04-01 14:46 - 00011883 _____ () C:\Users\dmiller\Desktop\attach.txt
2014-04-01 14:41 - 2014-04-01 14:41 - 00688992 ____R (Swearware) C:\Users\dmiller\Desktop\dds.com
2014-04-01 10:59 - 2014-04-01 10:59 - 00000000 ____D () C:\Users\dmiller\Documents\TurboTax
2014-04-01 09:35 - 2014-04-01 09:44 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-01 09:35 - 2014-04-01 09:37 - 10971424 _____ (SurfRight B.V.) C:\Users\dmiller\Desktop\HitmanPro_x64.exe
2014-04-01 09:33 - 2014-04-01 08:59 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\dmiller\Desktop\rkill.com
2014-04-01 09:08 - 2014-04-01 15:16 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-01 09:08 - 2014-04-01 09:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-01 09:08 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-01 09:08 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-31 15:55 - 2014-04-01 09:19 - 02111951 _____ () C:\Windows\system32\SavingsBullFilterService.log
2014-03-31 15:55 - 2014-03-31 15:55 - 00000000 _____ () C:\Windows\SysWOW64\Service.log
2014-03-31 15:55 - 2014-03-31 15:55 - 00000000 _____ () C:\Windows\system32\Service.log
2014-03-31 14:35 - 2014-03-31 14:41 - 00012315 _____ () C:\Users\dmiller\Documents\Home depot breakdown 04-2014 PAYMENT.xlsx
2014-03-31 09:21 - 2014-03-31 09:21 - 00040960 _____ () C:\Users\dmiller\Documents\Timesheet 033114.xls
2014-03-25 15:07 - 2014-03-25 15:07 - 00035328 _____ () C:\Users\dmiller\Documents\clearwire march 2014 rent billing DOC.xls
2014-03-25 11:56 - 2014-03-26 14:30 - 00036352 _____ () C:\Users\dmiller\Documents\clearwire billing 1rst qtr 2014 DOC.xls
2014-03-24 15:42 - 2014-03-24 15:42 - 00013385 _____ () C:\Users\dmiller\Documents\AT&T 020614-030914 Electrical.xlsx
2014-03-24 15:38 - 2014-03-24 15:38 - 00033792 _____ () C:\Users\dmiller\Documents\Clearwire 020614-030914 Electricity Billing.xls
2014-03-24 15:22 - 2014-03-24 15:22 - 00160768 _____ () C:\Users\dmiller\Documents\Copy of Haar 21-201 Pet Deposit.xls
2014-03-24 15:20 - 2014-03-24 15:20 - 00161280 _____ () C:\Users\dmiller\Documents\Copy of Haar 21-201 (2).xls
2014-03-20 12:09 - 2014-03-20 12:09 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-03-18 15:58 - 2014-03-18 15:58 - 00161280 _____ () C:\Users\dmiller\Documents\Copy of Jimenez 87-101.xls
2014-03-18 15:58 - 2014-03-18 15:58 - 00013374 _____ () C:\Users\dmiller\Documents\AT&T 010714-020514 Electrical.xlsx
2014-03-18 15:57 - 2014-03-18 15:57 - 00161280 _____ () C:\Users\dmiller\Documents\Copy of Bock 51-202.xls
2014-03-18 15:46 - 2014-03-19 11:53 - 00161280 _____ () C:\Users\dmiller\Documents\Copy of escalante 39-107 (2).xls
2014-03-18 14:46 - 2014-03-18 14:46 - 00033792 _____ () C:\Users\dmiller\Documents\Clearwire 010714-020514 Electricity Billing.xls
2014-03-15 13:14 - 2014-03-17 10:05 - 00040960 _____ () C:\Users\dmiller\Documents\Timesheet 031514.xls
2014-03-15 11:03 - 2014-04-01 09:20 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-03-15 11:03 - 2014-03-15 11:03 - 00004396 _____ () C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2014-03-15 10:52 - 2014-03-17 13:45 - 00161280 _____ () C:\Users\dmiller\Documents\Copy of Rogalsky 69-102.xls
2014-03-15 10:52 - 2014-03-15 10:52 - 00163840 _____ () C:\Users\dmiller\Documents\Copy of Brock 51-202.xls
2014-03-15 10:52 - 2014-03-15 10:52 - 00160768 _____ () C:\Users\dmiller\Documents\Copy of Lobos Amaya 09-105.xls
2014-03-13 03:03 - 2014-02-23 00:12 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 03:03 - 2014-02-22 23:54 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 03:03 - 2014-02-22 23:52 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 03:03 - 2014-02-22 23:48 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 03:03 - 2014-02-22 23:48 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 03:03 - 2014-02-22 23:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 03:03 - 2014-02-22 23:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-13 03:03 - 2014-02-22 23:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 03:03 - 2014-02-22 23:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-13 03:03 - 2014-02-22 23:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-13 03:03 - 2014-02-22 23:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 03:03 - 2014-02-22 23:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 03:03 - 2014-02-22 23:44 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 03:03 - 2014-02-22 23:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 03:03 - 2014-02-22 23:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-13 03:03 - 2014-02-22 23:43 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 03:03 - 2014-02-22 22:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 03:03 - 2014-02-22 22:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 03:03 - 2014-02-22 22:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 03:03 - 2014-02-22 22:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 03:03 - 2014-02-22 22:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 03:03 - 2014-02-22 22:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 03:03 - 2014-02-22 22:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-13 03:03 - 2014-02-22 22:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 03:03 - 2014-02-22 22:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 03:03 - 2014-02-22 22:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 03:03 - 2014-02-22 22:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-13 03:03 - 2014-02-22 22:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 03:03 - 2014-02-22 22:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-13 03:03 - 2014-02-22 22:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 03:03 - 2014-02-22 22:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-13 03:03 - 2014-02-22 22:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 12:40 - 2014-03-12 12:53 - 00014122 _____ () C:\Users\dmiller\Documents\billing Villalpando lot 43 pge.xlsx
2014-03-12 03:06 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 03:05 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 03:05 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 03:05 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 03:05 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 03:05 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-11 17:13 - 2014-03-27 12:53 - 00014489 _____ () C:\Users\dmiller\Documents\Ocip Insurance.xlsx
2014-03-10 15:39 - 2014-03-11 09:34 - 00018053 _____ () C:\Users\dmiller\Documents\WC Audit 2014.xlsx
2014-03-06 17:20 - 2014-03-11 10:01 - 00000000 ____D () C:\Users\dmiller\Documents\Deposits-Refunds Tenant Chks HUD 2013 Audit
2014-03-06 14:03 - 2014-03-06 14:46 - 00000000 ____D () C:\Users\dmiller\Documents\Check Copy-Dep Slip Detail HUD 2013 Audit
2014-03-05 16:34 - 2014-03-05 16:34 - 00013964 _____ () C:\Users\dmiller\Documents\Crain Communications feb 2014 Billing.xlsx
2014-03-05 16:14 - 2014-03-05 16:14 - 00014153 _____ () C:\Users\dmiller\Documents\Coursera Feb 2014 Billing.xlsx
2014-03-05 15:49 - 2014-03-05 15:49 - 00014663 _____ () C:\Users\dmiller\Documents\Coursera jan 2014 Billing.xlsx
2014-03-05 10:25 - 2014-03-05 10:25 - 00160768 _____ () C:\Users\dmiller\Documents\Copy of castellanos 39-104.xls
2014-03-04 09:48 - 2014-03-05 10:13 - 00160768 _____ () C:\Users\dmiller\Documents\castellanos 39-104.xls

==================== One Month Modified Files and Folders =======

2014-04-01 15:30 - 2014-04-01 15:30 - 00020487 _____ () C:\Users\dmiller\Desktop\FRST.txt
2014-04-01 15:30 - 2014-04-01 15:29 - 00000000 ____D () C:\FRST
2014-04-01 15:29 - 2014-04-01 15:29 - 02157056 _____ (Farbar) C:\Users\dmiller\Desktop\FRST64.exe
2014-04-01 15:26 - 2014-04-01 15:20 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-04-01 15:23 - 2011-07-27 13:12 - 00000136 _____ () C:\Windows\system32\config\netlogon.ftl
2014-04-01 15:23 - 2009-07-13 21:45 - 00039664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-01 15:23 - 2009-07-13 21:45 - 00039664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-01 15:21 - 2013-05-17 16:07 - 01347609 _____ () C:\Windows\WindowsUpdate.log
2014-04-01 15:20 - 2014-04-01 15:20 - 00000000 ____D () C:\Users\dmiller\AppData\Local\LogMeIn
2014-04-01 15:20 - 2014-04-01 15:20 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-04-01 15:20 - 2014-04-01 14:58 - 00001024 _____ () C:\.rnd
2014-04-01 15:20 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-01 15:16 - 2014-04-01 09:08 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-01 15:16 - 2014-02-20 12:34 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2e72c3864a1b.job
2014-04-01 15:16 - 2013-05-31 12:19 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-04-01 15:16 - 2011-07-01 13:50 - 00000000 ____D () C:\ProgramData\Sonic
2014-04-01 15:16 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-01 15:15 - 2010-11-20 20:47 - 00290206 _____ () C:\Windows\PFRO.log
2014-04-01 15:15 - 2009-07-13 21:51 - 01943870 _____ () C:\Windows\setupact.log
2014-04-01 15:07 - 2014-02-20 12:34 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf2e72c4e449b7.job
2014-04-01 15:01 - 2013-07-31 10:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-01 14:56 - 2014-04-01 14:55 - 25010176 _____ () C:\Users\dmiller\Downloads\LogMeIn.msi
2014-04-01 14:46 - 2014-04-01 14:45 - 00018583 _____ () C:\Users\dmiller\Desktop\dds.txt
2014-04-01 14:46 - 2014-04-01 14:45 - 00011883 _____ () C:\Users\dmiller\Desktop\attach.txt
2014-04-01 14:41 - 2014-04-01 14:41 - 00688992 ____R (Swearware) C:\Users\dmiller\Desktop\dds.com
2014-04-01 14:33 - 2011-07-21 12:31 - 00000000 ____D () C:\Users\dmiller\Documents\Outlook Files
2014-04-01 14:33 - 2011-07-20 20:26 - 503473152 _____ () C:\Users\dmiller\Desktop\Outlook.pst.pst
2014-04-01 10:59 - 2014-04-01 10:59 - 00000000 ____D () C:\Users\dmiller\Documents\TurboTax
2014-04-01 10:57 - 2011-10-04 16:11 - 00019423 _____ () C:\Users\dmiller\Documents\COMBINED UTILITIES.xlsx
2014-04-01 09:54 - 2012-04-30 09:16 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2014-04-01 09:50 - 2011-11-02 10:29 - 00000000 ____D () C:\Users\dmiller\AppData\Roaming\Amazon
2014-04-01 09:50 - 2011-11-02 10:29 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-04-01 09:44 - 2014-04-01 09:35 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-01 09:37 - 2014-04-01 09:35 - 10971424 _____ (SurfRight B.V.) C:\Users\dmiller\Desktop\HitmanPro_x64.exe
2014-04-01 09:34 - 2013-05-03 11:05 - 00003064 _____ () C:\Users\dmiller\Desktop\Rkill.txt
2014-04-01 09:33 - 2013-05-03 11:05 - 00000000 ____D () C:\Users\dmiller\Desktop\rkill
2014-04-01 09:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-01 09:21 - 2014-04-01 09:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-01 09:20 - 2014-03-15 11:03 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-04-01 09:19 - 2014-03-31 15:55 - 02111951 _____ () C:\Windows\system32\SavingsBullFilterService.log
2014-04-01 09:19 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2014-04-01 09:08 - 2013-05-03 11:08 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-01 09:08 - 2013-05-03 11:08 - 00000000 ____D () C:\Users\dmiller\AppData\Roaming\Malwarebytes
2014-04-01 09:08 - 2013-05-03 11:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-01 08:59 - 2014-04-01 09:33 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\dmiller\Desktop\rkill.com
2014-04-01 03:01 - 2013-11-20 04:01 - 00768481 _____ () C:\Windows\IE11_main.log
2014-03-31 15:55 - 2014-03-31 15:55 - 00000000 _____ () C:\Windows\SysWOW64\Service.log
2014-03-31 15:55 - 2014-03-31 15:55 - 00000000 _____ () C:\Windows\system32\Service.log
2014-03-31 14:41 - 2014-03-31 14:35 - 00012315 _____ () C:\Users\dmiller\Documents\Home depot breakdown 04-2014 PAYMENT.xlsx
2014-03-31 09:21 - 2014-03-31 09:21 - 00040960 _____ () C:\Users\dmiller\Documents\Timesheet 033114.xls
2014-03-28 09:42 - 2013-11-15 12:55 - 00146432 _____ () C:\Users\dmiller\Documents\Check Request-Yardi IMPACT FEES.xls
2014-03-27 12:53 - 2014-03-11 17:13 - 00014489 _____ () C:\Users\dmiller\Documents\Ocip Insurance.xlsx
2014-03-27 03:02 - 2014-02-20 12:34 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf2e72c4e449b7
2014-03-27 03:02 - 2014-02-20 12:34 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf2e72c3864a1b
2014-03-26 14:30 - 2014-03-25 11:56 - 00036352 _____ () C:\Users\dmiller\Documents\clearwire billing 1rst qtr 2014 DOC.xls
2014-03-25 15:07 - 2014-03-25 15:07 - 00035328 _____ () C:\Users\dmiller\Documents\clearwire march 2014 rent billing DOC.xls
2014-03-25 14:44 - 2011-08-11 16:11 - 00035840 _____ () C:\Users\dmiller\Documents\clearwire billing DOC.xls
2014-03-24 15:42 - 2014-03-24 15:42 - 00013385 _____ () C:\Users\dmiller\Documents\AT&T 020614-030914 Electrical.xlsx
2014-03-24 15:38 - 2014-03-24 15:38 - 00033792 _____ () C:\Users\dmiller\Documents\Clearwire 020614-030914 Electricity Billing.xls
2014-03-24 15:22 - 2014-03-24 15:22 - 00160768 _____ () C:\Users\dmiller\Documents\Copy of Haar 21-201 Pet Deposit.xls
2014-03-24 15:20 - 2014-03-24 15:20 - 00161280 _____ () C:\Users\dmiller\Documents\Copy of Haar 21-201 (2).xls
2014-03-20 16:09 - 2012-04-30 09:18 - 00000000 ____D () C:\Users\dmiller\AppData\Local\AVG Secure Search
2014-03-20 12:09 - 2014-03-20 12:09 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-03-20 12:09 - 2013-07-29 10:20 - 00000000 ____D () C:\Windows\SysWOW64\cache
2014-03-20 12:09 - 2012-04-30 09:18 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2014-03-20 12:08 - 2012-11-08 09:08 - 00049952 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-03-19 17:26 - 2012-06-29 11:24 - 00011095 _____ () C:\Users\dmiller\Documents\VECHICLES.xls.xlsx
2014-03-19 17:26 - 2011-07-20 19:34 - 00035328 _____ () C:\Users\dmiller\Documents\VECHICLES.xls
2014-03-19 11:53 - 2014-03-18 15:46 - 00161280 _____ () C:\Users\dmiller\Documents\Copy of escalante 39-107 (2).xls
2014-03-19 10:54 - 2012-06-06 13:32 - 00084480 _____ () C:\Users\dmiller\Documents\Check Request-Payroll Reimb 95.xls
2014-03-19 10:54 - 2012-06-06 13:28 - 00084480 _____ () C:\Users\dmiller\Documents\Check Request-Payroll Reimb 22.xls
2014-03-19 10:26 - 2012-12-05 12:39 - 00084480 _____ () C:\Users\dmiller\Documents\Check Request-Payroll Reimb 46.xls
2014-03-19 09:24 - 2013-10-08 12:09 - 00010332 _____ () C:\Users\dmiller\Documents\VACATION ACCRUAL.xlsx
2014-03-19 03:03 - 2013-08-15 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 03:01 - 2013-05-17 17:55 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 15:58 - 2014-03-18 15:58 - 00161280 _____ () C:\Users\dmiller\Documents\Copy of Jimenez 87-101.xls
2014-03-18 15:58 - 2014-03-18 15:58 - 00013374 _____ () C:\Users\dmiller\Documents\AT&T 010714-020514 Electrical.xlsx
2014-03-18 15:57 - 2014-03-18 15:57 - 00161280 _____ () C:\Users\dmiller\Documents\Copy of Bock 51-202.xls
2014-03-18 14:46 - 2014-03-18 14:46 - 00033792 _____ () C:\Users\dmiller\Documents\Clearwire 010714-020514 Electricity Billing.xls
2014-03-17 13:45 - 2014-03-15 10:52 - 00161280 _____ () C:\Users\dmiller\Documents\Copy of Rogalsky 69-102.xls
2014-03-17 10:05 - 2014-03-15 13:14 - 00040960 _____ () C:\Users\dmiller\Documents\Timesheet 031514.xls
2014-03-15 13:14 - 2014-02-28 13:12 - 00040960 _____ () C:\Users\dmiller\Documents\Timesheet 022814.xls
2014-03-15 12:50 - 2013-09-27 12:51 - 00000000 ____D () C:\Users\dmiller\Documents\October 2013 Deposits
2014-03-15 11:03 - 2014-03-15 11:03 - 00004396 _____ () C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2014-03-15 10:52 - 2014-03-15 10:52 - 00163840 _____ () C:\Users\dmiller\Documents\Copy of Brock 51-202.xls
2014-03-15 10:52 - 2014-03-15 10:52 - 00160768 _____ () C:\Users\dmiller\Documents\Copy of Lobos Amaya 09-105.xls
2014-03-15 10:51 - 2013-08-27 12:30 - 00000000 ____D () C:\Users\dmiller\AppData\Roaming\ShopAtHome
2014-03-15 09:44 - 2014-02-20 12:35 - 00002104 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-13 03:21 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 03:21 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 03:21 - 2009-07-13 21:45 - 00405232 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 03:04 - 2011-07-20 20:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 12:53 - 2014-03-12 12:40 - 00014122 _____ () C:\Users\dmiller\Documents\billing Villalpando lot 43 pge.xlsx
2014-03-12 12:01 - 2013-07-31 10:12 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 12:01 - 2013-03-28 11:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 12:01 - 2011-07-29 16:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 10:01 - 2014-03-06 17:20 - 00000000 ____D () C:\Users\dmiller\Documents\Deposits-Refunds Tenant Chks HUD 2013 Audit
2014-03-11 09:34 - 2014-03-10 15:39 - 00018053 _____ () C:\Users\dmiller\Documents\WC Audit 2014.xlsx
2014-03-07 17:40 - 2011-07-20 19:34 - 00000000 ____D () C:\Users\dmiller\Documents\GL&HB AUDIT
2014-03-07 13:45 - 2014-02-06 14:23 - 00012201 _____ () C:\Users\dmiller\Documents\Home depot breakdown 02-2014 PAYMENT.xlsx
2014-03-06 16:57 - 2013-12-04 10:43 - 00000464 _____ () C:\Users\dmiller\Desktop\Bank of the West.website
2014-03-06 14:46 - 2014-03-06 14:03 - 00000000 ____D () C:\Users\dmiller\Documents\Check Copy-Dep Slip Detail HUD 2013 Audit
2014-03-06 14:30 - 2013-09-27 12:54 - 00000000 ____D () C:\Users\dmiller\Documents\November 2013 Deposits
2014-03-05 16:34 - 2014-03-05 16:34 - 00013964 _____ () C:\Users\dmiller\Documents\Crain Communications feb 2014 Billing.xlsx
2014-03-05 16:14 - 2014-03-05 16:14 - 00014153 _____ () C:\Users\dmiller\Documents\Coursera Feb 2014 Billing.xlsx
2014-03-05 15:49 - 2014-03-05 15:49 - 00014663 _____ () C:\Users\dmiller\Documents\Coursera jan 2014 Billing.xlsx
2014-03-05 10:25 - 2014-03-05 10:25 - 00160768 _____ () C:\Users\dmiller\Documents\Copy of castellanos 39-104.xls
2014-03-05 10:13 - 2014-03-04 09:48 - 00160768 _____ () C:\Users\dmiller\Documents\castellanos 39-104.xls
2014-03-05 09:26 - 2014-04-01 09:08 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-04-01 09:08 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2013-05-03 11:08 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\dmiller\AppData\Local\Temp\6_Offer_16.exe
C:\Users\dmiller\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite13179.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite14188.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite19308.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite22731.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite23444.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite26146.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite28550.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite29788.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite31513.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite33269.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite34781.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite35114.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite36052.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite36339.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite37204.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite40219.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite40828.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite43233.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite51833.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite51839.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite53028.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite53503.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite56210.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite60107.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite60205.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite61231.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite62811.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite68155.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite69591.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite70976.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite71705.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite73048.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite73773.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite75940.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite76733.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite77081.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite77235.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite79472.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite81586.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite82718.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite83428.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite84191.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite90214.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite95072.dll
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite97940.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 03:17

==================== End Of Log ============================

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:29 AM

Posted 01 April 2014 - 05:50 PM

Hello,

 

 

STEP 1

 

Click on Start > type in appwiz.cpl in the search box and press Enter
Find and uninstall the following programs from the list:

 

SavingsBull
SavingsbullFilter

 

 

STEP 2

 

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

 

 

Regards,

Georgi


cXfZ4wS.png


#5 pamheld

pamheld
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 01 April 2014 - 06:04 PM

Hello -

 

The programs do not appear in the list of programs, so I am unable to uninstall:

 

SavingsBull
SavingsbullFilter



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:29 AM

Posted 01 April 2014 - 06:08 PM

Hello,

 

Sorry, my fault...ok...do this to unhide them and then try to uninstall them from the list:

 

Please download the following file =>  and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

When done proceed with STEP 2 from my previous post (the attached fixlist.txt there is different and you should download it as well).

 

 

 

Regards,

Georgi


cXfZ4wS.png


#7 pamheld

pamheld
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 01 April 2014 - 06:11 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by dmiller at 2014-04-01 16:10:42 Run:1
Running from C:\Users\dmiller\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
SavingsBull (x32 Version: 1.0.0.0 - SavingsBull) Hidden <==== ATTENTION
SavingsbullFilter (Version: 1.0.0.0 - SavingsBull Filter) Hidden <==== ATTENTION
end
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}\\SystemComponent => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{813BA625-B0FA-48D8-9B75-59759C88C219}\\SystemComponent => Value deleted successfully.

==== End of Fixlog ====



#8 pamheld

pamheld
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 01 April 2014 - 06:23 PM

Thanks - I was able to uninstall SavingsBull, but when I try to uninstall SavingsBullFilter I get the following (sorry, I don't know how to insert a graphic file, so I have attached them).Attached File  error2.jpg   51.55KB   0 downloadsAttached File  error1..jpg   62.27KB   0 downloads

 

 



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:29 AM

Posted 01 April 2014 - 11:32 PM

Hello,

 

Try to uninstall it with the following tool - it should clean the WIndows Installer cache (the msi related entries) as well.

Then proceed with STEP 2. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#10 pamheld

pamheld
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 02 April 2014 - 10:07 AM

Thanks - that was successful.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by dmiller at 2014-04-02 08:01:42 Run:2
Running from C:\Users\dmiller\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-2525335773-3161513007-335672579-1000\...\Run: [ivezxrz] - regsvr32.exe /s "C:\ProgramData\ivezxrz.dat"
C:\ProgramData\ivezxrz.dat
HKU\S-1-5-21-2525335773-3161513007-335672579-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-2525335773-3161513007-335672579-1000\$232e74302446a19c8772883976a52136\n. ATTENTION! ====> ZeroAccess?
C:\$Recycle.Bin\S-1-5-21-2525335773-3161513007-335672579-1000\$232e74302446a19c8772883976a52136
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPBBD11295-3E09-4210-98C1-34C1BA87D256&q={searchTerms}&SSPV=
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPBBD11295-3E09-4210-98C1-34C1BA87D256&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPBBD11295-3E09-4210-98C1-34C1BA87D256&q={searchTerms}&SSPV=
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AD5&o=APN10090&locale=en_US&apn_uid=2d9b21ea-c128-4fec-b56e-4651426febd3&apn_ptnrs=%5EA5G&apn_sauid=5F1CB1C6-DAE3-4B33-936E-D845BFF782E3&apn_dtid=%5EYYYYYY%5EYY%5EUS&&q=
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPBBD11295-3E09-4210-98C1-34C1BA87D256&SSPV=
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchURL: http://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPBBD11295-3E09-4210-98C1-34C1BA87D256&q={searchTerms}&SSPV=
Task: {F29D6879-DF9E-4DC7-95EE-1FBA5326D00F} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe <==== ATTENTION
C:\Program Files (x86)\Browsersafeguard
cmd: Dir /s /a:l C:\*
C:\Users\dmiller\AppData\Local\Temp
end
*****************

HKU\S-1-5-21-2525335773-3161513007-335672579-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ivezxrz => Value deleted successfully.
"C:\ProgramData\ivezxrz.dat" => File/Directory not found.
HKU\S-1-5-21-2525335773-3161513007-335672579-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.
"C:\$Recycle.Bin\S-1-5-21-2525335773-3161513007-335672579-1000\$232e74302446a19c8772883976a52136" => File/Directory not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox Keyword.URL deleted successfully.
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPBBD11295-3E09-4210-98C1-34C1BA87D256&SSPV= ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchKeyword: conduit.search ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: http://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPBBD11295-3E09-4210-98C1-34C1BA87D256&q={searchTerms}&SSPV= ==> The Chrome "Settings" can be used to fix the entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F29D6879-DF9E-4DC7-95EE-1FBA5326D00F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F29D6879-DF9E-4DC7-95EE-1FBA5326D00F} => Key deleted successfully.
C:\Windows\System32\Tasks\BrowserSafeguard Update Task => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserSafeguard Update Task => Key deleted successfully.
"C:\Program Files (x86)\Browsersafeguard" => File/Directory not found.

=========  Dir /s /a:l C:\* =========

 Volume in drive C is OS
 Volume Serial Number is 48CC-3B8A

 Directory of C:\

07/13/2009  10:08 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes

 Directory of C:\ProgramData

07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  10:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  10:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  10:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes

 Directory of C:\Users

07/13/2009  10:08 PM    <SYMLINKD>     All Users [C:\ProgramData]
07/13/2009  10:08 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes

 Directory of C:\Users\administrator

05/20/2013  01:42 PM    <JUNCTION>     Application Data [C:\Users\administrator\AppData\Roaming]
05/20/2013  01:42 PM    <JUNCTION>     Cookies [C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Cookies]
05/20/2013  01:42 PM    <JUNCTION>     Local Settings [C:\Users\administrator\AppData\Local]
05/20/2013  01:42 PM    <JUNCTION>     My Documents [C:\Users\administrator\Documents]
05/20/2013  01:42 PM    <JUNCTION>     NetHood [C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/20/2013  01:42 PM    <JUNCTION>     PrintHood [C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/20/2013  01:42 PM    <JUNCTION>     Recent [C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Recent]
05/20/2013  01:42 PM    <JUNCTION>     SendTo [C:\Users\administrator\AppData\Roaming\Microsoft\Windows\SendTo]
05/20/2013  01:42 PM    <JUNCTION>     Start Menu [C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu]
05/20/2013  01:42 PM    <JUNCTION>     Templates [C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes

 Directory of C:\Users\administrator\AppData\Local

05/20/2013  01:42 PM    <JUNCTION>     Application Data [C:\Users\administrator\AppData\Local]
05/20/2013  01:42 PM    <JUNCTION>     History [C:\Users\administrator\AppData\Local\Microsoft\Windows\History]
05/20/2013  01:42 PM    <JUNCTION>     Temporary Internet Files [C:\Users\administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes

 Directory of C:\Users\administrator\Documents

05/20/2013  01:42 PM    <JUNCTION>     My Music [C:\Users\administrator\Music]
05/20/2013  01:42 PM    <JUNCTION>     My Pictures [C:\Users\administrator\Pictures]
05/20/2013  01:42 PM    <JUNCTION>     My Videos [C:\Users\administrator\Videos]
               0 File(s)              0 bytes

 Directory of C:\Users\All Users

07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  10:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  10:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  10:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes

 Directory of C:\Users\Default

07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009  10:08 PM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009  10:08 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/13/2009  10:08 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/13/2009  10:08 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009  10:08 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009  10:08 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009  10:08 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes

 Directory of C:\Users\Default\AppData\Local

07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/13/2009  10:08 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009  10:08 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes

 Directory of C:\Users\Default\Documents

07/13/2009  10:08 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/13/2009  10:08 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/13/2009  10:08 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes

 Directory of C:\Users\dmiller

05/17/2013  03:42 PM    <JUNCTION>     Application Data [C:\Users\dmiller\AppData\Roaming]
05/17/2013  03:42 PM    <JUNCTION>     Cookies [C:\Users\dmiller\AppData\Roaming\Microsoft\Windows\Cookies]
05/17/2013  03:42 PM    <JUNCTION>     Local Settings [C:\Users\dmiller\AppData\Local]
05/17/2013  03:42 PM    <JUNCTION>     My Documents [C:\Users\dmiller\Documents]
05/17/2013  03:42 PM    <JUNCTION>     NetHood [C:\Users\dmiller\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/17/2013  03:42 PM    <JUNCTION>     PrintHood [C:\Users\dmiller\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/17/2013  03:42 PM    <JUNCTION>     Recent [C:\Users\dmiller\AppData\Roaming\Microsoft\Windows\Recent]
05/17/2013  03:42 PM    <JUNCTION>     SendTo [C:\Users\dmiller\AppData\Roaming\Microsoft\Windows\SendTo]
05/17/2013  03:42 PM    <JUNCTION>     Start Menu [C:\Users\dmiller\AppData\Roaming\Microsoft\Windows\Start Menu]
05/17/2013  03:42 PM    <JUNCTION>     Templates [C:\Users\dmiller\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes

 Directory of C:\Users\dmiller\AppData\Local

05/17/2013  03:42 PM    <JUNCTION>     Application Data [C:\Users\dmiller\AppData\Local]
05/17/2013  03:42 PM    <JUNCTION>     History [C:\Users\dmiller\AppData\Local\Microsoft\Windows\History]
05/17/2013  03:42 PM    <JUNCTION>     Temporary Internet Files [C:\Users\dmiller\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes

 Directory of C:\Users\dmiller\Documents

05/17/2013  03:42 PM    <JUNCTION>     My Music [C:\Users\dmiller\Music]
05/17/2013  03:42 PM    <JUNCTION>     My Pictures [C:\Users\dmiller\Pictures]
05/17/2013  03:42 PM    <JUNCTION>     My Videos [C:\Users\dmiller\Videos]
               0 File(s)              0 bytes

 Directory of C:\Users\pheldenbrand.CREEKBRIDGE.000

05/20/2013  01:56 PM    <JUNCTION>     Application Data [C:\Users\pheldenbrand.CREEKBRIDGE.000\AppData\Roaming]
05/20/2013  01:56 PM    <JUNCTION>     Cookies [C:\Users\pheldenbrand.CREEKBRIDGE.000\AppData\Roaming\Microsoft\Windows\Cookies]
05/20/2013  01:56 PM    <JUNCTION>     Local Settings [C:\Users\pheldenbrand.CREEKBRIDGE.000\AppData\Local]
05/20/2013  01:56 PM    <JUNCTION>     My Documents [C:\Users\pheldenbrand.CREEKBRIDGE.000\Documents]
05/20/2013  01:56 PM    <JUNCTION>     NetHood [C:\Users\pheldenbrand.CREEKBRIDGE.000\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/20/2013  01:56 PM    <JUNCTION>     PrintHood [C:\Users\pheldenbrand.CREEKBRIDGE.000\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/20/2013  01:56 PM    <JUNCTION>     Recent [C:\Users\pheldenbrand.CREEKBRIDGE.000\AppData\Roaming\Microsoft\Windows\Recent]
05/20/2013  01:56 PM    <JUNCTION>     SendTo [C:\Users\pheldenbrand.CREEKBRIDGE.000\AppData\Roaming\Microsoft\Windows\SendTo]
05/20/2013  01:56 PM    <JUNCTION>     Start Menu [C:\Users\pheldenbrand.CREEKBRIDGE.000\AppData\Roaming\Microsoft\Windows\Start Menu]
05/20/2013  01:56 PM    <JUNCTION>     Templates [C:\Users\pheldenbrand.CREEKBRIDGE.000\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes

 Directory of C:\Users\pheldenbrand.CREEKBRIDGE.000\AppData\Local

05/20/2013  01:56 PM    <JUNCTION>     Application Data [C:\Users\pheldenbrand.CREEKBRIDGE.000\AppData\Local]
05/20/2013  01:56 PM    <JUNCTION>     History [C:\Users\pheldenbrand.CREEKBRIDGE.000\AppData\Local\Microsoft\Windows\History]
05/20/2013  01:56 PM    <JUNCTION>     Temporary Internet Files [C:\Users\pheldenbrand.CREEKBRIDGE.000\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes

 Directory of C:\Users\pheldenbrand.CREEKBRIDGE.000\Documents

05/20/2013  01:56 PM    <JUNCTION>     My Music [C:\Users\pheldenbrand.CREEKBRIDGE.000\Music]
05/20/2013  01:56 PM    <JUNCTION>     My Pictures [C:\Users\pheldenbrand.CREEKBRIDGE.000\Pictures]
05/20/2013  01:56 PM    <JUNCTION>     My Videos [C:\Users\pheldenbrand.CREEKBRIDGE.000\Videos]
               0 File(s)              0 bytes

 Directory of C:\Users\Public\Documents

07/13/2009  10:08 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/13/2009  10:08 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/13/2009  10:08 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes

     Total Files Listed:
               0 File(s)              0 bytes
              82 Dir(s)  909,884,661,760 bytes free

========= End of CMD: =========


"C:\Users\dmiller\AppData\Local\Temp" directory move:

C:\Users\dmiller\AppData\Local\Temp\0ZG1XKN2.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\1A62.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\1CO660AH.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\25VXKS3T.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\2IRGOARS.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\2TXTU5GF.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\2XG4AJGG.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\33A97DA1-FC9F-454F-9926-ECFBEE4308FC.Diagnose.0.etl => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\3AL90073.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\3JX9HO1S.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\3VCYHABJ.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\45F86449-37C4-42AD-AECE-758DFC04814F.Diagnose.0.etl => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\4BDSGAUO.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\4OEZBZXP.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\5VEU1E7H.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\5WDYQAZ7.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\5XSFBCPP.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\6E95TSE9.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\6XAMSA35.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\6_Offer_16.exe => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\76KME62W.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\7JVW4RHR.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\8CN1FE6P.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\8L7YHNQJ.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\8TNARC7V.htm => Moved successfully.
Could not move "C:\Users\dmiller\AppData\Local\Temp\AdobeARM.log" => Scheduled to move on reboot.
C:\Users\dmiller\AppData\Local\Temp\AdobeARM_NotLocked.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\AmazonCloudPlayerUninstaller-v2.4.0.26-140318-091826.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\ArmUI.ini => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Attach.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\au-descriptor-1.7.0_51-b13.xml => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\AVG-Secure-Search-Update_JUNE2013_TB.ini => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\AVUVG0KV.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\AWPYMKOH.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\B04JYYU9.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\BCU2APXQ.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\bfc06528 => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\bfc10088 => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\bfc11520 => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\bfc13652 => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\bitrock_installer.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\bitrock_installer_5564.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\BQNTAEFO.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\C2CGI0J0.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\chrome_installer.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\ctxBB1C.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR1029.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR106B.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR106E.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR121.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR122B.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR132D.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR134A.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR13B5.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR13E.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR13ED.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR1409.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR14A3.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR1542.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR1596.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR15D.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR168E.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR16A6.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR17DD.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR1865.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR18BA.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR1991.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR1996.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR1B6F.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR1BA.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR1C9D.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR1CDB.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR1D9D.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR1DEC.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR1EAB.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR1EFA.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR1F14.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR1F67.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR1FBF.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR2091.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR2130.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR21D3.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR221B.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR221E.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR2260.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR2281.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR228C.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR22C.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR2386.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR246D.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR24C2.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR24CA.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR2517.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR25F.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR2641.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR2677.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR2690.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR26C9.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR26D6.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR27B4.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR2923.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR2977.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR2A05.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR2A15.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR2B11.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR2B9D.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR2C2.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR2C3E.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR2CCE.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR2D.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR2D53.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR2D78.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR2DEF.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR2DF2.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR2E1C.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR2E8C.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR2EC3.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR302F.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR325.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR32B4.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR35D0.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR36F3.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR370C.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR3728.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR3770.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR37F7.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR3802.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR3892.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR38EF.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR39E5.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR3A8F.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR3AF5.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR3C61.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR3DB8.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR3DC0.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR3EAA.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR3EBA.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR3FD1.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR3FF.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR4112.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR4168.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR41B6.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR41E5.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR435.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR43F8.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR4441.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR44CC.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR44D3.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR44E4.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR452E.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR4629.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR4693.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR46C8.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR46D1.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR4723.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR476A.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR47DF.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR485D.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR4983.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR49F7.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR4A65.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR4B4E.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR4B7B.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR4C06.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR4C35.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR4C4.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR4CD9.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR4D3D.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR4D60.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR4E5F.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR4EC6.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR4ED3.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR4F4D.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR4F7.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR507A.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR5101.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR5169.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR5282.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR53B.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR5412.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR54F9.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR5518.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR551D.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR5554.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR56C2.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR58AA.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR58F7.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR59FE.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR5A40.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR5AA.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR5AAB.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR5BAE.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR5BC2.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR5BF2.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR5BF3.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR5C65.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR5C82.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR5C86.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR5D4B.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR5DD9.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR5F56.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR5FB6.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR5FF7.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR603F.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR60E9.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR616A.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR622C.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR628E.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR6306.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR6363.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR64B4.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR64D9.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR65A5.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR665E.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR6665.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR6677.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR6810.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR6817.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR68BC.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR698A.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR699.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR69B1.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR69E8.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR6A35.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR6A9D.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR6AD3.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR6B13.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR6B85.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR6B94.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR6C1.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR6C2C.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR6C7C.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR6D0.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR6D79.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR6DA2.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR6E05.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR6E0B.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR6ED8.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR6F74.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR704F.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR70FF.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR7183.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR7183.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR72C2.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR732C.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR7342.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR7371.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR7397.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR73BD.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR7445.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR746B.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR7481.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR74F8.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR7515.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR7571.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR7648.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR766D.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR769F.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR780F.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR7823.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR7847.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR7873.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR797C.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR79B2.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR79BC.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR79D7.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR7A3.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR7A7.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR7AA9.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR7B20.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR7C9B.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR7CF5.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR7D0C.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR7E91.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR7FA9.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR802E.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR81D0.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR82A8.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR8376.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR83AE.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR8536.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR85D1.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR8640.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR866D.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR8744.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR8764.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR87FF.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR8933.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR89EE.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR8AA6.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR8BD4.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR8C2A.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR8D9B.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR8DBE.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR8DFB.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR9095.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR90EC.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR9110.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR9168.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR91E4.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR932A.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR934B.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR9390.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR9460.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR94E9.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR952E.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR954E.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR95B0.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR95E8.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR96A8.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR9951.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR9959.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR9A2D.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR9B0.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR9B3A.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR9BDF.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR9C05.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR9CFD.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR9CFE.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR9DF.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR9ECD.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVR9FB0.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRA014.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRA1.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRA115.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRA156.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRA17E.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRA1C7.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRA1EC.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRA256.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRA27.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRA2A8.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRA344.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRA596.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRA597.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRA59D.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRA5C.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRA6A3.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRA6B6.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRA78E.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRA7F6.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRA8A.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRA96F.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRA9D9.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRAA77.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRAAE7.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRAB1D.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRAC0D.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRAC9D.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRACCD.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRACDD.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRACE2.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRAD1C.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRAD43.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRAD85.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRAE73.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRAF08.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRAF51.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRAF82.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRB0D8.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRB25C.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRB273.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRB298.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRB2A0.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRB395.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRB3BB.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRB3EA.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRB498.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRB589.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRB6D5.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRB745.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRB77C.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRB7ED.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRB7FE.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRB82D.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRBA49.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRBAF5.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRBB04.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRBD5B.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRBD6.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRBDBE.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRBDE2.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRBDF3.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRBE24.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRBE8B.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRBF9D.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRC0C5.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRC0D3.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRC0D7.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRC0ED.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRC122.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRC171.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRC20E.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRC214.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRC22E.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRC283.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRC3F9.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRC424.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRC48B.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRC4F4.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRC691.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRC6EA.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRC71.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRC7F6.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRC95D.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRCA12.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRCA57.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRCB97.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRCC32.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRCC51.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRCC77.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRCCD3.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRCEC3.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRCEF8.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRCF01.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRCF5F.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRD139.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRD18C.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRD23E.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRD2A9.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRD30D.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRD316.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRD395.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRD42F.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRD43F.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRD4C9.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRD501.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRD590.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRD680.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRD6F4.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRD71F.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRD75F.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRD78B.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRD7B4.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRD88.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRDAB.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRDAF0.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRDB7C.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRDB9E.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRDBC0.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRDC1B.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRDC4A.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRDC55.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRDC75.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRDCA3.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRDCDA.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRDD44.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRDDE3.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRDE1E.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRDE21.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRDE86.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRE008.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRE029.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRE02A.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRE095.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRE0DD.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRE197.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRE1A3.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRE28E.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRE35C.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRE402.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRE455.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRE4E3.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRE510.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRE55.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRE5B4.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRE65B.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRE6A2.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRE6BB.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRE760.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRE81C.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRE82E.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRE9A2.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRE9A6.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRE9E1.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRE9EA.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVREA16.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVREA1B.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVREA1F.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVREA5E.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVREA70.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVREB7E.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVREBF5.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRED0C.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVREDCB.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVREE9C.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVREF3E.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVREF4B.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRF0EF.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRF1CE.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRF245.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRF312.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRF36F.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRF465.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRF503.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRF581.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRF70B.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRF743.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRF78E.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRF7A.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRF7DC.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRF823.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRF8D5.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRF94C.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRF99C.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRFA70.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRFB19.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRFB20.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRFB5E.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRFD20.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRFDD0.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRFDE2.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRFE76.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRFEC8.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRFF61.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRFFC7.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CVRFFD.tmp.cvr => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CXFWEZJN.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\D2F49296-B146-4B12-B22F-BA6259EB792D.Diagnose.0.etl => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat100E.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat14D0.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat1FF7.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2008.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2009.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat200A.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat201A.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat201B.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat202C.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat203D.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat203E.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat203F.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2040.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2050.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2051.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2052.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2063.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2064.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat239C.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat239D.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat23AD.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat23AE.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat23BF.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat23C0.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat23D0.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat23D1.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat23D2.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat23E3.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat23E4.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat23E5.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat23F6.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat23F7.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat23F8.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2408.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2579.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2AD0.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2D3C.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2D8C.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2D8D.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2D9D.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2D9E.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2D9F.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2DB0.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2DC1.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2DC2.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2DC3.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2DD3.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2DD4.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2DD5.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2DE6.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2DE7.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2DE8.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2DF8.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2F24.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2F34.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2F35.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2F36.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2F47.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2F48.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2F58.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2F59.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2F6A.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2F7B.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2F7C.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2F7D.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat2F8D.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat316E.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat32A.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat350.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat3593.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat35A4.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat35B4.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat35B5.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat35B6.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat35C7.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat3635.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat3646.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat3647.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat3648.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat3649.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat3659.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat365A.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat365B.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat366C.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat366D.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat3819.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat382A.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat382B.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat383C.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat383D.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat383E.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat384E.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat385F.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat388F.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat3890.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat3891.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat3892.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat38A2.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat48E2.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat48F3.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat6AE6.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat6AF6.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat6B07.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat6B08.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat6B95.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat6B96.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat6B97.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat6BA8.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat6BF7.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat6C07.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat6C08.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat6C19.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat6C1A.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat6C2B.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat6C3B.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat6C3C.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat6C4D.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat6C4E.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat6C5E.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat6C8E.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat70DB.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat70EC.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat70ED.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat70EE.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat70EF.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat70FF.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat7110.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat7111.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat7112.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat7123.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat7124.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat7125.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat7135.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat7136.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat7137.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat7148.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat907C.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat908D.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat917F.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat9190.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat9E89.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dat9E8A.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datA64B.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datA64C.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datA65D.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datA65E.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datA6BC.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datA6BD.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datA6CE.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datA6CF.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datA6E0.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datA6E1.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datA6F1.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datA702.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datA703.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datA713.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datA714.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datA725.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datA726.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datA737.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datA738.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datA758.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAC7C.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAC7D.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAC8D.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAC8E.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datACED.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datACEE.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datACFE.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datACFF.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAD2F.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAD40.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAD41.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAD51.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAD52.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAD63.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAD64.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAD75.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAD76.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAD86.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAD87.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAD90.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datADB7.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAE6F.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAE80.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAE81.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAE82.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAE92.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAE93.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAEE2.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAEE3.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAEF4.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAEF5.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAEF6.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAF07.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAF08.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAF09.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAF19.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datAF1A.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datB94.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datBA5.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datE456.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datE467.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datE82B.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datED2.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datED3.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datF283.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datF293.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datF39D.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datF39E.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datF39F.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datF3B0.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datF3B1.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datF3B2.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datF47E.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datF48E.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datF48F.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datF490.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datF4A1.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datF4A2.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datF4A3.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datF4B3.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datF4B4.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datF4B5.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datF98.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datF99.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datFA9.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datFBA.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datFCB.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datFCC.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datFDC.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datFED.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datFF8A.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\datFFD.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\DBI06528 => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\DBI10088 => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\DBI11520 => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\DBI13652 => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\DDS.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dd_clwireg.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dd_NETFXRepair.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\DMID78.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\dmiller.bmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\DNZ352XO.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\DTF0KXW4.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\E7BF.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\E9C7DBB5.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\EE7FE2AB-DD77-4C53-8581-41AC3597A7C5.Diagnose.0.etl => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\emoticats.bmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\ESUVUMT2.htm => Moved successfully.
Could not move "C:\Users\dmiller\AppData\Local\Temp\etilqs_8c26vlIeQs1uiOF" => Scheduled to move on reboot.
Could not move "C:\Users\dmiller\AppData\Local\Temp\etilqs_dN4RbRyQsA1kFdN" => Scheduled to move on reboot.
C:\Users\dmiller\AppData\Local\Temp\EW5N0RP7.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\fla213C.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\flickr.bmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\FMJFODUZ.htm => Moved successfully.
Could not move "C:\Users\dmiller\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\dmiller\AppData\Local\Temp\G2A14C7.tmp.bat => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\G2A1D87.tmp.bat => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\G2A1E2A.tmp.bat => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\G2A215.tmp.bat => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\G2AA73C.tmp.bat => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\G2MCodec.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\G2MInstallerExtractor.exe => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\H7K6HS9F.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\H7P4Z2V2.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\HKG9WGUQ.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\HWENCEHD.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\ichcop => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\IKLB9D9D.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\inet.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\instfile.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Intuit.Spc.Map.Features.WindowsFirewallLog.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\IXD3PTGJ.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\JIE26SI6.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\JO7R9WFQ.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\jusched.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\JWE90FPB.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\JZHH1ZEX.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\K099D6F7.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\KB2804576_20130517_175205808-Microsoft .NET Framework 4 Client Profile-MSP0.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\KB2804576_20130517_175205808.html => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\KDEZXMRV.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\KO867X2K.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\lbi06528 => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\lbi10088 => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\lbi11520 => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\lbi13652 => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\MOPIMQLN.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\MSI6d3c6.LOG => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\MSI926e5.LOG => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\MSIbc7c1.LOG => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\MY9T206R.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\NDLBMNDU.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\NE5DDO5P.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\nsd5C26.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\nsh36F2.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\nsn2676.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\nsn6E39.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\nst6A8A.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\nst881B.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\nsy2271.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\nsy674E.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\nsy8B47.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\OCPBJLK6.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\ourworld.bmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\PFXTT6C5.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\QIM4AC2U.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\qtsingleapp-Amazon-25bb-1-lockfile => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\qtsingleapp-Amazon-bdab-1-lockfile => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\RA7KPUVG.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\REKABEOC.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\RemsDMILLER-PC-1-126-14464-dmiller.par => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\RemsDMILLER-PC-1-126-14464-dmiller.pdf => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\RemsDMILLER-PC-1-126-14464-dmiller.rep => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\RemsDMILLER-PC-1-126-7204-dmiller.par => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\RemsDMILLER-PC-1-126-7204-dmiller.pdf => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\RemsDMILLER-PC-1-126-7204-dmiller.rep => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\RemsDMILLER-PC-1-126-7972-dmiller.par => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\RemsDMILLER-PC-1-126-7972-dmiller.pdf => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\RemsDMILLER-PC-1-126-7972-dmiller.rep => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\RGPM16BQ.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\RJ1CEB74.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\RKMS6S08.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\RPR_Patch_Repair.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\SearchProtectINT.dat => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Setup Log 2014-03-15 #001.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Setup Log 2014-03-15 #002.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\srt06528 => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\srt10088 => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\srt11520 => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\srt13652 => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\STEUCZ9F.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\StructuredQuery.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\SWVDBB1.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite13179.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite14188.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite19308.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite22731.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite23444.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite26146.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite28550.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite29788.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite31513.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite33269.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite34781.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite35114.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite36052.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite36339.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite37204.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite40219.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite40828.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite43233.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite51833.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite51839.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite53028.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite53503.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite56210.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite60107.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite60205.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite61231.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite62811.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite68155.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite69591.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite70976.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite71705.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite73048.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite73773.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite75940.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite76733.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite77081.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite77235.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite79472.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite81586.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite82718.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite83428.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite84191.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite90214.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite95072.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\System.Data.SQLite97940.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\TDXEB62C.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\thethread.bmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\toolbar_log.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\VGXA63E.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\VTD0VVLC.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\VU5INL5N.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\VUM8THQ3.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\W5HFG3VV.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\W877FX2Q.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\wbxtra_11082013_112431.wbt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\wbxtra_11082013_112433.wbt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\WEBYDAPZ.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\wmplog00.sqm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\wmplog01.sqm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\wmplog02.sqm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\wmplog03.sqm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\wmplog04.sqm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\wmsetup.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\WX28K5JD.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\X6UL57SI.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\XSICFMOK.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\XXUG2KRL.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\XYCX944W.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\XYJCKLYG.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Y2QLS2DG.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Y5QEEKEM.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Y6HQ7N3B.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\YLWN1UOJ.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\ymsgr2 => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\ymsgr3 => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\ZB19TNZE.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\~DF1925F3D336C21CD2.TMP => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\~DF234872CD68FA7F02.TMP => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\~DF489BD4B94BAD0B54.TMP => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\~DF4F177595F0EE6DBB.TMP => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\~DF5FD3668B58D8CE70.TMP => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\~DF70DBCF9A2121C884.TMP => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\~DF759821706E00E2FB.TMP => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\~DF7A151A5054E50E6C.TMP => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\~DF8179DFE2EA56DF5E.TMP => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\~DF849BE4F1F8C69103.TMP => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\~DF8D1C4530563CBE88.TMP => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\~DF93CA0FCBEE7D12CA.TMP => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\~DFA07F7B4E7020D1BF.TMP => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\~DFB11441C57CD3ADBB.TMP => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\~DFB2DF0BC1A4A491EF.TMP => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\~DFB3F3969E2ACBB55C.TMP => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\~DFB51242481253BA5E.TMP => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\~DFC0F7CCC2BD6561A5.TMP => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\~DFC694B65745ABF6D3.TMP => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\~DFD38780FACE83B938.TMP => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\~DFDD05D089D1BAF7A8.TMP => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\~DFDD84977A14C1AAAF.TMP => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\~DFFA46470E17DBD603.TMP => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\_uninstall\_uninstall3040 => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Word8.0\MSForms.exd => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Word8.0\ShockwaveFlashObjects.exd => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\desktop.ini => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\234x60_OT_3PicSwap_MaleSpringYahoo_15s_139804_0313[1].swf => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\234x60_OT_3PicSwap_MaleWinter_15s_132092_0113[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\234x60_OT_3PicSwap_MaleWinter_15s_132092_0113[1].swf => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\234x60_OT_HeartsBorder_MaleFaceBookAd_92128_1111[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\23b4b89b-28af-495c-aa42-ea871d50eca8[1].jpg => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\2a1c83c85c09df7d467dc60d06aa04c0[1].gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\5415add8bb8e86ccbcc95e01b8a4d2c3[1].gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\9e948b2c-a6f1-4270-bd5d-40a128a559cf[1].jpg => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\adchoice_1.4[1].gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\adsbyguru-small-99f4de0[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\auto-178x90-v107[1].gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\clientad_rotator_090324[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_adCA001E94.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_adCA1WJEIO.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_adCA296CB6.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_adCA2RO7JO.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_adCA3CN2SA.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_adCA6NSFMT.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_adCA8K36LE.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_adCACARF3V.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_adCAF6AI2E.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_adCAFZHXWM.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_adCAH3ENKJ.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_adCAIR9QRS.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_adCAJEQ6QY.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_adCAJL1AX6.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_adCAKHN4QQ.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_adCAMD6PIN.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_adCARKGFET.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_adCAUXYY44.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_adCAWNPQAU.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_adCAYAZD4E.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_ad[10].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_ad[11].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_ad[1].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_ad[2].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_ad[3].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_ad[4].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_ad[5].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_ad[6].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_ad[7].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_ad[8].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\client_ad[9].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\combo[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\desktop.ini => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\documentwrite[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\dot_20110607[1].gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\email_invite[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\embed_20120321[1].css => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\fetch[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\fetch[2].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\fetch[3].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\fetch[4].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\fetch[5].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\fetch[6].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\fetch[7].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\gaarf-tools[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\games-drawguess-64[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\games-pool-64[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\get-user-id[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\get-user-id[2].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\get-user-id[3].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\get-user-id[4].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\icons_20111014[1].gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\imp[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\imp[2].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\imp[3].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\imp[4].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\imp[5].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\intro[1].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\loader-min[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\logo64x64[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\mainwindow[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\mat_boy_ChatOval_RedDotVegasBlink_WantBF_GEOpicsblulnk_138648_040213_yahoo_234x60[1].swf => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\search[1] => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\smiley_grin[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\smiley_smile[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\transparent[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\upsell_sprite_201010091011[1].gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\user-match[1].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\user-match[2].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\user-match[3].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\user-match[4].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\welcome[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\welcome_20110711[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S1TFD1PM\yahoo_iconLink_234x60[1].gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\234x60_OT_3PicSwap_MaleSpringYahoo_15s_139804_0313[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\234x60_OT_3PicSwap_MaleWinter_15s_132092_0113[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\234x60_OT_3PicSwap_MaleWinter_15s_132092_0113[2].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\234x60_OT_3PicSwap_MaleWinter_15s_132092_0113[3].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\234x60_OT_HeartsBorder_MaleFaceBookAd_92128_1111[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\234x60_OT_HeartsBorder_MaleFaceBookAd_92128_1111[2].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\40cda2e9-8c31-49f2-872d-5ed017ed13aa[1].jpg => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\91d5b00b-cbda-483d-a023-c1b5e67933b4[1].jpg => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\a1572c0613295b24ab858d661966cff7[1].jpg => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\adchoice_1[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\auto-anime-new-ba20398[1].gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\a[1] => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\bc_2.0.5[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\bouncing-balls-64x64[1].gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\check_sign[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\client_adCA1UXBUH.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\client_adCA3XCMW6.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\client_adCA4U3F2H.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\client_adCA5C2VSU.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\client_adCAA4HFQG.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\client_adCAAW148Y.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\client_adCACTI4K5.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\client_adCAHZ92UD.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\client_adCAMMMY5E.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\client_adCARAK1FX.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\client_adCATJDCYO.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\client_adCAXYLEI5.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\client_adCAYPZA91.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\client_ad[10].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\client_ad[11].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\client_ad[1].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\client_ad[2].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\client_ad[3].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\client_ad[4].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\client_ad[5].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\client_ad[6].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\client_ad[7].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\client_ad[8].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\client_ad[9].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\clk[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\combo[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\conn[2].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\desktop.ini => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\e817f3afab637d4e286c2869e9baca3c[1].gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\eolas[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\fetch[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\fetch[2].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\fetch[3].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\fetch[4].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\fetch[5].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\fourplay64[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\gallery-64x64[1].gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\get-user-id[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\get-user-id[2].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\get-user-id[3].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\get-user-id[4].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\get-user-id[5].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\grf-trueswitch-embed-20090116[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\grn_btn_3[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\icon_info[1].gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\imp-toggle[1].gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\imp[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\imp[2].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\imp[3].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\imp[4].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\imp[5].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\imp[6].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\imp[7].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\imp[8].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\indeterminate_progress[1].gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\intro_20120321[1].css => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\loader-min[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\love_bytz@hotmail[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\Love_bytz@hotmail[2].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\main[1].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\reset-fonts-grids[1].css => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\search_contacts[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\spinner-24x24-anim[1].gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\ssav2[1].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\tagextensions_base[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\tagextensions_base[2].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\user-match[1].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\user-match[2].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\vitality[1].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\yahoo-dom-event[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N0F5CL78\ylc_1.9[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\108[1].jpg => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\113[1].jpg => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\133e11bc-626e-4969-97f2-e46900bf6cc1[1].jpg => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\234x60_15sc[1].swf => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\234x60_OT_3PicSwap_MaleSpringYahoo_15s_139804_0313[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\234x60_OT_3PicSwap_MaleSpringYahoo_15s_139804_0313[2].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\234x60_OT_3PicSwap_MaleWinter_15s_132092_0113[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\234x60_OT_HeartsBorder_MaleFaceBookAd_92128_1111[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\31e38ee7-2346-4ed1-a663-310a1fc757f8[1].jpg => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\64x64_Icon[1].jpg => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\73edade4-2703-48b0-8350-a88897d6f084[1].jpg => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\8f010aae-601c-4449-8bf6-14de3868e85e[1].jpg => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\adchoice_1[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\adchoice_1[2].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\bc_2.0.5[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\checkbox_off[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\client_adCA4A19WD.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\client_adCA4EO4DU.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\client_adCA5RB5BA.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\client_adCA78S9L1.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\client_adCAB4C1JD.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\client_adCABLEPFU.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\client_adCAMO4V2N.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\client_adCANWJ7S6.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\client_adCAON6MSC.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\client_adCATQNDWA.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\client_adCAUFWIZ2.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\client_adCAW44H4M.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\client_adCAYQH7U1.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\client_ad[10].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\client_ad[11].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\client_ad[1].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\client_ad[2].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\client_ad[3].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\client_ad[4].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\client_ad[5].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\client_ad[6].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\client_ad[7].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\client_ad[8].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\client_ad[9].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\clk[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\combo[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\combo[2].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\combo[3].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\danimill2001;[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\desktop.ini => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\eolas[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\f57c14f867f49f6f083fea3cdc02b52e[1].gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\fetch[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\fetch[2].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\fetch[3].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\fetch[4].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\fetch[5].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\get-user-id[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\get-user-id[2].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\get-user-id[3].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\icons[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\imp[10].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\imp[11].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\imp[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\imp[2].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\imp[3].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\imp[4].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\imp[5].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\imp[6].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\imp[7].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\imp[8].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\imp[9].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\index[1].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\login_pane_bg_top[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\logo[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\mahjongg-64x64[1].gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\mat_boy_cornerheart_na_CWblulnk_genradio_na_150125_072213_yahoo_234x60[1].swf => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\mat_boy_flash_fadeVegas_vsGEOblulnk_na_vpblubtn_99156_022812_yahoo_234x60[1].swf => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\notification[1].jpg => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\p28_1[1].gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\plugin_28x28_y[1].gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\profile_16b[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\rtbs-match[1].txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\slideview[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\title_bar_bg[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\upsell_201011291603[1].css => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\upsell_conn_201010291509[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\user-match[1].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\user-match[2].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\user-match[3].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\D8UV812W\util[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\234x60_OT_3PicSwap_MaleSpringYahoo_15s_139804_0313[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\234x60_OT_3PicSwap_MaleWinter_15s_132092_0113[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\234x60_OT_3PicSwap_MaleWinter_15s_132092_0113[2].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\234x60_OT_HeartsBorder_MaleFaceBookAd_92128_1111[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\234x60_OT_HeartsBorder_MaleFaceBookAd_92128_1111[1].swf => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\234x60_OT_HeartsBorder_MaleFaceBookAd_92128_1111[2].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\6226fa5b-e401-4a52-abe1-3e57a07add2b[1].jpg => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\64x64[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\83153865-5a8f-4710-ab8b-634a16425a84[1].jpg => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\add_to_list[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\antenna2[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\askwinbox[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\b96e1fce-2790-4349-b4cb-3fba63c6c3fc[1].jpg => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\checkbox_on[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_adCA27IQMB.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_adCA2YFA2W.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_adCA80F1E9.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_adCA8MKAVF.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_adCA970N3N.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_adCA9YJD54.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_adCAC202QG.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_adCAEG8RGQ.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_adCAGBS36U.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_adCAH3V8PN.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_adCAHO1KK6.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_adCAHVGA56.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_adCAKY0ZKW.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_adCALP8215.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_adCAOR20TB.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_adCARJT5GQ.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_adCAV2DW2T.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_adCAWVHBV4.htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_ad[10].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_ad[11].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_ad[1].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_ad[2].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_ad[3].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_ad[4].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_ad[5].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_ad[6].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_ad[7].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_ad[8].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\client_ad[9].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\clk[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\combo[1].css => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\combo[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\combo[2].css => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\desktop.ini => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\embed[1].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\f318ef96-f9e8-4d18-9559-0881bd3ab12c[1].jpg => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\fetch[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\fetch[2].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\fetch[3].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\fetch[4].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\get-user-id[10].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\get-user-id[11].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\get-user-id[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\get-user-id[2].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\get-user-id[3].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\get-user-id[4].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\get-user-id[5].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\get-user-id[6].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\get-user-id[7].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\get-user-id[8].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\get-user-id[9].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\grf-yui251-uitools-msg-20080418[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\hlp12_1[1].gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\imp[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\imp[2].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\imp[3].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\imp[4].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\mainwindow[1].css => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\mat_boy_BlueChatBubble_RedSqrBlinkVegas_HiWantBF_na_GEOpicsblulnk_160357_111913_yahoo_234x60[1].swf => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\mat_boy_FBChat_NewUser6env_CWgenGeoblulnk_genradio_na_120452_100312_yahoo_234x60[1].swf => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\mat_boy_flash_fadeSthemoment_vsGEOblulnk_na_vpblubtn_158538_102513_yahoo_234x60[1].swf => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\mat_boy_flash_fadeSthemoment_vsGEOblulnk_na_vpblubtn_158538_102513_yahoo_234x60[2].swf => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\mat_boy_webcams_GrnSqrRedbarplayArw_Chatwithblulnk_genderradio_na_150123_072213_yahoo_234x60[1].swf => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\slideview[1].css => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\smiley_good[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\snowboard-challenge_64x64[1].gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\spinner-32x32-anim[1].gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\user-match[1].htm => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\WT_Yahoo_squarebox_64x64[1].jpg => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\Yahoo_ST_20121106_64x64[1].jpg => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\yel_btn_1[1].png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\yui-min[1].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3HJGP8TH\yui-min[2].js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temp1_ycheck_600822034.zip\yCheck\ADVMICR.TTF => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temp1_ycheck_600822034.zip\yCheck\capicom.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temp1_ycheck_600822034.zip\yCheck\COMDLG32.OCX => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temp1_ycheck_600822034.zip\yCheck\RegYChk.exe => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temp1_ycheck_600822034.zip\yCheck\SETUP.LST => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temp1_ycheck_600822034.zip\yCheck\vbuzip10.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temp1_ycheck_600822034.zip\yCheck\vbzip10.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temp1_ycheck_600822034.zip\yCheck\yCheck.CAB => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temp1_ycheck_600822034.zip\yCheck\yCheck.exe => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Temp1_ycheck_600822034.zip\yCheck\ysiCryptEx.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\TCDF8AF.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\TCDF76A.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\TCDF0B7.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\TCDE9F4.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\TCDB90A.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\TCDB570.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\TCDB548.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\TCDA556.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\TCDA130.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\TCD9F92.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\TCD953D.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\TCD7D5D.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\TCD5350.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\TCD4D0C.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\TCD49E1.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\TCD458.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\TCD2378.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\TCD1B31.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\TCD1540.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\blank.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\bluedot.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\bullet1.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\bullet2.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\bullet3.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\color0.css => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\color1.css => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\dot.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\graph0.css => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\graph1.css => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumbanna.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumbannd.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumbul1a.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumbul1d.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumbul2a.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumbul2d.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumbul3a.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumbul3d.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumglob.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumhbuda.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumhbudd.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumhbuha.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumhbusa.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumhbusd.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumhombd.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumhomda.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumhomha.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumhomsa.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumhorsa.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumhorsd.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumnexbd.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumnexda.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumnexha.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumnexsa.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumprebd.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumpreda.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumpreha.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumpresa.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumtextb.jpg => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumupbd.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumupda.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumupha.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumupsa.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumvbuda.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumvbudd.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumvbuha.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumvbusa.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\sumvbusd.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\theme.css => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.1\toolgrad.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\blank.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\bluedot.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\bullet1.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\bullet2.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\bullet3.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\color0.css => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\color1.css => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\dot.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\graph0.css => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\graph1.css => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumbanna.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumbannd.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumbul1a.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumbul1d.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumbul2a.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumbul2d.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumbul3a.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumbul3d.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumglob.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumhbuda.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumhbudd.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumhbuha.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumhbusa.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumhbusd.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumhombd.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumhomda.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumhomha.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumhomsa.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumhorsa.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumhorsd.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumnexbd.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumnexda.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumnexha.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumnexsa.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumprebd.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumpreda.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumpreha.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumpresa.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumtextb.jpg => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumupbd.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumupda.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumupha.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumupsa.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumvbuda.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumvbudd.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumvbuha.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumvbusa.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\sumvbusd.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\theme.css => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\sumipntg.0\toolgrad.gif => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\1A62.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\DECODED_IMAGES => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\DECODED_MESSAGE_CATALOGS => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\icon_128.png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\icon_16.png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\main.html => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\main.js => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\manifest.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\zh_TW\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\zh_CN\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\vi\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\uk\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\tr\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\th\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\sv\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\sr\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\sl\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\sk\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\ru\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\ro\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\pt_PT\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\pt_BR\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\pl\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\no\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\nl\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\ms\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\lv\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\lt\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\ko\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\ja\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\it\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\id\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\hu\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\hi\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\he\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\fr\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\fil\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\fi\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\et\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\es_419\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\es\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\en_US\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\en_GB\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\el\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\de\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\da\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\cs\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\ca\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\bg\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\scoped_dir_14516_7674\CRX_INSTALL\_locales\ar\messages.json => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\MATS-Temp\Results\Program Install and Uninstall troubleshooter_result.cab => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\is-28DEB.tmp\InstallerExtensions.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\is-28DEB.tmp\license.en.rtf => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\is-28DEB.tmp\notcertified.bmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\is-28DEB.tmp\printer.bmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\is-28DEB.tmp\SpeedUpMyPC-standalone-setup.exe => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\is-28DEB.tmp\_isetup\_setup64.tmp => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\is-28DEB.tmp\_isetup\_shfoldr.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\History\History.IE5\desktop.ini => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\History\History.IE5\index.dat => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\History\History.IE5\MSHist012013062020130621\index.dat => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Excel8.0\MSForms.exd => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Cookies\103INPFU.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Cookies\1TG77ODD.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Cookies\2ZJAZZP5.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Cookies\50IH16PN.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Cookies\6C0LE4PS.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Cookies\7E12SHV9.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Cookies\F26C96SR.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Cookies\H4JSH3SG.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Cookies\index.dat => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Cookies\LAZEVBJF.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Cookies\OBC00FSD.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Cookies\S1D1EI1J.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Cookies\SDCXNTFX.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Cookies\UVD0Z3CG.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Cookies\VSZKF0Q4.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Cookies\XGE2F7KG.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Cookies\YIPKOYNJ.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Cookies\ZAF1136C.txt => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CitrixLogs\G2AInstX.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CitrixLogs\G2MInst.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CitrixLogs\G2MInstX.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CitrixLogs\queue.xml => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CitrixLogs\gotomeeting\1082\G2MOutlookAddin_util.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CitrixLogs\gotomeeting\1082\logB043.tmp\G2MStart.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CitrixLogs\gotomeeting\1082\logB043.tmp\GoToMeeting_00.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CitrixLogs\gotomeeting\1009\G2MOutlookAddin_util.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CitrixLogs\gotomeeting\1009\log2BF8.tmp\G2MStart.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CitrixLogs\gotomeeting\1009\log2BF8.tmp\GoToMeeting_00.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CitrixLogs\GoToAssist\896\logF069.tmp\G2AInst.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CitrixLogs\GoToAssist\896\logF069.tmp\G2AInstX.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CitrixLogs\GoToAssist\896\logF069.tmp\g2aservice-start_session_00.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CitrixLogs\GoToAssist\896\logF069.tmp\GoToAssist_00.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CitrixLogs\GoToAssist\896\logA74.tmp\G2AInst.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CitrixLogs\GoToAssist\896\logA74.tmp\G2AInstX.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CitrixLogs\GoToAssist\896\logA74.tmp\g2aservice-start_session_00.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CitrixLogs\GoToAssist\896\logA74.tmp\GoToAssist_00.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CitrixLogs\GoToAssist\896\log7592.tmp\G2AInst.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CitrixLogs\GoToAssist\896\log7592.tmp\G2AInstX.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CitrixLogs\GoToAssist\896\log7592.tmp\g2aservice-start_session_00.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CitrixLogs\GoToAssist\896\log7592.tmp\GoToAssist_00.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CitrixLogs\GoToAssist\896\log202.tmp\G2AInst.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CitrixLogs\GoToAssist\896\log202.tmp\G2AInstX.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CitrixLogs\GoToAssist\896\log202.tmp\g2aservice-start_session_00.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CitrixLogs\GoToAssist\896\log202.tmp\g2aservice-start_session_01.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CitrixLogs\GoToAssist\896\log202.tmp\GoToAssist_00.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\CitrixLogs\GoToAssist\896\log202.tmp\GoToAssist_01.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Citrix\GoToAssist\896\g2a223.tmp\g2achat.exe => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Citrix\GoToAssist\896\g2a223.tmp\g2acombinedcustomerchat2way.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Citrix\GoToAssist\896\g2a223.tmp\g2acomm.exe => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Citrix\GoToAssist\896\g2a223.tmp\g2afiletransfer.exe => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Citrix\GoToAssist\896\g2a223.tmp\g2ahost.exe => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Citrix\GoToAssist\896\g2a223.tmp\g2ahostnoui.exe => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Citrix\GoToAssist\896\g2a223.tmp\G2AInstaller.exe => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Citrix\GoToAssist\896\g2a223.tmp\G2AInstaller_Admin.exe => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Citrix\GoToAssist\896\g2a223.tmp\g2alaunchercustomer.exe => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Citrix\GoToAssist\896\g2a223.tmp\G2AProcessFactory.exe => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Citrix\GoToAssist\896\g2a223.tmp\g2aremotediagnostics.exe => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Citrix\GoToAssist\896\g2a223.tmp\G2AResource.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Citrix\GoToAssist\896\g2a223.tmp\g2aservice.exe => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Citrix\GoToAssist\896\g2a223.tmp\g2asessioncontrol.exe => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Citrix\GoToAssist\896\g2a223.tmp\g2auicustomer.exe => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Citrix\GoToAssist\896\g2a223.tmp\G2AUninstaller.exe => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Citrix\GoToAssist\896\g2a223.tmp\g2aview.exe => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Citrix\GoToAssist\896\g2a223.tmp\G2AWinLogon_x64.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Citrix\GoToAssist\896\g2a223.tmp\G2A_Admin_UI.exe => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Citrix\GoToAssist\896\g2a223.tmp\RootCert.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Citrix\GoToAssist\896\g2a223.tmp\ScreenCaptureWin8Dll.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\Citrix\GoToAssist\896\g2a223.tmp\uninshlp.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\APNLogs\iw.log => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\.bitrock\.tmp_4092_4678409\file-16px.png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\.bitrock\.tmp_4092_4678409\folder-16px.png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\.bitrock\.tmp_4092_4678409\leftImage.png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\.bitrock\.tmp_4092_4678409\logoImage.png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\.bitrock\.tmp_4092_4678409\msgbox-error.png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\.bitrock\.tmp_4092_4678409\msgbox-info.png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\.bitrock\.tmp_4092_4678409\msgbox-question.png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\.bitrock\.tmp_4092_4678409\msgbox-warning.png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\.bitrock\.tmp_4092_4678409\open_project-16px.png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\.bitrock\.tmp_4092_4678409\open_project-16px_disabled.png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\.bitrock\.tmp_4092_4678409\open_project-16px_selected.png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\.bitrock\.tmp_4092_4678409\splashImage.png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\.bitrock\.tmp_4092_4678409\updir.png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\.bitrock\.tmp_4092_4678409\wmImage.png => Moved successfully.
C:\Users\dmiller\AppData\Local\Temp\.bitrock\.tmp_4092_4678409\x01image_small.png => Moved successfully.
Could not move "C:\Users\dmiller\AppData\Local\Temp" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-02 08:05:07)<=

C:\Users\dmiller\AppData\Local\Temp\AdobeARM.log => Is moved successfully.
C:\Users\dmiller\AppData\Local\Temp\etilqs_8c26vlIeQs1uiOF => Is moved successfully.
C:\Users\dmiller\AppData\Local\Temp\etilqs_dN4RbRyQsA1kFdN => Is moved successfully.
C:\Users\dmiller\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
C:\Users\dmiller\AppData\Local\Temp => Moved successfully.

==== End of Fixlog ====



#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:29 AM

Posted 02 April 2014 - 01:02 PM

Hello,

 

Nice work! We managed to clean the infection. I guess that dllhost processes are no longer an issues? :)

 

Also if you don't mind, I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

The most of them should take no more than 5 minutes each (but the time they take to complete can vary depending on the size of your hard and the speed of your computer).

 

 

STEP 1

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 2

 

 

  • Please download RogueKillerX64.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
     
  • Click the Start Scan button.
     
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 4

 

 

Please download Malwarebytes Anti-Malware to your desktop.
 

  • Double-click mb3-setup-1878.1878-3.3.1.2183.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 5

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 6

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#12 pamheld

pamheld
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 02 April 2014 - 02:53 PM

I am performing the steps now.  Do I need to create an account at pastebin.com?  Can't I just copy and paste in my reply, as I have been doing?



#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:29 AM

Posted 02 April 2014 - 02:58 PM

Hello,

 

No, it's not needed to create an account at pastebin.com. :)

Also you can use pastebin.com only for very long log files (like the one created by TDSSKiller for example)...feel free to post the other logs in your next reply in this topic. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#14 pamheld

pamheld
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 02 April 2014 - 03:40 PM

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/02/2014 12:34:21 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 04/02/2014 12:35:01 PM
Execution time: 0 hours(s), 0 minute(s), and 40 seconds(s)
RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : dmiller [Admin rights]
Mode : Scan -- Date : 04/02/2014 12:40:18
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] PCShowServerPMWrapper.exe -- C:\Users\dmiller\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [7] -> KILLED [TermProc]
[SUSP PATH] NDSPCShowServer.exe -- C:\Users\dmiller\AppData\Local\DIRECTV Player\NDSPCShowServer.exe [7] -> KILLED [TermThr]

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : PCShowServer ("C:\Users\dmiller\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [7]) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : Kernel and Hardware Abstraction Layer (KHALMNPR.EXE [7]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2525335773-3161513007-335672579-1000\[...]\Run : PCShowServer ("C:\Users\dmiller\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [7]) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{6E3344BF-7F5B-4E85-8FE5-76103455A977}.exe - --uninstall=1 [x] -> FOUND
[V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{6E3344BF-7F5B-4E85-8FE5-76103455A977}.exe - --uninstall=1 [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 1 ¤¤¤
[CHR][PUP] Default : AVG Security Toolbar

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (DllCanUnloadNow) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x774E8F34)
[Address] EAT @explorer.exe (DllGetClassObject) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x774E8FF0)
[Address] EAT @explorer.exe (FastMimeGetFileExtension) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x774CB720)
[Address] EAT @explorer.exe (FastMimeGetIsMimeFilterEnabled) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x774C5B20)
[Address] EAT @explorer.exe (FastMimeLookupKnownType) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x774C5A68)
[Address] EAT @explorer.exe (FastMimeSetIsMimeFilterEnabled) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x774C5FD8)
[Address] EAT @explorer.exe (IEGetFrameUtilExports) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x774E8DD0)
[Address] EAT @explorer.exe (IEGetProcessModule) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x774E8DB0)
[Address] EAT @explorer.exe (IEGetTabWindowExports) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x774E8DC0)
[Address] EAT @explorer.exe (IERT_DelayLoadFailureHook) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x774E91B0)
[Address] EAT @explorer.exe (ImpersonateUser) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x774F0C98)
[Address] EAT @explorer.exe (LCIECalculatePackedStringSize) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x774DB5A4)
[Address] EAT @explorer.exe (LCIEPackString) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x774DB684)
[Address] EAT @explorer.exe (LCIEUnpackString) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x774DB520)
[Address] EAT @explorer.exe (ResetIEExtensibility) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x774F1CF0)
[Address] EAT @explorer.exe (ResetIERegistrySettings) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x774F1AE0)
[Address] EAT @explorer.exe (RevertImpersonate) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x774F0D18)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : PUP ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD10EALX-759BA1 ATA Device +++++
--- User ---
[MBR] 22e2d9699a8947266075a15a51cbcb03
[BSP] 6d5210babbe57b8602dcdca986903d38 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 14142 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29044736 | Size: 939686 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- Multi-Card USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_04022014_124018.txt >>

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/2/2014
Scan Time: 1:05:40 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.04.02.08
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: dmiller

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 360258
Time Elapsed: 7 min, 6 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG Anti-Virus Business Edition 2012   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java™ 6 Update 24  
 Java version out of Date!
 Adobe Flash Player 12.0.0.77  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox (28.0)
 Google Chrome 33.0.1750.146  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 AVG avgwdsvc.exe
 AVG avgtray.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 

HitmanPro 3.7.9.216
www.hitmanpro.com

   Computer name . . . . : DMILLER-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : dmiller-PC\dmiller
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-04-02 13:13:59
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 28s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 69

   Objects scanned . . . : 1,663,518
   Files scanned . . . . : 34,685
   Remnants scanned  . . : 390,432 files / 1,238,401 keys

Potential Unwanted Programs _________________________________________________

   C:\ProgramData\APN\ (AskBar)
   C:\ProgramData\APN\APN-Stub\W3IV6-G\ (AskBar)
   C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z (AskBar)
   C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll (AskBar)
      Size . . . . . . . : 162,440 bytes
      Age  . . . . . . . : 394.5 days (2013-03-04 00:02:44)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : D7D9E015635E6ED44F8EAFC28C6CDBF92079A9A30EF55FD8C729653965E60403
      Product  . . . . . : Stub Installer
      Publisher  . . . . : Ask Partner Network
      Description  . . . : APN Install Checker
      Version  . . . . . : 6.6.0.13
      Copyright  . . . . : Copyright © 2011 Ask Partner Network.  All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0

   C:\ProgramData\APN\APN-Stub\W3IV6-G\Setup.ini (AskBar)
   homepage
   C:\Users\dmiller\AppData\Local\Google\Chrome\User Data\Default\Preferences

   session/startup_urls[0]
   C:\Users\dmiller\AppData\Local\Google\Chrome\User Data\Default\Preferences

   conduit.search
   C:\Users\dmiller\AppData\Local\Google\Chrome\User Data\Default\Web Data

   C:\Users\pheldenbrand.CREEKBRIDGE\AppData\LocalLow\AskToolbar\ (AskBar)
   C:\Users\pheldenbrand.CREEKBRIDGE\AppData\LocalLow\AskToolbar\APNU\ (AskBar)
   C:\Users\pheldenbrand.CREEKBRIDGE\AppData\LocalLow\AskToolbar\APNU\config.xml (AskBar)
   C:\Users\pheldenbrand\AppData\LocalLow\AskToolbar\ (AskBar)
   C:\Users\pheldenbrand\AppData\LocalLow\AskToolbar\APNU\ (AskBar)
   C:\Users\pheldenbrand\AppData\LocalLow\AskToolbar\APNU\config.xml (AskBar)
   C:\Users\pheldenbrand\AppData\LocalLow\AskToolbar\cache.dat (AskBar)
   C:\Users\pheldenbrand\AppData\LocalLow\AskToolbar\config.xml (AskBar)
   C:\Users\pheldenbrand\AppData\LocalLow\AskToolbar\osearch.xml (AskBar)
   HKLM\SOFTWARE\Classes\s\ (Softonic)
   HKLM\SOFTWARE\Classes\speedupmypc\ (SpeedUpMyPC)
   HKU\S-1-5-21-2525335773-3161513007-335672579-1000\Software\APN PIP\ (AskBar)

Cookies _____________________________________________________________________

   C:\Users\dmiller\AppData\Roaming\Microsoft\Windows\Cookies\12GYAYMT.txt
   C:\Users\dmiller\AppData\Roaming\Microsoft\Windows\Cookies\O8AK1W8J.txt
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:2o7.net
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:ad.360yield.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:ad.e-kolay.net
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:ad.yabuka.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:ad.yieldmanager.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:ads.al.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:ads.bleepingcomputer.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:ads.cleveland.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:ads.intergi.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:ads.masslive.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:ads.mlive.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:ads.nj.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:ads.nola.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:ads.oregonlive.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:ads.pennlive.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:ads.pointroll.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:ads.syracuse.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:ads.undertone.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:adserver.adtechus.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:advertising.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:at.atwola.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:atdmt.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:burstnet.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:c1.atdmt.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:casalemedia.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:collective-media.net
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:dmtracker.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:doubleclick.net
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:earthlink.122.2o7.net
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:interclick.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:invitemedia.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:kontera.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:media6degrees.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:microsoftsto.112.2o7.net
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:network.realmedia.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:questionmarket.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:realmedia.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:revsci.net
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:ru4.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:serving-sys.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:smartadserver.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:specificclick.net
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:statcounter.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:track.prd.inpwrd.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:ww251.smartadserver.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:www.googleadservices.com
   C:\Users\dmiller\AppData\Roaming\Mozilla\Firefox\Profiles\rws94910.default\cookies.sqlite:zedo.com





 

 

 



#15 pamheld

pamheld
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 02 April 2014 - 03:46 PM

postbin.com created at text file which was 345 KB.  I tried to attach but was told it was too large.  Your thoughts?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users