Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple dllhost.exe*32 COM Surrogates help needed please.


  • This topic is locked This topic is locked
12 replies to this topic

#1 Friar K

Friar K

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:46 PM

Posted 14 February 2015 - 10:13 AM

I have read your preparation guide for malware removal. Thank you in advance for your efforts and expertise.

 

I use Windows7, 64 bit. My security is Norton Security. I contracted this virus around 2/8/2015. In the Task Manager processes, there are multiple (8-10) dllhost.exe*32 processes running. The Task Manager applications tab suggests that there are as many instances of IE running although there are not. In IE11, the history suggests that I have visited many sites I have not visited.  These unvisited sites seem to accumulate the longer I leave the computer on.  Most of them are kids sites and I wonder if my kids have messed with my computer and downloaded something malicious. I delete my IE history on closure so the reappearance of so many current but false sites in the history suggests that this virus is quite active. It only loads if internet access is enabled. If I disable my internet connection and reboot, it doesn't load.

 

Below, I have copied and pasted the FRST.txt file and attached the addition.txt file as instructed.

 

Attached File  Addition.txt   48.04KB   0 downloads

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015

Ran by karulus (administrator) on MAINGEAR on 14-02-2015 09:48:52

Running from C:\Users\karulus\Desktop

Loaded Profiles: karulus (Available profiles: karulus)

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Aventail Corporation) C:\Windows\System32\ngvpnmgr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Efficient Software) C:\Program Files (x86)\Efficient Notes Free\EfficientNotesFree.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe

(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe

(Microsoft Corporation) C:\Windows\System32\SystemPropertiesAdvanced.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543912 2011-11-08] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-03] (Realtek Semiconductor)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)

HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)

HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2041192 2012-10-10] ()

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)

HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)

HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink)

HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2014-01-06] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)

HKLM-x32\...\Run: [EfficientNotesFree] => [X]

HKLM-x32\...\Run: [Norton Ghost 15.0] => C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe [2598760 2010-03-03] (Symantec Corporation)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)

HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe [240112 2009-07-24] (Sonic Solutions)

HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe [84464 2009-07-21] ()

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKU\S-1-5-21-942149292-542124979-3616454306-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company)

HKU\S-1-5-21-942149292-542124979-3616454306-1001\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-942149292-542124979-3616454306-1001\...\MountPoints2: {cdbf27e5-6ef1-11e1-bda0-806e6f6e6963} - F:\FalloutLauncher.exe

Startup: C:\Users\karulus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\karulus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\karulus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\karulus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\karulus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\karulus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\karulus\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\karulus\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\karulus\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-942149292-542124979-3616454306-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/

HKU\S-1-5-21-942149292-542124979-3616454306-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKU\S-1-5-21-942149292-542124979-3616454306-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://athenanet.athenahealth.com/1/4/login.esp

https://cronometer.com/#diary

SearchScopes: HKU\S-1-5-21-942149292-542124979-3616454306-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869

BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)

DPF: HKLM-x32 {3330F262-2C25-44C5-9D0E-CD11E45B06F3} https://crhsswcswr01.columbusregional.com/cabs/swr.cab

DPF: HKLM-x32 {832B4EED-7115-41CB-9A87-993F5C1545E4} https://athenanet.athenahealth.com/static_20131015/LibCheck.CAB

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:

========

FF ProfilePath: C:\Users\karulus\AppData\Roaming\Mozilla\Firefox\Profiles\ck76rd1n.default

FF Homepage: https://translate.google.com/?hl=en#es/en/risillas|hxxp://www.forvo.com/|hxxp://www.verbix.com/languages/arabic.shtml|hxxp://www.spanishdict.com/translate/seg%C3%BAn|hxxp://lema.rae.es/drae/?val=risillas|hxxp://www.larousse.com/en/dictionaries/french-english/godiche/37348|hxxp://www.cnrtl.fr/definition/emballement|hxxp://www.almaany.com/home.php?language=english&lang_name=Arabic&word=%D8%B9%D8%B1%D9%8A%D8%A7%D9%86|hxxp://www.wordreference.com/aren/%D8%B9%D9%8A%D8%B1%D8%A7%D9%86|hxxp://en.glosbe.com/ar/en/%D9%88%D9%84%D8%AF|hxxp://www.dicts.info/ud.php?l1=arabic&l2=

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()

FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()

FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-942149292-542124979-3616454306-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-02-14]

FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-30]

Chrome:

=======

CHR StartupUrls: Default -> "https://courses.edx.org/accounts/login?next=/dashboard", "https://www.coursera.org/", "hxxp://www.italki.com/user/1423386", "https://expertconsult.inkling.com/read/wein-campbellwalsh-urology-10th/chapter-18/the-cell-cycle#9be49cc0c5a5478baa10f90db9c55f68", "https://www.auanet.org/login/?refer=/education/ju.cfm?", "https://play.spotify.com/discover"

CHR Profile: C:\Users\karulus\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\karulus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]

CHR Extension: (Norton Security Toolbar) - C:\Users\karulus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-03-25]

CHR Extension: (Google Wallet) - C:\Users\karulus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path

CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-06] (DTS, Inc)

S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)

S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]

R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-16] (Hewlett-Packard Company) [File not signed]

S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)

R2 NgVpnMgr; C:\windows\system32\ngvpnmgr.exe [436296 2010-02-02] (Aventail Corporation)

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)

R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [60416 2009-06-22] (Hewlett-Packard) [File not signed]

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed]

R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2010-02-11] (Symantec)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

S3 Symantec SymSnap VSS Provider; C:\windows\system32\dllhost.exe /Processid:{43916AA6-E4B5-4E97-B3F8-04993709B707}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 asahci64; C:\Windows\system32\drivers\asahci64.sys [36448 2011-03-23] (Asmedia Technology)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150203.001\BHDrvx64.sys [1622744 2015-02-02] (Symantec Corporation)

R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)

R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)

R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [23832 2011-12-02] (Intel Corporation)

R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150213.001\IDSvia64.sys [669400 2015-02-04] (Symantec Corporation)

R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150213.019\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150213.019\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)

S3 NgFilter; C:\Windows\System32\DRIVERS\ngfilter.sys [25672 2010-02-02] (Aventail Corporation)

R3 NgLog; C:\Windows\System32\DRIVERS\nglog.sys [31304 2010-02-02] (Aventail Corporation)

R3 NgVpn; C:\Windows\System32\DRIVERS\ngvpn.sys [102984 2010-02-02] (Aventail Corporation)

R3 NgWfp; C:\Windows\System32\DRIVERS\ngwfp.sys [28744 2010-02-02] (Aventail Corporation)

R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)

R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-12] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)

R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2010-02-11] (StorageCraft)

S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)

S3 cpuz135; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]

S3 cpuz137; \??\C:\Users\karulus\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]

S3 gdrv; \??\C:\Windows\gdrv.sys [X]

U2 V2iMount; No ImagePath

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-14 09:48 - 2015-02-14 09:48 - 00000000 ____D () C:\Users\karulus\Desktop\FRST-OlderVersion

2015-02-14 09:06 - 2015-02-14 09:07 - 00448512 _____ (OldTimer Tools) C:\Users\karulus\Desktop\TFC.exe

2015-02-14 08:55 - 2015-02-14 09:01 - 00001594 _____ () C:\Users\karulus\Desktop\fixlist01.txt

2015-02-13 22:47 - 2015-02-13 22:48 - 00000000 ____D () C:\Users\karulus\AppData\Local\{227DB257-686D-4B33-9585-AC3FC51E4A70}

2015-02-12 19:33 - 2015-02-12 09:44 - 02347384 _____ (ESET) C:\Users\karulus\Desktop\esetsmartinstaller_enu.exe

2015-02-11 18:24 - 2015-02-11 18:24 - 00000000 ____D () C:\Users\karulus\AppData\Local\{165C52FE-591D-4E40-80E1-1357986E2934}

2015-02-10 17:56 - 2015-02-14 09:49 - 00023205 _____ () C:\Users\karulus\Desktop\FRST.txt

2015-02-10 17:56 - 2015-02-14 09:48 - 00000000 ____D () C:\FRST

2015-02-10 17:52 - 2015-02-14 09:48 - 02134528 _____ (Farbar) C:\Users\karulus\Desktop\FRST64.exe

2015-02-09 11:52 - 2015-02-09 11:52 - 00000000 ____D () C:\Users\karulus\AppData\Local\{92242330-6D92-4BE9-863B-D1B94E85F67A}

2015-02-09 10:36 - 2015-02-09 10:36 - 00000000 ____D () C:\Users\karulus\AppData\Local\{BE723668-066A-4376-A64E-29E3F7005DDE}

2015-02-03 18:01 - 2015-02-03 18:02 - 00000000 ____D () C:\Users\karulus\AppData\Local\{73A79D52-B2C8-4B88-B3D4-A3B819608443}

2015-01-31 10:11 - 2015-01-31 10:11 - 00000000 ____D () C:\Users\karulus\AppData\Local\{1CB4ACA5-5357-4EC8-BFBB-32205C2E9DE2}

2015-01-29 17:47 - 2015-01-29 17:49 - 00000000 ____D () C:\Users\karulus\AppData\Local\{F6F4BCE6-23B0-4399-9582-54D3064834F1}

2015-01-26 11:44 - 2015-01-26 11:44 - 00000000 ____D () C:\Users\karulus\AppData\Local\{D491D57B-EEE4-441D-BC6F-38DECF044404}

2015-01-25 16:18 - 2015-01-25 16:18 - 00000000 ____D () C:\Users\karulus\Documents\Games for Windows - LIVE Demos

2015-01-25 16:18 - 2015-01-25 16:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE

2015-01-25 16:18 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll

2015-01-25 16:18 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll

2015-01-25 15:47 - 2015-01-25 15:47 - 00003058 _____ () C:\Windows\System32\Tasks\{BCD03A76-0FE9-4CA4-B9AB-D62C0D56E935}

2015-01-25 11:49 - 2015-01-26 11:20 - 00000000 ____D () C:\Users\karulus\AppData\Local\Fallout3

2015-01-25 11:49 - 2015-01-25 11:49 - 00000000 ____D () C:\Users\karulus\Documents\My Games

2015-01-25 11:33 - 2015-01-25 11:33 - 00053161 _____ () C:\Windows\DirectX.log

2015-01-25 11:33 - 2015-01-25 11:33 - 00000000 ____D () C:\Windows\SysWOW64\xlive

2015-01-25 11:33 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll

2015-01-25 11:33 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll

2015-01-25 11:33 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll

2015-01-25 11:33 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll

2015-01-25 11:33 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll

2015-01-25 11:33 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll

2015-01-25 11:33 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll

2015-01-25 11:33 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll

2015-01-25 11:33 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll

2015-01-25 11:33 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll

2015-01-25 11:33 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll

2015-01-25 11:33 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll

2015-01-25 11:33 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll

2015-01-25 11:33 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll

2015-01-25 11:33 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll

2015-01-25 11:33 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll

2015-01-25 11:33 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll

2015-01-25 11:33 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll

2015-01-25 11:33 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll

2015-01-25 11:33 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll

2015-01-25 11:33 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll

2015-01-25 11:33 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll

2015-01-25 11:33 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll

2015-01-25 11:33 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll

2015-01-25 11:33 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll

2015-01-25 11:33 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll

2015-01-24 12:46 - 2015-01-24 12:46 - 00000000 ____D () C:\Users\Public\CyberLink

2015-01-23 18:19 - 2015-01-23 18:19 - 00000000 ____D () C:\Users\karulus\AppData\Local\{255FAF36-BC6A-4F06-B30E-5799BBAE2709}

2015-01-22 20:30 - 2015-01-22 20:30 - 00000000 ____D () C:\Users\karulus\AppData\Local\{B8629E23-F9C0-42A3-936D-35B365B10DBA}

2015-01-21 16:09 - 2015-01-21 16:11 - 00000000 ____D () C:\Users\karulus\AppData\Local\{10EB1622-F58C-4068-A63C-90DAF3CE52B2}

2015-01-20 18:41 - 2015-01-20 18:41 - 00000000 ____D () C:\GOG Games

2015-01-19 00:09 - 2015-01-19 00:10 - 00000000 ____D () C:\Users\karulus\AppData\Local\{A937CE18-025F-4BAA-BE17-49F964047488}

2015-01-17 18:07 - 2015-01-17 18:08 - 00000000 ____D () C:\Users\karulus\AppData\Local\{E421AFE6-7B82-4833-8E58-E09128F1E9F5}

2015-01-15 18:01 - 2015-01-15 18:01 - 00000000 ____D () C:\Users\karulus\AppData\Local\{0A0FBD35-841A-4D92-A2E8-547116D6F359}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-14 09:36 - 2012-03-25 12:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-14 09:36 - 2009-07-13 23:45 - 00027184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-02-14 09:36 - 2009-07-13 23:45 - 00027184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-02-14 09:23 - 2013-06-23 08:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-02-14 09:07 - 2012-03-16 11:11 - 00000000 ____D () C:\Users\karulus\Documents\EfficientPIM AutoBackup

2015-02-14 08:42 - 2012-03-19 20:10 - 00688312 _____ () C:\Windows\system32\perfh00C.dat

2015-02-14 08:42 - 2012-03-19 20:10 - 00477166 _____ () C:\Windows\system32\perfh001.dat

2015-02-14 08:42 - 2012-03-19 20:10 - 00128974 _____ () C:\Windows\system32\perfc00C.dat

2015-02-14 08:42 - 2012-03-19 20:10 - 00093820 _____ () C:\Windows\system32\perfc001.dat

2015-02-14 08:42 - 2012-03-15 17:59 - 01706486 _____ () C:\Windows\WindowsUpdate.log

2015-02-14 08:42 - 2009-07-14 00:13 - 02147454 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-14 08:39 - 2012-03-15 19:55 - 00000000 ___RD () C:\Users\karulus\Dropbox

2015-02-14 08:39 - 2012-03-15 19:54 - 00000000 ____D () C:\Users\karulus\AppData\Roaming\Dropbox

2015-02-14 08:37 - 2012-03-25 12:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-14 08:36 - 2014-05-03 18:35 - 00029132 _____ () C:\Windows\setupact.log

2015-02-14 08:36 - 2012-03-08 14:11 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-02-14 08:36 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-13 23:06 - 2013-12-21 12:30 - 00004096 ___SH () C:\VSNAP.IDX

2015-02-10 22:43 - 2012-04-29 21:49 - 00000000 ____D () C:\Users\karulus\AppData\Local\CrashDumps

2015-02-09 06:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF

2015-02-05 21:23 - 2013-06-23 08:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-02-05 21:23 - 2012-08-28 20:30 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-02-05 21:23 - 2012-02-28 19:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-02-03 18:31 - 2012-03-25 12:04 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-02-03 18:31 - 2012-03-25 12:04 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-02-01 20:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Registration

2015-01-31 10:54 - 2012-08-25 18:12 - 00000000 ____D () C:\Users\karulus\AppData\Roaming\.anki

2015-01-30 22:20 - 2012-11-24 18:17 - 00885360 _____ () C:\Users\karulus\AppData\Local\rx_audio.Cache

2015-01-25 16:28 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2015-01-25 11:34 - 2012-02-28 17:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2015-01-24 01:17 - 2014-10-18 11:27 - 00031744 _____ () C:\Users\karulus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-01-23 22:58 - 2014-10-18 11:22 - 00000000 ____D () C:\Users\karulus\Documents\liteCam

2015-01-18 16:43 - 2014-07-02 17:18 - 00013596 _____ () C:\Windows\PFRO.log

==================== Files in the root of some directories =======

2014-10-20 10:53 - 2014-10-20 10:53 - 0038912 _____ () C:\Users\karulus\AppData\Roaming\dxlpuzb.dll

2014-10-20 10:53 - 2014-10-20 10:53 - 0000000 _____ () C:\Users\karulus\AppData\Roaming\oridrr.dll

2014-10-18 11:27 - 2015-01-24 01:17 - 0031744 _____ () C:\Users\karulus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-03-19 19:47 - 2014-06-01 15:21 - 0007605 _____ () C:\Users\karulus\AppData\Local\resmon.resmoncfg

2012-11-24 18:17 - 2015-01-30 22:20 - 0885360 _____ () C:\Users\karulus\AppData\Local\rx_audio.Cache

2012-11-24 18:17 - 2014-09-20 19:18 - 0430256 _____ () C:\Users\karulus\AppData\Local\rx_image32.Cache

2014-05-28 14:49 - 2013-08-17 21:47 - 0010240 _____ () C:\Users\karulus\AppData\Local\Z@!-480a8635-4216-4063-9726-eccd92912388.tmp

2014-05-28 14:49 - 2013-08-17 21:47 - 0009216 _____ () C:\Users\karulus\AppData\Local\Z@S!-37a67f37-9a86-46ba-ab18-dc3d81d5e2d8.tmp

2014-10-02 11:07 - 2014-10-02 11:08 - 0000000 _____ () C:\Users\karulus\AppData\Local\{87FEE4A4-F8F7-4ED2-94B0-638A38D0EDA7}

2012-09-17 18:19 - 2012-09-17 18:35 - 0000942 _____ () C:\ProgramData\hpzinstall.log

2014-05-28 14:49 - 2013-08-17 21:47 - 0010240 _____ () C:\ProgramData\Z@!-94f49532-e5c3-45b2-8cc6-15d58740a57c.tmp

2014-05-28 14:49 - 2013-08-17 21:47 - 0009216 _____ () C:\ProgramData\Z@S!-d1b60f22-8b95-4db3-95b5-2ea3ac9c6f4f.tmp

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2015-02-13 01:01

==================== End Of Log ============================

Attached Files


Edited by Friar K, 15 February 2015 - 09:55 AM.


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:46 PM

Posted 15 February 2015 - 02:27 PM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Friar K

Friar K
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:46 PM

Posted 16 February 2015 - 07:46 PM

Hi Agent 007. Thank you for your help. Danke sehr. I think you have already solved the problem!

 

Adware Cleaner Log:

# AdwCleaner v4.110 - Logfile created 16/02/2015 at 12:20:30
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : karulus - MAINGEAR
# Running from : C:\Users\karulus\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online
Folder Deleted : C:\Users\karulus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\Users\karulus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\karulus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B65B5CE-1CB5-4ECD-B369-2A02F614E6A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{130DDF47-335B-4A3B-809C-6A27561D247C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{521E3668-62B3-49E2-B5C2-B82B6D2DDBEF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{676E475C-3B97-492B-9541-B853D1DF05F9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{819342BD-C4A5-425A-B7C7-A4CB08EF846A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9DA4B4BB-5C18-4AAB-803B-6BBBB0A2AAC0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A17F8466-5402-4A46-9635-AB3DB292A88C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3F2D37F-8025-4DED-BE8F-9477FD9F11EC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D912D2DF-4651-4DF6-8752-5C0E338038C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DA076F67-EBC4-434C-9044-C9FB413CE566}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Key Deleted : [x64] HKLM\SOFTWARE\PIP

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

-\\ Mozilla Firefox v31.0 (x86 en-US)

-\\ Google Chrome v40.0.2214.111

[C:\Users\karulus\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\karulus\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [3134 bytes] - [16/02/2015 12:16:22]
AdwCleaner[R1].txt - [3193 bytes] - [16/02/2015 12:18:34]
AdwCleaner[S0].txt - [2934 bytes] - [16/02/2015 12:20:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2993  bytes] ##########

 

N.B. If you don't object to my feedback, please note that this program deleted a folder out of my start menu (C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online) which contained all my links to online applications such as IE, Chrome, Firefox, Google Earth, Skype, Windows Live Client, Dropbox and Norton Internet Security.  I eventually figured out how to restore it from quarantine.  When I scanned a second time with AdwareCleaner, it tagged the same folder for deletion. Rather than delete it, I simply changed the name of the folder from 'Online' to 'Internet' and AdwareCleaner ignored it. Apparently the contents of the folder were irrelevant. It simply doesn't like that word "online". It seems to be a fairly blunt instrument. 

 

Malwarebytes Anti-Malware Log:

 

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 2/16/2015

Scan Time: 6:47:55 PM

Logfile: mbam_log.txt

Administrator: Yes

Version: 2.00.4.1028

Malware Database: v2015.02.16.09

Rootkit Database: v2015.02.03.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: karulus

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 358237

Time Elapsed: 5 min, 7 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Warn

PUM: Warn

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 1

Trojan.JobLaunch.ODB, C:\Users\karulus\AppData\Roaming\dxlpuzb.dll, Quarantined, [aa68e238b2d8b0861cf4f3fcca37b24e],

Physical Sectors: 0

(No malicious items detected)

 

(end)

 

N.B.

On reboot after MBAM scan, the problem seems to be gone due to the quarantine of the that one file.

 

Junkware Removal Log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.2 (02.02.2015:1)

OS: Windows 7 Ultimate x64

Ran by karulus on Mon 02/16/2015 at 19:04:13.56

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

~~~ Services

 

 

~~~ Registry Values

 

 

~~~ Registry Keys

 

 

~~~ Files

 

 

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{00308DE7-FC89-43CE-879F-DA44282C2379}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{00420DFA-A8B2-45D7-935E-FA32AB2C8651}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{0119F9C0-D09C-4286-BB16-5BD96F43134C}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{01F13889-31FB-40D9-81C3-2A5AF98FE8BA}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{024B3234-D37F-4F7C-9F85-2D5A28EB50BF}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{027767F8-DF2A-4134-8BFA-0D2EB6533F22}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{02AD0D67-999B-409A-8651-082896313A68}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{02E81FB8-E1CF-4ABF-A54D-68BC9A8BCBA0}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{030DE115-768B-4886-9AA7-6A3A4E7BE1BB}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{03EDCB1F-2BB3-40F0-8689-7823B3A24F47}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{048ED3C7-E51D-44A2-942A-71E7DAF5DB61}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{04C0ED3D-F88C-4A1E-A8CD-DC52E1362C4A}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{06AB30F3-4255-4757-B76F-04AC0F316235}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{06D03377-D87C-4E1A-A963-F2698A9A9F58}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{06FC5855-91E9-41D4-8677-B3ECF54EE581}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{0767A79F-3044-4036-A732-FF3036489F26}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{077B45F5-D31F-4EB1-8C69-393534FB3599}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{07E9FD6A-B00B-4D7A-B07C-C72CD33CCDB0}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{0891CD4C-7ECD-47C1-87C5-00991EA7F970}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{08C1DAF5-4446-4CAF-8ABE-161D5D0BD5F1}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{0A0FBD35-841A-4D92-A2E8-547116D6F359}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{0ACA2294-44D4-4AF0-836D-7213095E0D2F}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{0ACE18AF-182B-4303-B454-E4CD702E650A}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{0B1CD4E5-2160-40C1-903E-C50A0D0027E5}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{0C4C0F81-C8BC-4501-A13F-F8F7C6D23429}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{0CCDA0DA-3981-4656-A976-0D642E8B449B}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{0CF2D155-075A-4194-86BB-BDCFAB8A7408}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{0E3D4708-1578-4B58-999C-6C97DDE89F4F}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{0ED3655F-F489-4F9F-A295-BBC88B5F65BC}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{0EEA4565-5B04-4C91-8198-4E139F719B52}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{0F77ACA5-0694-40C4-B363-20214C3ABE2C}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{104B230B-8270-4A68-A96E-3669AE1D35BA}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{1093A895-376F-4A7E-8C95-6861A9D2D988}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{10BDBFE0-90F1-4C20-83AE-AA64189291B2}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{10EB1622-F58C-4068-A63C-90DAF3CE52B2}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{10F69708-D4CB-4F5E-AD3B-8BC2EB82E16F}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{114CDF3A-4E22-4C2D-BF37-6ACC12D53A8A}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{11E17CE6-CCB0-4939-84A8-04B7CFEB780C}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{12080AEF-3621-4349-9795-3E70C416A9FA}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{12F1A208-DAE2-4BF6-A1F8-A69419CAA12A}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{136BB7FA-03E8-42AA-B0F6-983E7D6E6884}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{13EB565F-B59F-4385-8977-F99BA10B8F0C}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{13FB6C6D-D604-44B9-AFC1-D30160A9D3AF}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{14CB7FD7-7EBB-4159-80E0-86E0BE04D76F}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{15210ADB-2AE6-4577-BC20-214A82E0F892}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{152C152F-3017-4963-A6E5-AA17F5823C82}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{15783DB9-045B-4F7C-A003-927D157D9CBC}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{15AC766D-C681-4629-B237-741F66816B47}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{15BECA97-7933-4260-879A-90B1FE96479C}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{15C2312E-C0FA-40B0-81CE-313F714D762E}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{15DEEBCB-5D20-4618-B320-B5837DF8467B}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{165C52FE-591D-4E40-80E1-1357986E2934}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{16A989BF-0E73-4FDA-833C-D244BDA8D26F}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{1760F8BD-16FF-4E74-8D2C-0DB6BA603756}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{179CC3BB-73A1-4447-9353-9D0016C974B9}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{17E8DA8E-FFF8-4177-9E55-31A947115BA4}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{18DD0552-CD5F-43B2-BB44-92033CCE4558}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{1906F9F1-7DC1-4EE3-AC8F-C13D2ABE63D1}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{194C0CD3-F124-47BD-AA3A-B58B1D026D02}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{1A806A9E-ED82-485C-ACF4-7AE5290C2AA2}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{1AD2F94A-B5F0-4D9E-BA81-6E5958D28580}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{1CB4ACA5-5357-4EC8-BFBB-32205C2E9DE2}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{1E319A62-0885-4B63-94CB-2A2CE44451F1}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{1E5C1521-680C-4021-AD94-E1570522728F}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{1E699586-B3B9-4DB0-AD78-3E9312FBF796}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{1EC3BCAE-BA0E-4FD2-A994-28B086D1BC7A}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{1ECE5A65-2A91-432A-96D5-DB7E72ECD427}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{1F028D7B-1C70-4BC8-8CE2-4E5F487B02D4}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{1F726790-830E-498C-B167-74E1A68589E3}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{1F7E9AE2-D9F1-48C1-BBC9-525F8601DE7C}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{2051E113-AC84-4CC6-A3E9-7A5AD8520552}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{20579E03-71A0-428C-AF97-A51137048295}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{20FC5681-ABF8-47D7-A3C9-A6E0444E0E71}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{223FBAC3-DF17-454A-AA45-7E5B46601E4E}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{226003DE-861E-4E1C-AE18-912D6CF5794F}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{2272C55C-DC4B-40C3-BAF1-FAC84D862845}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{227DB257-686D-4B33-9585-AC3FC51E4A70}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{23DD512F-A33D-42C7-A388-1F99F552D2A1}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{23F4E060-1B60-4E92-95BD-BB0C956C4648}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{24155B8E-E2A9-467F-8CED-0CCBB8D05661}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{2534AAE9-0FFD-491B-8C27-97CDCA39B931}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{255FAF36-BC6A-4F06-B30E-5799BBAE2709}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{2603039A-C34A-4DB7-9600-863DAC8D3A2A}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{266A5A22-9A8C-45B5-95E9-514239151C9C}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{269159C7-2106-485C-A7E2-9BA8129B85CB}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{2769212D-64EC-47BE-A86E-88B9EEC76848}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{27CF518F-1159-48C8-A35D-FC6D4B4E3946}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{27D2E846-0107-468F-97F6-BD8EDE87DC26}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{28099487-8EF9-4FD2-84E7-C89B66DFA661}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{2A045580-3285-4217-A073-BD92D46EC543}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{2A4F424D-3CCF-44CF-9FE0-C172DF56A438}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{2BEE141A-063D-414A-9EFE-B61382D17FBB}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{2C118DF1-3CEB-41D4-9F99-0ACF4BC61780}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{2C223C12-9674-477D-AB0A-AC47E7ED766C}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{2C58A948-A972-4A6C-B5A8-EB2EDD242BF5}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{2DB0CB49-02FD-486E-896D-333A95B51565}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{2DD339C6-8896-4287-BEFE-6137A3ADDA06}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{2DDA5024-CA53-4681-A5E7-3D83B41D068A}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{2E92301F-9C2C-446D-87AB-25DD00AECE57}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{2F812F6D-B2F8-4809-A773-5AB800010687}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{300B3B28-B080-48BD-880F-1BD20C17343C}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{30317DEB-FFD8-499E-AD64-D78900B9C333}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{30663D6A-95DE-44C7-ADD1-5DD9D9FE2D51}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{307BFC96-4C9B-46A3-89C8-6853C7759631}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{30C83132-589B-41C2-8F09-9424B54E8739}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{311FC1A7-604B-4C8E-A422-2DA1EE7A9A57}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{317F9D4A-0518-4ABA-80B5-D4B736DD7FD9}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{3229AF64-51E7-4639-9365-6806113FAC28}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{32331B06-5FBE-4C3A-9B73-DBB81A4E34BF}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{323F5DF7-F294-472E-9562-7BD2F01E0471}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{327534DC-0A76-4F17-9268-787CB3227A82}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{330AC3D5-6AFC-4DE3-924D-9CE1564F43F2}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{3310CC84-7CFC-4BC2-94CF-975A0EE67E4C}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{332995B8-3B19-4D16-ACF5-4CBC05C1C5C0}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{33E8CE27-6021-4B44-9535-46BC47C9A2DF}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{3414076D-540F-4871-8913-ECE6E86D0379}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{34A30392-01BF-4E27-925F-BCCE514E2156}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{34E19C39-81E2-4804-9AB7-BB7DCF402F8D}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{34E2394B-5817-44FB-A5B0-E30C36332A8D}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{35721A48-DF95-4783-A434-AEE46F248D47}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{359BFAF5-E2E3-4386-B46D-30E393227A28}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{35C83F80-7866-44D5-BDF2-B06D05109FBC}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{35CD66F5-6CB0-466B-A98D-E7AAFE1F868C}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{363E094B-4868-4A9D-930A-2E4816E28128}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{37751200-C39C-4152-BA90-ACEB455C9CDE}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{3920E773-452E-494D-8015-738426A9A918}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{3937C19E-D2BD-4A46-83FF-5703795C488C}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{3AB301DE-A8C3-46C7-AD8D-74FAAF8D610B}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{3AC8605F-243A-4F3A-90AD-369376F945B5}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{3B0A632B-99CA-48C3-AC09-74B9615FC91B}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{3B221DFA-6378-496E-A09A-68C7A6A7D808}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{3B55667A-9446-461F-98C6-50271346179C}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{3B8DB13F-E500-4923-9EE7-0A690771BAF6}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{3BD6A6B6-F140-42C2-9A52-E2FE34E3A9DD}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{3CB08E29-5839-45C5-9D7A-6A4A73EEA125}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{3CE3B619-2515-4773-B592-0D71B89A2C87}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{3D74E7B9-EFB8-43B2-9BD6-AC0CC8FE0182}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{3D769427-8642-4240-A7CA-95EB59BFDC4A}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{3E02840A-B2C5-4FE1-BAA2-F283D09020C1}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{3E1A5469-9026-4EEB-92B1-0184EFF746A7}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{3F18FA51-81C6-41F4-B15E-BA39BF53364D}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{3FA9663E-3303-4031-BFCA-24C9024AAB84}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{3FBAF61E-A0E9-43A4-8326-B702E8C2D2D5}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{3FE985F3-B5C9-4FE4-9232-87BAAA0671D9}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{429968BC-322D-48ED-AD5B-E024D83BB442}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{4358792A-B827-4CFF-A686-397FE195500B}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{43B31D93-CC55-4B0C-9855-5B9A640BF054}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{44BCC4DC-095F-47E0-AF83-964F09E4FCDD}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{4583E29B-1A07-4FEC-87D8-182AD1B391B8}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{472EBAC6-A2D7-4F55-8B2C-18DC42B9CB4B}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{47383F37-D5B6-446B-9835-9F988044C4DF}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{489D0396-A88F-42C1-9C84-1F13ADAD5473}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{48FDF574-4F88-43BC-977F-6F917D89E62A}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{4913B109-D4AF-4BBD-B632-CA08544B5263}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{494506E4-487B-43CE-BBC8-D27083903B6A}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{49A93F53-B9A5-4A18-8C67-991A7523D7CD}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{4A4557BB-CBFE-40CE-9788-7A11B52AAA0A}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{4AEDA350-366C-442A-AEC8-08CC31084910}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{4BF7B2A4-6C03-4096-9255-A9E359B0A485}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{4C3C4023-1FA0-4C64-AAFB-C6B140AE6E29}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{4D45D37D-31EB-4DE7-B2E7-136CDC77648C}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{4D60123B-C683-4538-97DC-3F4CACD8BBFE}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{4D852C33-4FB9-4192-881A-D21F2CFB7863}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{4E431910-ADA8-4179-A058-91579E8DE043}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{4EC59949-9DFB-4BA9-ABF4-67C1A00A74C8}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{4F308D6A-4991-4D1E-90C1-2B58F1274BA1}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{4F87C9F4-33E7-4ADF-9863-BBD10DF7726C}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{502F614B-6A17-4A85-AB57-0E8BAD497271}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{510EAA4C-43CA-46A2-AA6F-B32764D759A2}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{510FEFB7-3E55-44F9-ACE1-3A40F3076739}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{51461757-08D0-4D99-BBC9-99D9E294DC23}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{51B1AD4C-2C20-42FF-889E-73961F400172}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{538D3AE7-CDFE-4D3F-AB64-B31B40561912}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{53B7681E-55BB-4531-9587-329D86342F96}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{5408559F-6E73-4E4E-8104-E58A3274E679}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{542824D2-59D5-4D4F-BE4F-73EC4D0A6EBD}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{545CD93F-F87B-4510-B03F-67D6CE80CE76}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{546FB9AE-1981-4A35-B183-C6CA9F974894}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{5501602C-9D7D-47DC-8FF0-4720AB3E6A38}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{561D9300-AB72-4F6C-9AEB-860D856027F1}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{570FDEB7-2556-4E00-A082-B2D8391EB92D}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{574D9A32-0934-4759-8559-90BE438487C7}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{58189913-67F8-44A4-A724-8C9665D801FE}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{59970FDE-B865-4641-9BED-B9764E2B749E}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{59A9F5D6-9B5E-48B6-8BAE-61B128EFCA62}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{59DA2089-36CD-40D3-8C72-D7D7727B65CD}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{59FC0D3E-D752-4BB6-88DA-C55F2A85233F}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{5A49668A-D6E2-4917-80B3-1480451A3652}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{5B9C50D5-C870-4E17-AA57-64108E53E0E3}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{5C1E6FC7-F9F5-4E73-83F8-A3F07B7D649E}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{5C645739-9729-421A-8B28-E17DA00B87E0}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{5CAFB722-58C8-4B97-A720-FE122DC7EE92}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{5CBAE1EC-AC6D-478A-84B7-9B07FA030872}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{5D144897-1D81-4D58-85E9-261658E3B8C7}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{5D5010C8-BD90-4271-8256-EDB347E6D382}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{5D9695CE-E4E5-48B3-9227-75780405CD33}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{5E497D3F-449D-4E99-A348-2A527070C370}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{5ED56D42-4306-43D0-AE3F-418C73E9FFE0}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{5F8819C4-3B85-41F8-A0B4-BBDD692FBFE7}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{60D9C0CB-77CF-47AB-A6A2-ACE8C5BA3A85}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{6120B3AA-153B-48E2-BF8C-952BF5081647}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{617495EF-7675-4A09-991B-F758808A0BAF}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{629F6D0D-E25C-4F56-9464-D0547605C0F5}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{63284E82-7264-4EE9-BF80-748477EEDDB4}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{6332DC51-858B-4E5C-A0A8-419A99233C0D}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{63469B38-DA82-43D5-B5B7-B3B30933D1A5}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{63E5BA51-6FE1-4913-B91D-AC86121E10D6}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{6435E1FD-7363-4A81-9E7A-9B1D90C406A8}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{648C298C-ED87-4105-B0E1-212D4314C07D}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{6575DEA7-2742-4C33-991A-42EC93853E0A}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{65FAC7E0-E001-47D8-835C-CB93A45AB2BD}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{6A17B6B6-C3E3-495E-8087-BC55A99CBD2C}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{6AC035ED-E594-405C-9890-9C491A653178}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{6AD3C32B-3C83-4062-B59B-2E31B6A1993A}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{6B3236B3-7B42-40E0-8E8C-B2C24B2E54DB}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{6BABC9B5-1234-4B2D-A44F-4A8736B087A8}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{6C49661C-DC4F-4E5C-928F-0CEA591890A2}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{6C4EB9D4-FAC7-4202-B5F6-093516924879}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{6C85C3F5-6948-4F61-B2B4-7E6E59B28213}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{6DAEBE62-45F3-42A5-8F54-D0DB84267DA7}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{6DD98591-D1BE-480D-A928-C5C365082867}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{6E5B47A5-B7D1-4A3D-9087-424E0863204D}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{70B0D4E4-9467-4616-AB4E-19755C3975D5}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{71086EA9-F93A-4096-A2EF-296E01236E47}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{72B85890-6784-464A-99AF-5434514AB899}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{72FA25A8-ED95-4AC3-945B-DC5D0EC1AC5D}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{73A79D52-B2C8-4B88-B3D4-A3B819608443}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{73B3BD2B-11E3-4DDC-BE27-C35DDDA5B734}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{73ECFBE9-F970-4A76-B43B-EB3AFF3E80E0}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{740D6175-F4BC-4EEC-B319-6F53AE6C1F65}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{745DDF40-F9A1-4281-A31E-70A172E1BF8E}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{74A99816-F193-452F-81A0-02FFF57C5094}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{750A3EDA-65BB-4889-80B9-523226E2C22E}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{757B59A0-05D4-464E-8C63-3EF3216DEEBC}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{7783C624-64F7-4063-A24D-110D8FA4ECBA}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{7855C733-2D2B-450F-B5BB-AD2B6678C1D6}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{7857BEDE-5974-4C3F-AD31-A54B6467A8BC}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{78929AE9-EC58-4EB6-A0C6-312C3045735E}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{78D57077-77A6-4600-9938-BBAD49E53BDF}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{7910258F-006E-491E-B43A-3B1F357697E7}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{7A884B97-BCC5-49E8-BADF-46C7A03FE8A3}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{7AA53E90-23D0-4936-B563-A7A59D11BA6D}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{7AF6B3C1-7326-4375-9CAD-FACC4B99ADDB}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{7B7BEF29-5B98-48C8-BFEE-53330548202D}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{7C163A35-981E-4365-B2BF-0D02569DE16F}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{7C200800-5B52-44A8-8ACF-C76B1338E375}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{7D421672-F05D-4AB2-9833-D1D1FEB8C4E5}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{7EA793AA-3439-45A6-A5AF-873B118DEA0F}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{7F781F9D-ADBB-49C6-8137-731FCEE27BB8}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{805CAD0F-F657-4599-B346-1641C35B4B05}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{8076FDE9-37F1-4967-8CC3-CB4452CB3F5B}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{808974C2-897E-4FF9-B7DA-90B574E4F2EA}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{81038CEB-EA74-4B14-9E98-422A3A97049E}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{813547C9-85F0-4FE4-8A47-5D8E30F23D5F}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{827EC014-8AC9-4E28-B986-826576F8FA1C}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{82FE3209-96E2-481F-8037-1CBC3AF23803}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{834F0B0D-5DC0-4D33-AC43-1AEF86E9C6C4}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{83A0404A-B358-44C4-AB58-C50713EBCCD5}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{83D13E47-B5C6-464A-91CE-2ABE93783EAE}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{84370E9F-2981-4F91-824C-0484E4EEBFCB}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{84500094-4C27-4BA8-9F30-F15C9542C8D9}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{848604BE-CE51-4F20-8220-94CA71ECDC9B}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{84C7B08C-3138-40D5-85F3-754572DADC42}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{84CA8660-0AB7-48E0-9864-1D055AA379D9}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{85A82777-6090-418B-9C70-DDAAAC82F6FE}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{85B08DEA-4115-4195-9DE2-25A2848AB1F6}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{866E6B64-5D85-4E90-BF90-06A675ACA34F}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{87FBE316-CD3C-45FE-97B1-94F363D46594}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{88429F81-0FEA-4577-B7BF-E4AD581629BA}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{8882C515-A068-478B-9838-2FCEF2A3E304}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{889F04FE-6F05-4843-9372-70F5F0B426D3}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{89548441-046B-407C-97A5-9085686F3C85}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{8A7A5F7E-3635-4106-B643-CF5012570D94}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{8AB21468-6771-4A09-9103-3B89EFAF49B4}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{8ADF8301-536E-404D-9B73-4473FD8C3957}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{8B36737F-0F4E-4FE4-A54F-D8F71016B3A2}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{8CAF0E9E-E389-4854-9B8C-C5F2CAD2F330}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{8E090BB9-88AD-49A5-BD9D-DD7E4EFC3CB1}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{90726681-AB78-45F7-9049-E3BDF0790195}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{909398C6-3FEC-4833-A2E5-F6F586FDA1D7}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{90AC6DB6-1D0E-48E6-ABC6-1BBBD1279859}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{90E4589E-6B99-410C-99DE-144A0F1ACFE8}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{91AC3D3C-E45E-4C81-834B-189D8B44D3DA}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{92242330-6D92-4BE9-863B-D1B94E85F67A}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{92754242-C065-44DD-8DA5-39623DB2CF1A}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{939D5BAC-7D24-4AF8-96BA-7BF5BD500DAF}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{959157D3-ABB6-4971-9D9B-E25348AEEAB6}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{95926CAE-D158-49A2-9389-29AC57A1CD06}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{961FACB4-321A-4AA6-A639-12576223DEEB}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{967BE4FD-8518-45F5-B27C-38676D57D81C}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{97224B45-95DC-4B3A-94D8-04349BD0EADE}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{9776E7F8-FED4-4828-AC8C-94E8885659FB}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{97C0E150-EBD7-47A0-996C-3C0FAFE752A6}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{97F44885-F1AA-4F89-8948-3ED9DF81DB2F}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{990886AD-3640-4AF6-8091-70820DEFE663}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{990F519D-A1BC-4E0C-B25F-87BA50C5105C}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{9AD97F29-8670-42AA-8B57-A54416E1C9BF}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{9B51EB51-DADF-45F6-9056-120624376E46}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{9B71DD44-02FD-4FDD-BB65-6F80623E6D3F}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{9BA20F43-352B-491E-ABDA-47A9ED52A4A1}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{9BA5C566-B14A-4DC4-9FC0-3EC333CF985E}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{9CE29F2E-4444-481A-8C3C-3F4C5B986F63}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{9D04F86F-323A-494F-81ED-CBA5571D31D8}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{9D27B110-EAD1-4BE0-BC94-6796CD580F94}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{9D57E660-86A6-4A52-9F05-1C7BED0C90DB}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{9D6A7EA6-B6BD-4372-8823-6B757FA6EAA5}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{9DF10042-BDAE-4A54-AB99-E396E9472211}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{9F2C7533-DEF1-4C67-BAE8-35C836F86DBA}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{A03B18B1-EE90-4400-B5AF-95653BC40DB6}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{A0FC6EEA-EDB4-4115-A5FF-135F07B39EF4}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{A1710793-2DBE-4E2A-966A-375E3432C79D}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{A3059FBD-2D9F-432A-8418-2E0329EE98A4}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{A335712B-0DA7-4529-9D04-966FA3A7663B}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{A3DA54F3-F0B8-46C1-97C2-250269D23F09}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{A3F78134-F3E9-41DF-AAA0-CBBC01FC4F80}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{A42D236B-0832-4603-A580-FACE07DD6C9B}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{A474E06E-A616-4042-A77F-2B29A7CA05D0}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{A4EE4F79-F9BF-4130-BC58-3A5955750624}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{A4F6F38B-5BC1-4EF7-9799-A3BDD8FFF2CC}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{A5FA736C-14A3-407D-A956-B85E2AF001C5}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{A6300104-1092-4F75-A8DD-E0A46CEF6384}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{A6EE1009-8A61-417A-928C-29D73A706339}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{A81E6F45-4C18-414B-B9BD-994D0B373BF7}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{A831EC31-F826-44F3-850D-67265C3A83C3}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{A86B606D-8621-4083-879E-D56FACD3C986}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{A88D3CC4-A5D5-4818-97BE-AEAC70732232}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{A937CE18-025F-4BAA-BE17-49F964047488}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{A96AF8B1-4665-4125-9DB8-AD8C3F0DBAD4}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{A984483A-C2E1-4335-83DD-292EC257AFE1}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{A9B1ECE6-BD2A-4B61-83AA-F7907C175870}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{A9CB50AE-8539-4AE8-8D8B-0A76999E05E1}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{AA5C35DC-B720-4178-BC2C-E4B6F1955C65}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{AB23BF72-8C5E-43BE-917C-2180943F83CA}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{AB3248DB-EB91-4E6E-A76C-E59F36E5A1F4}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{AB3C82E1-5D0D-4D87-828A-72B89583180A}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{AC565B15-B337-43E6-8967-1A2F8EAEA139}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{ADA514DE-5CD2-42FB-947E-5D149BAA5684}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{ADF36194-4A36-4F71-8FDD-CED30F328B7A}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{AEB5056D-8978-4D41-89E8-04D632DE2B73}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{AFABC66F-FAFC-4535-9780-BEEBABA2F143}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{AFEDA42E-8576-4B12-A383-4A970ACBD33E}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{B036BD14-B6D5-4272-ACF3-FEBF48C86426}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{B03C198A-A53D-450E-8A1C-8381A2B8F747}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{B05A0A45-8DEF-4063-A49E-9F87FD212854}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{B15E2C5E-2730-4BAB-8DB7-BC589921D932}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{B2C0F372-B0CD-40E6-8522-602E8522776C}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{B3725760-9F3F-480B-BBF9-1DD7C92B69AA}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{B3C90F5F-D327-4E37-B533-D6FEC28D6548}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{B4C94042-B7BF-4584-983E-15DD5B88C9B9}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{B582D39D-8B98-414A-BB5A-BC7392C0278E}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{B5B12E50-CAB5-4620-B780-999190D1FAE1}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{B5F8EBF6-8C21-481C-9AE3-73A11F2ABAAB}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{B67864B0-EB07-49AE-B420-DC19DBA86E24}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{B691CC98-1617-450A-8CF9-92B2817EC21F}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{B71DFA84-B35E-4157-B908-85E687E7B877}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{B7AE3F6F-070E-4B38-80C2-1C0D40882AC3}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{B8629E23-F9C0-42A3-936D-35B365B10DBA}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{B8EE8CAF-CEE9-4F6E-94D4-B4EAEA115210}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{B9BE3391-4BDB-49F1-A286-B741448C8C9D}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{BA513619-7525-4BB8-B834-F0A2E448BD51}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{BA5FAA12-1948-4699-8944-C4C90E73CF55}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{BA8815AF-8342-44A3-8541-B0D4CDF6340A}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{BAD505FF-FB4E-4312-931B-D1EBA637623D}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{BB6C18A4-5640-4268-9D64-D58774F7C81E}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{BBD08860-932C-468D-B771-8CA4521A654E}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{BBE9FDB1-286B-4EB2-BA30-811D6FA60D0C}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{BBEA3BFF-3A72-4A76-8889-46E0E3494CA7}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{BC157FAE-0651-4FD9-8C6A-A597F17EFB81}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{BD3F4FE3-0E71-4EE6-B156-3F992B927059}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{BD60D28F-1270-4FB7-923B-EAD8A2A1C6FE}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{BE6D1ED2-ABA8-4BB9-9963-9525CDD8A18E}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{BE723668-066A-4376-A64E-29E3F7005DDE}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{BE9B7581-8B7B-4852-BFF1-710A79011F32}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{BFEA05A8-74C7-4FAE-843D-585ABA529C51}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{C0715A9B-78A5-4F6B-969B-DF87F6BC9EA8}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{C3A3A459-33A1-407F-99B8-D57B90DECF20}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{C469BD76-5BFC-47D5-8FB8-F02874D737FA}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{C50B6865-0261-446B-B3FB-8A77A94AB227}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{C5B6E343-7BAF-4152-94F0-4DF81E46BBDC}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{C61595AA-D00F-445D-98C5-FE0B559D136D}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{C62EB2EA-11F5-496E-83B8-21928A1E2661}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{C65B28E3-8920-4C5D-B235-A0FE98C75B16}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{C8596950-51B3-4549-AB7B-C467E6383BA5}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{C8E9F387-E857-40C8-AC27-EF93E3ED1961}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{C928EC43-93C0-4184-A546-0239BB971716}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{C9CC7BAC-C56E-4DE8-977E-799888E5F279}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{CB20F7C3-BF85-4326-9BA9-07B92E82D911}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{CBCBB3DD-BFFD-4AE3-BFF7-3D3F9A4822A8}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{CBE49F22-EFAD-45BB-99B2-5BDF6FFC337F}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{CD52B05A-8883-4627-8919-1801069DBE9F}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{CDCE0501-7734-41C7-9C0A-F7A1F45C4713}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{CE801128-72F3-4E03-B3EA-A24D557281A4}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{D08145EC-07AC-4C20-BAFB-E1F08089042D}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{D1BA6F7A-C826-4F4C-BBE1-C995BC035FA8}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{D2470745-B4AD-42C9-B60C-9E9EAA186DA3}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{D27F754C-DBF4-42FB-868F-95CE7F3DFB24}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{D2DA3E2D-67C1-4B56-A804-397BBDF53FCA}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{D334B849-F5E8-40BD-B2A0-4726464B2A21}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{D3520B6C-1709-4962-8A90-E97423DBF38C}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{D3C65D6A-7196-4C8D-BBB8-DFF271E80A4A}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{D3C90F50-9516-4B6D-8F5F-E0DC736011CE}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{D3F729BC-CB1E-4787-BD84-39E9B133F07D}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{D491D57B-EEE4-441D-BC6F-38DECF044404}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{D4D4D459-47B0-40F6-96F4-008A4F2F5D12}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{D54205CB-0D5D-41B9-8568-6B188FAAE30C}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{D5643107-9E57-42B4-BD01-94189D72CE9B}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{D564C82B-A7DF-45B8-A3E2-02FD1F2FA818}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{D57B133B-A4A8-497C-A686-D37EC6FDA621}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{D5A0F704-7C58-4F8E-BF6D-104AA88FFB3D}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{D5AC3CF0-FB0F-4D00-88F9-F3F086FC639C}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{D81A2B26-C38B-4649-A9E8-5040AF6F1A03}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{D872DF75-F1C8-495C-8106-BFBE53A1B23E}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{D88814F4-5F44-48E7-A064-A3CAF70AE7D5}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{D8E46844-3780-4D2D-BD90-85BE38E6B580}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{D99270C8-C557-49D9-9F04-F1C7F5492EA6}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{D99CEDDC-9A8C-46C9-9C11-C71D0CA9CF13}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{D9E2293F-4322-45A6-AED5-C1F97A9A227A}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{DA247BF0-1ED9-4674-B7A4-6A0C087C4AC6}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{DB04AC29-6BEB-4540-A24F-1E4467F385C9}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{DB0D9D52-FD45-429E-B60C-77B19213CB76}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{DB628BCC-2963-4CA6-91A5-EEB79F95ED91}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{DB7A7B9B-E950-4901-AE96-B4377F508749}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{DBB1591E-C432-46CB-A66E-80A82AF1BE4C}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{DDAF71CA-7F87-4A3C-812D-0E528950F977}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{DDFD7853-F9ED-4F80-B1DF-2A4D0B4FEFEC}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{DE539101-3BDA-4792-AD4C-E82546FD0B36}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{DE87A66D-1820-4FD7-96A3-7D6113672A09}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{DF478E96-3136-4249-9B25-4F8ADC710ABE}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{DF7F42DA-D362-471A-B514-3EBF4574138D}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{DFBB00F7-478F-4896-B2C3-78D36AE5456C}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{DFDBF01A-DA5D-4D34-B46D-A2C2171A33E8}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{E088D2EA-37C8-40F1-87B6-955D430152C7}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{E0D600A7-D625-42DE-9825-0BDC52A24ED9}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{E108AB18-2EF5-44D5-A427-E63B568E311A}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{E12903B0-DF48-4163-8BEE-0825004528D3}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{E1C3F6FC-4ACD-48FE-AE46-AF5890C7E617}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{E206084D-7BDE-426C-8E7B-ECD63CD24C69}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{E267338D-C59A-4B24-96FC-2008291A6F89}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{E28FA401-49F5-4786-BC1F-B39FB83A35F0}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{E2F513C7-E215-42D3-BABD-BE00FE0057CF}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{E3459EDA-71B1-48FF-A987-7810A4096C96}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{E3725711-47D7-432C-BAC9-C4E3B70F00F4}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{E3EA1CB7-BE6C-4363-B293-DD60801F560E}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{E421AFE6-7B82-4833-8E58-E09128F1E9F5}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{E4338A54-F9E1-4803-A8A0-DF817E46911A}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{E457064C-BC0E-4667-85F7-1F5E1DE8CFE7}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{E657CA42-3987-41DD-A69D-6246751CD6F5}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{E691350E-87FB-4753-9AF6-FC92BC57E600}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{E691D75F-AC92-454C-A147-A434D31E5033}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{E70AD45D-DD7B-4502-B6E0-A56510D1EBE7}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{E74AD9B5-B80E-4BE6-8A81-C99841A5EB93}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{E7BD3D89-24BB-4C1B-956C-6E3A33A77F37}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{E7D65235-2AF4-4837-BCC0-D6FBB89BFCEF}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{E7DC57F7-9676-4ACA-AC1C-BB0FFF34BC2A}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{E8678170-FCF9-4C25-80E2-40A26F943D6F}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{E88F71F5-EBD0-4839-9CE3-8BE37A699387}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{E892C3C6-4758-41F5-989D-9C88B6747194}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{E919A462-C2BA-4621-91EB-236722017914}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{E92AF837-96F2-4EC6-AE8C-586D80E6CE64}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{EA1FABD4-F360-4E6A-AD18-DC9CD199EFA4}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{EA20E550-03A2-4C18-B653-F01382E19349}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{EAA17718-3A91-46CA-92A2-FA4C3D7F3B03}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{EAC2BB7F-CF0F-471F-B29C-4CD6C89E87AA}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{EBF0255B-8091-483A-9E5F-CCEA0E6489A5}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{EC66D51A-9FB3-4AB4-897A-B5FD8A414F2A}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{ED215C69-DC2C-41DC-9E6D-BC754C749736}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{ED8FB3EE-F517-466A-9B1D-10575C469E2A}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{EDD4700E-B331-4C7F-B24C-FA102053DBC4}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{EF426A4A-7DC4-453E-846F-C867AD2A4CAD}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{F04F05F1-1E65-4A04-94F2-B92B6049EA54}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{F1C9CDA4-AB29-48D7-A00A-71E810D409B1}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{F29E3628-C6BF-44C9-9146-2E9D952CB4D3}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{F2E7F86B-585B-4182-A3B0-DF91410CE38E}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{F3673D2E-B66F-4ED1-8074-3A97514DE533}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{F4D82CB2-6793-49D5-8949-A0A7BDAF2DF6}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{F5B37CAF-58DF-4277-BB35-C6104DF334A3}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{F668B353-B092-4B19-80B5-507B13345577}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{F6B2F52B-0434-4E85-88AA-C28518303FDD}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{F6F4BCE6-23B0-4399-9582-54D3064834F1}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{F73991A6-DF0A-4E64-8DD6-90A70CF80138}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{F75CC8E5-B7BE-46E3-9DE0-5D3F9989C0AE}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{F7DFF34B-002A-4E23-A9DB-210F19CFAC1B}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{F8076CAB-2248-4952-8F61-AF50624E5DFF}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{F86A59A1-E0B3-4D43-872F-655A630ED243}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{F8DCEB5B-EEDB-498D-A2D1-1AC3B394E712}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{F91C7858-3394-46A4-A170-7D4BF8EB8D39}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{FA7A6360-CB58-4BB8-A96B-283F208938C3}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{FA81C8E5-E333-4FC9-9C76-89EF5E7B9708}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{FAEE0B55-267F-467B-BC19-F6792991D9C7}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{FAF2C635-CD09-43F2-B9D7-C4B6F8E6DD3A}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{FB483067-E7E4-4812-8DEB-175210A884B1}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{FD809EB0-CEBA-4980-911C-31BD06B69113}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{FE16D57F-F288-46CF-AEEF-1D3319A47D08}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{FE23C197-C0EF-4627-8126-787B9E0433E6}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{FE33D475-1A90-4C84-A0B6-C1CC05502944}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{FE3DDF79-48F2-4596-9BD0-F9AFD8F88846}

Successfully deleted: [Empty Folder] C:\Users\karulus\appdata\local\{FF6C7312-7ADB-47E1-81DC-9BF0E812696B}

 

 

~~~ FireFox

Emptied folder: C:\Users\karulus\AppData\Roaming\mozilla\firefox\profiles\ck76rd1n.default\minidumps [2 files]

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 02/16/2015 at 19:06:39.48

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015

Ran by karulus (administrator) on MAINGEAR on 16-02-2015 19:13:01

Running from C:\Users\karulus\Desktop

Loaded Profiles: karulus (Available profiles: karulus)

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Aventail Corporation) C:\Windows\System32\ngvpnmgr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

(Dropbox, Inc.) C:\Users\karulus\AppData\Roaming\Dropbox\bin\Dropbox.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe

() C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Thisisu) C:\Users\karulus\Desktop\JRT.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543912 2011-11-08] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-03] (Realtek Semiconductor)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)

HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)

HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2041192 2012-10-10] ()

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)

HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)

HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink)

HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2014-01-06] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)

HKLM-x32\...\Run: [EfficientNotesFree] => [X]

HKLM-x32\...\Run: [Norton Ghost 15.0] => C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe [2598760 2010-03-03] (Symantec Corporation)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)

HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe [240112 2009-07-24] (Sonic Solutions)

HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe [84464 2009-07-21] ()

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKU\S-1-5-21-942149292-542124979-3616454306-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company)

HKU\S-1-5-21-942149292-542124979-3616454306-1001\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-942149292-542124979-3616454306-1001\...\MountPoints2: {cdbf27e5-6ef1-11e1-bda0-806e6f6e6963} - F:\FalloutLauncher.exe

Startup: C:\Users\karulus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\karulus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\karulus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\karulus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\karulus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\karulus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\karulus\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\karulus\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\karulus\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-942149292-542124979-3616454306-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/

HKU\S-1-5-21-942149292-542124979-3616454306-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKU\S-1-5-21-942149292-542124979-3616454306-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://athenanet.athenahealth.com/1/4/login.esp

https://cronometer.com/#diary

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)

DPF: HKLM-x32 {3330F262-2C25-44C5-9D0E-CD11E45B06F3} https://crhsswcswr01.columbusregional.com/cabs/swr.cab

DPF: HKLM-x32 {832B4EED-7115-41CB-9A87-993F5C1545E4} https://athenanet.athenahealth.com/static_20131015/LibCheck.CAB

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:

========

FF ProfilePath: C:\Users\karulus\AppData\Roaming\Mozilla\Firefox\Profiles\ck76rd1n.default

FF Homepage: https://translate.google.com/?hl=en#es/en/risillas|hxxp://www.forvo.com/|hxxp://www.verbix.com/languages/arabic.shtml|hxxp://www.spanishdict.com/translate/seg%C3%BAn|hxxp://lema.rae.es/drae/?val=risillas|hxxp://www.larousse.com/en/dictionaries/french-english/godiche/37348|hxxp://www.cnrtl.fr/definition/emballement|hxxp://www.almaany.com/home.php?language=english&lang_name=Arabic&word=%D8%B9%D8%B1%D9%8A%D8%A7%D9%86|hxxp://www.wordreference.com/aren/%D8%B9%D9%8A%D8%B1%D8%A7%D9%86|hxxp://en.glosbe.com/ar/en/%D9%88%D9%84%D8%AF|hxxp://www.dicts.info/ud.php?l1=arabic&l2=

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()

FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()

FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-942149292-542124979-3616454306-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-02-16]

FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-30]

Chrome:

=======

CHR StartupUrls: Default -> "https://courses.edx.org/accounts/login?next=/dashboard", "https://www.coursera.org/", "hxxp://www.italki.com/user/1423386", "https://expertconsult.inkling.com/read/wein-campbellwalsh-urology-10th/chapter-18/the-cell-cycle#9be49cc0c5a5478baa10f90db9c55f68", "https://www.auanet.org/login/?refer=/education/ju.cfm?", "https://play.spotify.com/discover"

CHR Profile: C:\Users\karulus\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\karulus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]

CHR Extension: (Google Wallet) - C:\Users\karulus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path

CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-06] (DTS, Inc)

S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)

S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]

R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-16] (Hewlett-Packard Company) [File not signed]

S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)

R2 NgVpnMgr; C:\windows\system32\ngvpnmgr.exe [436296 2010-02-02] (Aventail Corporation)

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)

R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [60416 2009-06-22] (Hewlett-Packard) [File not signed]

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed]

R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2010-02-11] (Symantec)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

S3 Symantec SymSnap VSS Provider; C:\windows\system32\dllhost.exe /Processid:{43916AA6-E4B5-4E97-B3F8-04993709B707}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 asahci64; C:\Windows\system32\drivers\asahci64.sys [36448 2011-03-23] (Asmedia Technology)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150203.001\BHDrvx64.sys [1622744 2015-02-02] (Symantec Corporation)

R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)

R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)

R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [23832 2011-12-02] (Intel Corporation)

R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150213.001\IDSvia64.sys [669400 2015-02-04] (Symantec Corporation)

R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150216.003\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150216.003\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)

S3 NgFilter; C:\Windows\System32\DRIVERS\ngfilter.sys [25672 2010-02-02] (Aventail Corporation)

R3 NgLog; C:\Windows\System32\DRIVERS\nglog.sys [31304 2010-02-02] (Aventail Corporation)

R3 NgVpn; C:\Windows\System32\DRIVERS\ngvpn.sys [102984 2010-02-02] (Aventail Corporation)

R3 NgWfp; C:\Windows\System32\DRIVERS\ngwfp.sys [28744 2010-02-02] (Aventail Corporation)

R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)

R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-12] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)

R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2010-02-11] (StorageCraft)

S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)

S3 cpuz135; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]

S3 cpuz137; \??\C:\Users\karulus\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]

S3 gdrv; \??\C:\Windows\gdrv.sys [X]

U2 V2iMount; No ImagePath

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 19:13 - 2015-02-16 19:13 - 00022837 _____ () C:\Users\karulus\Desktop\FRST.txt

2015-02-16 19:06 - 2015-02-16 19:07 - 00054442 _____ () C:\Users\karulus\Desktop\JRT.txt

2015-02-16 19:02 - 2015-02-16 19:02 - 01388274 _____ (Thisisu) C:\Users\karulus\Desktop\JRT.exe

2015-02-16 18:45 - 2015-02-16 19:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-16 18:41 - 2015-02-16 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-02-16 18:41 - 2015-02-16 18:41 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-02-16 18:41 - 2015-02-16 18:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-02-16 18:41 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-02-16 18:41 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-02-16 18:41 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-02-16 12:27 - 2015-02-16 13:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet

2015-02-16 12:16 - 2015-02-16 13:10 - 00000000 ____D () C:\AdwCleaner

2015-02-16 12:15 - 2015-02-16 12:15 - 02112512 _____ () C:\Users\karulus\Desktop\AdwCleaner.exe

2015-02-14 09:48 - 2015-02-16 19:12 - 00000000 ____D () C:\Users\karulus\Desktop\FRST-OlderVersion

2015-02-14 09:06 - 2015-02-14 09:07 - 00448512 _____ (OldTimer Tools) C:\Users\karulus\Desktop\TFC.exe

2015-02-14 08:55 - 2015-02-14 09:01 - 00001594 _____ () C:\Users\karulus\Desktop\fixlist01.txt

2015-02-12 19:33 - 2015-02-12 09:44 - 02347384 _____ (ESET) C:\Users\karulus\Desktop\esetsmartinstaller_enu.exe

2015-02-10 17:56 - 2015-02-16 19:13 - 00000000 ____D () C:\FRST

2015-02-10 17:52 - 2015-02-16 19:12 - 02085888 _____ (Farbar) C:\Users\karulus\Desktop\FRST64.exe

2015-01-25 16:18 - 2015-01-25 16:18 - 00000000 ____D () C:\Users\karulus\Documents\Games for Windows - LIVE Demos

2015-01-25 16:18 - 2015-01-25 16:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE

2015-01-25 16:18 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll

2015-01-25 16:18 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll

2015-01-25 15:47 - 2015-01-25 15:47 - 00003058 _____ () C:\Windows\System32\Tasks\{BCD03A76-0FE9-4CA4-B9AB-D62C0D56E935}

2015-01-25 11:49 - 2015-01-26 11:20 - 00000000 ____D () C:\Users\karulus\AppData\Local\Fallout3

2015-01-25 11:49 - 2015-01-25 11:49 - 00000000 ____D () C:\Users\karulus\Documents\My Games

2015-01-25 11:33 - 2015-01-25 11:33 - 00053161 _____ () C:\Windows\DirectX.log

2015-01-25 11:33 - 2015-01-25 11:33 - 00000000 ____D () C:\Windows\SysWOW64\xlive

2015-01-25 11:33 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll

2015-01-25 11:33 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll

2015-01-25 11:33 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll

2015-01-25 11:33 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll

2015-01-25 11:33 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll

2015-01-25 11:33 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll

2015-01-25 11:33 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll

2015-01-25 11:33 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll

2015-01-25 11:33 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll

2015-01-25 11:33 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll

2015-01-25 11:33 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll

2015-01-25 11:33 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll

2015-01-25 11:33 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll

2015-01-25 11:33 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll

2015-01-25 11:33 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll

2015-01-25 11:33 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll

2015-01-25 11:33 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll

2015-01-25 11:33 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll

2015-01-25 11:33 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll

2015-01-25 11:33 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll

2015-01-25 11:33 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll

2015-01-25 11:33 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll

2015-01-25 11:33 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll

2015-01-25 11:33 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll

2015-01-25 11:33 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll

2015-01-25 11:33 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll

2015-01-24 12:46 - 2015-01-24 12:46 - 00000000 ____D () C:\Users\Public\CyberLink

2015-01-20 18:41 - 2015-01-20 18:41 - 00000000 ____D () C:\GOG Games

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 19:04 - 2009-07-13 23:45 - 00027184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-02-16 19:04 - 2009-07-13 23:45 - 00027184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-02-16 19:01 - 2012-03-19 20:10 - 00688312 _____ () C:\Windows\system32\perfh00C.dat

2015-02-16 19:01 - 2012-03-19 20:10 - 00477166 _____ () C:\Windows\system32\perfh001.dat

2015-02-16 19:01 - 2012-03-19 20:10 - 00128974 _____ () C:\Windows\system32\perfc00C.dat

2015-02-16 19:01 - 2012-03-19 20:10 - 00093820 _____ () C:\Windows\system32\perfc001.dat

2015-02-16 19:01 - 2009-07-14 00:13 - 02147454 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-16 19:00 - 2012-03-15 17:59 - 01862974 _____ () C:\Windows\WindowsUpdate.log

2015-02-16 18:58 - 2012-03-15 19:55 - 00000000 ___RD () C:\Users\karulus\Dropbox

2015-02-16 18:58 - 2012-03-15 19:54 - 00000000 ____D () C:\Users\karulus\AppData\Roaming\Dropbox

2015-02-16 18:56 - 2014-07-02 17:18 - 00014202 _____ () C:\Windows\PFRO.log

2015-02-16 18:56 - 2014-05-03 18:35 - 00029524 _____ () C:\Windows\setupact.log

2015-02-16 18:56 - 2012-03-25 12:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-16 18:56 - 2012-03-08 14:11 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-02-16 18:56 - 2009-07-14 00:08 - 00032552 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-02-16 18:56 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-16 18:55 - 2013-12-21 12:30 - 00004096 ___SH () C:\VSNAP.IDX

2015-02-16 18:44 - 2012-03-16 11:11 - 00000000 ____D () C:\Users\karulus\Documents\EfficientPIM AutoBackup

2015-02-16 18:37 - 2012-03-25 12:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-16 00:23 - 2013-06-23 08:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-02-15 23:21 - 2012-04-29 21:49 - 00000000 ____D () C:\Users\karulus\AppData\Local\CrashDumps

2015-02-09 06:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF

2015-02-05 21:23 - 2013-06-23 08:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-02-05 21:23 - 2012-08-28 20:30 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-02-05 21:23 - 2012-02-28 19:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-02-03 18:31 - 2012-03-25 12:04 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-02-03 18:31 - 2012-03-25 12:04 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-02-01 20:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Registration

2015-01-31 10:54 - 2012-08-25 18:12 - 00000000 ____D () C:\Users\karulus\AppData\Roaming\.anki

2015-01-30 22:20 - 2012-11-24 18:17 - 00885360 _____ () C:\Users\karulus\AppData\Local\rx_audio.Cache

2015-01-25 16:28 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2015-01-25 11:34 - 2012-02-28 17:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2015-01-24 01:17 - 2014-10-18 11:27 - 00031744 _____ () C:\Users\karulus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-01-23 22:58 - 2014-10-18 11:22 - 00000000 ____D () C:\Users\karulus\Documents\liteCam

==================== Files in the root of some directories =======

2014-10-20 10:53 - 2014-10-20 10:53 - 0000000 _____ () C:\Users\karulus\AppData\Roaming\oridrr.dll

2014-10-18 11:27 - 2015-01-24 01:17 - 0031744 _____ () C:\Users\karulus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-03-19 19:47 - 2014-06-01 15:21 - 0007605 _____ () C:\Users\karulus\AppData\Local\resmon.resmoncfg

2012-11-24 18:17 - 2015-01-30 22:20 - 0885360 _____ () C:\Users\karulus\AppData\Local\rx_audio.Cache

2012-11-24 18:17 - 2014-09-20 19:18 - 0430256 _____ () C:\Users\karulus\AppData\Local\rx_image32.Cache

2014-05-28 14:49 - 2013-08-17 21:47 - 0010240 _____ () C:\Users\karulus\AppData\Local\Z@!-480a8635-4216-4063-9726-eccd92912388.tmp

2014-05-28 14:49 - 2013-08-17 21:47 - 0009216 _____ () C:\Users\karulus\AppData\Local\Z@S!-37a67f37-9a86-46ba-ab18-dc3d81d5e2d8.tmp

2014-10-02 11:07 - 2014-10-02 11:08 - 0000000 _____ () C:\Users\karulus\AppData\Local\{87FEE4A4-F8F7-4ED2-94B0-638A38D0EDA7}

2012-09-17 18:19 - 2012-09-17 18:35 - 0000942 _____ () C:\ProgramData\hpzinstall.log

2014-05-28 14:49 - 2013-08-17 21:47 - 0010240 _____ () C:\ProgramData\Z@!-94f49532-e5c3-45b2-8cc6-15d58740a57c.tmp

2014-05-28 14:49 - 2013-08-17 21:47 - 0009216 _____ () C:\ProgramData\Z@S!-d1b60f22-8b95-4db3-95b5-2ea3ac9c6f4f.tmp

Some content of TEMP:

====================

C:\Users\karulus\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzfhd5p.dll

 

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2015-02-13 01:01

==================== End Of Log ============================

 

 

 

Thank you again for your help.  As far as I can tell from the Task Manager, the problem seems to be solved. Are there any verification measures or cleanup measures that I should take?


Edited by Friar K, 16 February 2015 - 07:59 PM.


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:46 PM

Posted 17 February 2015 - 04:49 AM

N.B. If you don't object to my feedback, please note that this program deleted a folder out of my start menu (C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online) which contained all my links to online applications such as IE, Chrome, Firefox, Google Earth, Skype, Windows Live Client, Dropbox and Norton Internet Security. I eventually figured out how to restore it from quarantine. When I scanned a second time with AdwareCleaner, it tagged the same folder for deletion. Rather than delete it, I simply changed the name of the folder from 'Online' to 'Internet' and AdwareCleaner ignored it. Apparently the contents of the folder were irrelevant. It simply doesn't like that word "online". It seems to be a fairly blunt instrument.

Thanks, I will inform the developer of this tool. :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [EfficientNotesFree] => [X]
    HKU\S-1-5-21-942149292-542124979-3616454306-1001\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-942149292-542124979-3616454306-1001\...\MountPoints2: {cdbf27e5-6ef1-11e1-bda0-806e6f6e6963} - F:\FalloutLauncher.exe
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    2014-05-28 14:49 - 2013-08-17 21:47 - 0010240 _____ () C:\ProgramData\Z@!-94f49532-e5c3-45b2-8cc6-15d58740a57c.tmp
    2014-05-28 14:49 - 2013-08-17 21:47 - 0009216 _____ () C:\ProgramData\Z@S!-d1b60f22-8b95-4db3-95b5-2ea3ac9c6f4f.tmp
    2014-05-28 14:49 - 2013-08-17 21:47 - 0010240 _____ () C:\Users\karulus\AppData\Local\Z@!-480a8635-4216-4063-9726-eccd92912388.tmp
    2014-05-28 14:49 - 2013-08-17 21:47 - 0009216 _____ () C:\Users\karulus\AppData\Local\Z@S!-37a67f37-9a86-46ba-ab18-dc3d81d5e2d8.tmp
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Friar K

Friar K
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:46 PM

Posted 18 February 2015 - 08:14 AM

FixLog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by karulus at 2015-02-17 20:54:25 Run:1
Running from C:\Users\karulus\Desktop
Loaded Profiles: karulus (Available profiles: karulus)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [EfficientNotesFree] => [X]
HKU\S-1-5-21-942149292-542124979-3616454306-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-942149292-542124979-3616454306-1001\...\MountPoints2: {cdbf27e5-6ef1-11e1-bda0-806e6f6e6963} - F:\FalloutLauncher.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
2014-05-28 14:49 - 2013-08-17 21:47 - 0010240 _____ () C:\ProgramData\Z@!-94f49532-e5c3-45b2-8cc6-15d58740a57c.tmp
2014-05-28 14:49 - 2013-08-17 21:47 - 0009216 _____ () C:\ProgramData\Z@S!-d1b60f22-8b95-4db3-95b5-2ea3ac9c6f4f.tmp
2014-05-28 14:49 - 2013-08-17 21:47 - 0010240 _____ () C:\Users\karulus\AppData\Local\Z@!-480a8635-4216-4063-9726-eccd92912388.tmp
2014-05-28 14:49 - 2013-08-17 21:47 - 0009216 _____ () C:\Users\karulus\AppData\Local\Z@S!-37a67f37-9a86-46ba-ab18-dc3d81d5e2d8.tmp
EmptyTemp:
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\EfficientNotesFree => value deleted successfully.
HKU\S-1-5-21-942149292-542124979-3616454306-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
"HKU\S-1-5-21-942149292-542124979-3616454306-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdbf27e5-6ef1-11e1-bda0-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{cdbf27e5-6ef1-11e1-bda0-806e6f6e6963} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
C:\ProgramData\Z@!-94f49532-e5c3-45b2-8cc6-15d58740a57c.tmp => Moved successfully.
C:\ProgramData\Z@S!-d1b60f22-8b95-4db3-95b5-2ea3ac9c6f4f.tmp => Moved successfully.
C:\Users\karulus\AppData\Local\Z@!-480a8635-4216-4063-9726-eccd92912388.tmp => Moved successfully.
C:\Users\karulus\AppData\Local\Z@S!-37a67f37-9a86-46ba-ab18-dc3d81d5e2d8.tmp => Moved successfully.
EmptyTemp: => Removed 9.4 GB temporary data.

The system needed a reboot.

==== End of Fixlog 20:54:39 ====

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by karulus (administrator) on MAINGEAR on 17-02-2015 21:01:15
Running from C:\Users\karulus\Desktop
Loaded Profiles: karulus (Available profiles: karulus)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Aventail Corporation) C:\Windows\System32\ngvpnmgr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dropbox, Inc.) C:\Users\karulus\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
() C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543912 2011-11-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-03] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2041192 2012-10-10] ()
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2014-01-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Norton Ghost 15.0] => C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe [2598760 2010-03-03] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe [240112 2009-07-24] (Sonic Solutions)
HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe [84464 2009-07-21] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-942149292-542124979-3616454306-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company)
Startup: C:\Users\karulus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\karulus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\karulus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\karulus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\karulus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\karulus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\karulus\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\karulus\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\karulus\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-942149292-542124979-3616454306-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-942149292-542124979-3616454306-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-942149292-542124979-3616454306-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://athenanet.athenahealth.com/1/4/login.esp
https://cronometer.com/#diary
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {3330F262-2C25-44C5-9D0E-CD11E45B06F3} https://crhsswcswr01.columbusregional.com/cabs/swr.cab
DPF: HKLM-x32 {832B4EED-7115-41CB-9A87-993F5C1545E4} https://athenanet.athenahealth.com/static_20131015/LibCheck.CAB
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\karulus\AppData\Roaming\Mozilla\Firefox\Profiles\ck76rd1n.default
FF Homepage: https://translate.google.com/?hl=en#es/en/risillas|hxxp://www.forvo.com/|hxxp://www.verbix.com/languages/arabic.shtml|hxxp://www.spanishdict.com/translate/seg%C3%BAn|hxxp://lema.rae.es/drae/?val=risillas|hxxp://www.larousse.com/en/dictionaries/french-english/godiche/37348|hxxp://www.cnrtl.fr/definition/emballement|hxxp://www.almaany.com/home.php?language=english&lang_name=Arabic&word=%D8%B9%D8%B1%D9%8A%D8%A7%D9%86|hxxp://www.wordreference.com/aren/%D8%B9%D9%8A%D8%B1%D8%A7%D9%86|hxxp://en.glosbe.com/ar/en/%D9%88%D9%84%D8%AF|hxxp://www.dicts.info/ud.php?l1=arabic&l2=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-942149292-542124979-3616454306-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-02-17]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-30]

Chrome:
=======
CHR StartupUrls: Default -> "https://courses.edx.org/accounts/login?next=/dashboard", "https://www.coursera.org/", "hxxp://www.italki.com/user/1423386", "https://expertconsult.inkling.com/read/wein-campbellwalsh-urology-10th/chapter-18/the-cell-cycle#9be49cc0c5a5478baa10f90db9c55f68", "https://www.auanet.org/login/?refer=/education/ju.cfm?", "https://play.spotify.com/discover"
CHR Profile: C:\Users\karulus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\karulus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Google Wallet) - C:\Users\karulus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-06] (DTS, Inc)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-16] (Hewlett-Packard Company) [File not signed]
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
R2 NgVpnMgr; C:\windows\system32\ngvpnmgr.exe [436296 2010-02-02] (Aventail Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [60416 2009-06-22] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed]
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2010-02-11] (Symantec)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 Symantec SymSnap VSS Provider; C:\windows\system32\dllhost.exe /Processid:{43916AA6-E4B5-4E97-B3F8-04993709B707}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 asahci64; C:\Windows\system32\drivers\asahci64.sys [36448 2011-03-23] (Asmedia Technology)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150203.001\BHDrvx64.sys [1622744 2015-02-02] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [23832 2011-12-02] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150217.001\IDSvia64.sys [669400 2015-02-04] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150217.001\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150217.001\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
S3 NgFilter; C:\Windows\System32\DRIVERS\ngfilter.sys [25672 2010-02-02] (Aventail Corporation)
R3 NgLog; C:\Windows\System32\DRIVERS\nglog.sys [31304 2010-02-02] (Aventail Corporation)
R3 NgVpn; C:\Windows\System32\DRIVERS\ngvpn.sys [102984 2010-02-02] (Aventail Corporation)
R3 NgWfp; C:\Windows\System32\DRIVERS\ngwfp.sys [28744 2010-02-02] (Aventail Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-12] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2010-02-11] (StorageCraft)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
S3 cpuz135; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 cpuz137; \??\C:\Users\karulus\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
U2 V2iMount; No ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 19:51 - 2015-02-16 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet
2015-02-16 19:13 - 2015-02-17 21:01 - 00022068 _____ () C:\Users\karulus\Desktop\FRST.txt
2015-02-16 19:13 - 2015-02-16 19:13 - 00036684 _____ () C:\Users\karulus\Desktop\Addition.txt
2015-02-16 19:06 - 2015-02-16 19:07 - 00054442 _____ () C:\Users\karulus\Desktop\JRT.txt
2015-02-16 19:02 - 2015-02-16 19:02 - 01388274 _____ (Thisisu) C:\Users\karulus\Desktop\JRT.exe
2015-02-16 18:45 - 2015-02-16 19:32 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-16 18:41 - 2015-02-16 18:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-16 18:41 - 2015-02-16 18:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-16 18:41 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-16 18:41 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-16 18:41 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-16 12:16 - 2015-02-16 13:10 - 00000000 ____D () C:\AdwCleaner
2015-02-16 12:15 - 2015-02-16 12:15 - 02112512 _____ () C:\Users\karulus\Desktop\AdwCleaner.exe
2015-02-14 09:48 - 2015-02-16 19:12 - 00000000 ____D () C:\Users\karulus\Desktop\FRST-OlderVersion
2015-02-14 09:06 - 2015-02-14 09:07 - 00448512 _____ (OldTimer Tools) C:\Users\karulus\Desktop\TFC.exe
2015-02-12 19:33 - 2015-02-12 09:44 - 02347384 _____ (ESET) C:\Users\karulus\Desktop\esetsmartinstaller_enu.exe
2015-02-10 17:56 - 2015-02-17 21:01 - 00000000 ____D () C:\FRST
2015-02-10 17:52 - 2015-02-16 19:12 - 02085888 _____ (Farbar) C:\Users\karulus\Desktop\FRST64.exe
2015-01-25 16:18 - 2015-01-25 16:18 - 00000000 ____D () C:\Users\karulus\Documents\Games for Windows - LIVE Demos
2015-01-25 16:18 - 2015-01-25 16:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2015-01-25 16:18 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-01-25 16:18 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-01-25 15:47 - 2015-01-25 15:47 - 00003058 _____ () C:\Windows\System32\Tasks\{BCD03A76-0FE9-4CA4-B9AB-D62C0D56E935}
2015-01-25 11:49 - 2015-01-26 11:20 - 00000000 ____D () C:\Users\karulus\AppData\Local\Fallout3
2015-01-25 11:49 - 2015-01-25 11:49 - 00000000 ____D () C:\Users\karulus\Documents\My Games
2015-01-25 11:33 - 2015-01-25 11:33 - 00053161 _____ () C:\Windows\DirectX.log
2015-01-25 11:33 - 2015-01-25 11:33 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2015-01-25 11:33 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-01-25 11:33 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-01-25 11:33 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-01-25 11:33 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-01-25 11:33 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-01-25 11:33 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-01-25 11:33 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-01-25 11:33 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-01-25 11:33 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-01-25 11:33 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-01-25 11:33 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-01-25 11:33 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-01-25 11:33 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-01-25 11:33 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-01-25 11:33 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-01-25 11:33 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-01-25 11:33 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-01-25 11:33 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-01-25 11:33 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-01-25 11:33 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-01-25 11:33 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-01-25 11:33 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-01-25 11:33 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-01-25 11:33 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-01-25 11:33 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-01-25 11:33 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-01-24 12:46 - 2015-01-24 12:46 - 00000000 ____D () C:\Users\Public\CyberLink
2015-01-20 18:41 - 2015-01-20 18:41 - 00000000 ____D () C:\GOG Games

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 21:00 - 2012-03-19 20:10 - 00688312 _____ () C:\Windows\system32\perfh00C.dat
2015-02-17 21:00 - 2012-03-19 20:10 - 00477166 _____ () C:\Windows\system32\perfh001.dat
2015-02-17 21:00 - 2012-03-19 20:10 - 00128974 _____ () C:\Windows\system32\perfc00C.dat
2015-02-17 21:00 - 2012-03-19 20:10 - 00093820 _____ () C:\Windows\system32\perfc001.dat
2015-02-17 21:00 - 2009-07-14 00:13 - 02147454 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-17 20:58 - 2012-03-15 19:55 - 00000000 ___RD () C:\Users\karulus\Dropbox
2015-02-17 20:58 - 2012-03-15 19:54 - 00000000 ____D () C:\Users\karulus\AppData\Roaming\Dropbox
2015-02-17 20:56 - 2014-05-03 18:35 - 00029636 _____ () C:\Windows\setupact.log
2015-02-17 20:56 - 2012-03-25 12:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-17 20:56 - 2012-03-08 14:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-17 20:56 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-17 20:55 - 2013-12-21 12:30 - 00004096 ___SH () C:\VSNAP.IDX
2015-02-17 20:55 - 2012-03-15 17:59 - 01973055 _____ () C:\Windows\WindowsUpdate.log
2015-02-17 20:36 - 2012-03-25 12:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-17 20:23 - 2013-06-23 08:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-17 18:41 - 2009-07-13 23:45 - 00027184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-17 18:41 - 2009-07-13 23:45 - 00027184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-17 18:33 - 2014-07-02 17:18 - 00014556 _____ () C:\Windows\PFRO.log
2015-02-16 23:58 - 2012-04-29 21:49 - 00000000 ____D () C:\Users\karulus\AppData\Local\CrashDumps
2015-02-16 20:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Registration
2015-02-16 18:56 - 2009-07-14 00:08 - 00032552 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-16 18:44 - 2012-03-16 11:11 - 00000000 ____D () C:\Users\karulus\Documents\EfficientPIM AutoBackup
2015-02-09 06:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-05 21:23 - 2013-06-23 08:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 21:23 - 2012-08-28 20:30 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 21:23 - 2012-02-28 19:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 18:31 - 2012-03-25 12:04 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-03 18:31 - 2012-03-25 12:04 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-31 10:54 - 2012-08-25 18:12 - 00000000 ____D () C:\Users\karulus\AppData\Roaming\.anki
2015-01-30 22:20 - 2012-11-24 18:17 - 00885360 _____ () C:\Users\karulus\AppData\Local\rx_audio.Cache
2015-01-25 16:28 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-25 11:34 - 2012-02-28 17:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-24 01:17 - 2014-10-18 11:27 - 00031744 _____ () C:\Users\karulus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-23 22:58 - 2014-10-18 11:22 - 00000000 ____D () C:\Users\karulus\Documents\liteCam

==================== Files in the root of some directories =======

2014-10-20 10:53 - 2014-10-20 10:53 - 0000000 _____ () C:\Users\karulus\AppData\Roaming\oridrr.dll
2014-10-18 11:27 - 2015-01-24 01:17 - 0031744 _____ () C:\Users\karulus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-19 19:47 - 2014-06-01 15:21 - 0007605 _____ () C:\Users\karulus\AppData\Local\resmon.resmoncfg
2012-11-24 18:17 - 2015-01-30 22:20 - 0885360 _____ () C:\Users\karulus\AppData\Local\rx_audio.Cache
2012-11-24 18:17 - 2014-09-20 19:18 - 0430256 _____ () C:\Users\karulus\AppData\Local\rx_image32.Cache
2014-10-02 11:07 - 2014-10-02 11:08 - 0000000 _____ () C:\Users\karulus\AppData\Local\{87FEE4A4-F8F7-4ED2-94B0-638A38D0EDA7}
2012-09-17 18:19 - 2012-09-17 18:35 - 0000942 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\karulus\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd0jpul.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-13 01:01

==================== End Of Log ============================

ESET_Log.txt:

 

C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\Toolbar.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Users\karulus\Dropbox\ZTemp\Save\YTD(youtubedownloader)Setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
D:\DataMain\Documents\Installables\Alarm Free (cnet).exe a variant of Win32/InstallCore.D potentially unwanted application deleted - quarantined
D:\DataMain\Documents\Installables\Q clock install.exe a variant of Win32/InstallCore.D potentially unwanted application deleted - quarantined
D:\DataMain\Documents\Installables\setupscreenhunterfree.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
D:\DataMain\Documents\Installables\Wise_Video_Converter-ORG-75938058.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
D:\DataMain\Documents\Installables\YTD(youtubedownloader)Setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
D:\DataMain\Documents\Installables\ztemp -cbsidlm-cbsi134-Leawo_Bluray_Player-ORG-75914628.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
D:\DataMain\Dropbackup\DropBackup 14-10-25\ZTemp\Save\YTD(youtubedownloader)Setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
D:\DataMain\Dropbackup\DropBackup 15-01-23\ZTemp\Save\YTD(youtubedownloader)Setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
L:\Copies\Datamain\Documents\Installables\Alarm Free (cnet).exe a variant of Win32/InstallCore.D potentially unwanted application deleted - quarantined
L:\Copies\Datamain\Documents\Installables\Q clock install.exe a variant of Win32/InstallCore.D potentially unwanted application deleted - quarantined
L:\Copies\Datamain\Documents\Installables\setupscreenhunterfree.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
L:\Copies\Datamain\Documents\Installables\YTD(youtubedownloader)Setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
L:\Copies\Datamain\Documents\Installables\ztemp -cbsidlm-cbsi134-Leawo_Bluray_Player-ORG-75914628.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined

 

How is my computer running? I seems to be running just fine.



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:46 PM

Posted 18 February 2015 - 09:20 AM

Hello,
in my opinion your PC is clean. :) My help is of course completely free of charge but if you would like to donate some money to me that I can buy some beer, then click on the button paypal.gif. I'd really appreciate it, my friend. :)


We need to remove the tools we've used during cleaning your machine.
  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 Friar K

Friar K
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:46 PM

Posted 18 February 2015 - 06:14 PM

# DelFix v10.8 - Logfile created 18/02/2015 at 17:49:27

# Updated 29/07/2014 by Xplode

# Username : karulus - MAINGEAR

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST

Deleted : C:\AdwCleaner

Deleted : C:\Users\karulus\Desktop\FRST-OlderVersion

Deleted : C:\Users\karulus\Desktop\Addition.txt

Deleted : C:\Users\karulus\Desktop\AdwCleaner.exe

Deleted : C:\Users\karulus\Desktop\esetsmartinstaller_enu.exe

Deleted : C:\Users\karulus\Desktop\Fixlog.txt

Deleted : C:\Users\karulus\Desktop\FRST.txt

Deleted : C:\Users\karulus\Desktop\FRST64.exe

Deleted : C:\Users\karulus\Desktop\JRT.exe

Deleted : C:\Users\karulus\Desktop\JRT.txt

Deleted : C:\Users\karulus\Desktop\TFC.exe

Deleted : HKLM\SOFTWARE\OldTimer Tools

Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #140 [Scheduled Checkpoint | 01/25/2015 14:34:14]

Deleted : RP #141 [Scheduled Checkpoint | 02/04/2015 05:25:44]

Deleted : RP #142 [Scheduled Checkpoint | 02/13/2015 06:08:29]

New restore point created !

########## - EOF - ##########

 

Thank you again.  Let me know if you see anything amiss. I'm glad to see there are people out there willing to do this for perfect strangers. Please accept a small token of my appreciation with my gratitude.



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:46 PM

Posted 19 February 2015 - 04:38 AM

Thanks! :)

Any further questions before I close the topic as solved?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:46 PM

Posted 21 February 2015 - 08:54 AM

Greetings Friar K,

Machiavelli will be unavailable to reply for a bit of time and since we don't want to delay addressing your concerns I will be coming in alongside to continue to address your issues. Please allow me a little bit of time to come up to speed.

Thanks for your understanding and patience,

Gary
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:46 PM

Posted 21 February 2015 - 09:09 AM

Greetings,

Before we close this Topic I just wanted to check one last time to see if you have any other issues or questions.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Friar K

Friar K
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:46 PM

Posted 21 February 2015 - 09:31 PM

I'm good. Thank you so much for your diligent follow-up. Please feel free to close the topic.

 

Friar K



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:46 PM

Posted 21 February 2015 - 10:08 PM

Very good, thank you.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder. For everything else you simply delete the log files or desktop icons.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a couple of days in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:46 PM

Posted 22 February 2015 - 09:51 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users