Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant seem to get rid of a registrey key


  • This topic is locked This topic is locked
8 replies to this topic

#1 geno86

geno86

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 20 November 2015 - 01:54 AM

Hey, new poster and member here, i have a problem with this registrey key that adw cleaner keeps telling me i have, but it just wont remove it, log here.

 

# AdwCleaner v5.021 - Registro generado 19/11/2015 en 22:35:56
# Actualizado 14/11/2015 por Xplode
# Base de datos : 2015-11-19.4 [Servidor]
# Sistema operativo : Windows 7 Professional Service Pack 1 (x64)
# Nombre de usuario : Ricardo - GLOW
# Ejecutado desde : C:\Users\Ricardo\Downloads\adwcleaner_5.021.exe
# Opción : Escanear
# Apoyo : http://toolslib.net/forum

***** [ Servicios ] *****


***** [ Carpetas ] *****


***** [ Archivos ] *****


***** [ DLL ] *****


***** [ Accesos directos ] *****


***** [ Tareas programadas ] *****


***** [ Registro ] *****

Llave Encontrado : HKU\S-1-5-21-1374932667-2535497345-1150743777-1003\Software\Conduit
Llave Encontrado : HKU\S-1-5-21-1374932667-2535497345-1150743777-1003\Software\AppDataLow\Software\searchresults1

***** [ Navegadores Web ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [841 bytes] ##########

 

 

 

I also did some goggling on the matter, found a topic in here, with the same problem, but i didnt saw any instructions on it, mayb im blind, anyways heres Rkill and Junkware Removal tool  logs, malwares doesnt show anything.

 

 

 

Rkill 2.8.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/19/2015 10:32:58 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

          127.0.0.1 nwmaster.bioware.com
  0.0.0.1    mssplus.mcafee.com

Program finished at: 11/19/2015 10:35:12 PM
Execution time: 0 hours(s), 2 minute(s), and 14 seconds(s)

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.0 (11.12.2015)
Operating System: Windows 7 Professional x64
Ran by Ricardo (Administrator) on Thu 11/19/2015 at 22:22:43.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 540

Successfully deleted: C:\ProgramData\drivergenius (Folder)
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{0072AF43-1006-4DD0-B17B-98AE6C26DA97} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{008E3EFB-D33F-45C5-996A-A7000298A617} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{00E0F5C3-5E10-41CE-927F-2C9234D68B29} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{00E3C1C4-B1B8-46E7-BB6F-0AEC3274AE24} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{01604FFB-B3B9-47A6-BA67-9BDA77075CE0} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{01BD813F-FBED-439E-A3F9-FA90A380D955} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{025569D0-2F58-4A03-89AB-C00FC4440949} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{02955A8E-8DED-4C38-93AC-260CA33F21CD} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{0298F813-D89D-4EB1-9B6C-EB66C1AD5399} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{039FB433-A6C0-4853-977C-6EA75E8E1FA5} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{043700C4-794A-43A5-8AB4-63A84E6ECDAD} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{044F8FAE-901F-4CC6-9B72-9C566D028104} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{0472D1C5-BEDF-45F2-8EC0-0E32F0519E20} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{049EA563-358B-4E45-A784-D7535D82C976} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{0576B366-1F02-4547-B9F5-D7631629FA85} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{057D5249-5570-4DE9-9444-A5D0C617729A} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{058EF2F5-C912-4B77-9E71-E5304F8A29AB} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{063A7234-08B5-4C1F-A7EC-542FE1CF45C8} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{067D4CFA-BCB3-4164-B991-57CD1198DFB1} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{077334D9-1F78-41F2-BEEE-93050810178F} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{08164EDE-0413-4A9F-8222-6D1C88FB37F8} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{0902D1F1-EE04-48C2-A0A6-003B2A3D071A} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{09CCEEFC-5D99-4951-A9A5-5F32F7ED0E09} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{09E4A3F6-7880-46D5-B0DA-F6D2FB1E7300} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{09EFCD2E-CE41-4DFF-A5A7-210D154DA6C4} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{09FC02D1-8773-4FD5-A812-388C2E98E9DD} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{0A252F6C-F78B-43A2-8715-8B200B6B111E} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{0B02A7A5-9297-417C-82E5-B1D8603D5882} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{0B4EC4DD-B02A-4495-A4FE-EDA3EDDD78CB} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{0CCE52E5-D95F-4254-92BC-7F3DD98784DE} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{0D312B70-478B-4A43-95EB-185B278AEBB8} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{0D40C235-6FE0-4F5E-B5BC-F64DE29F75CF} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{0D88501D-88D3-46C3-87E4-D1BB230441AD} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{0E0CE874-510D-4D21-9C9C-90AA76ABC3FF} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{0E20E29C-94D4-441B-A54C-8C3D4A347708} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{0E48231F-E95E-4F09-B4FB-A87BBADB1304} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{0E8A7E7A-2122-4BE1-B6AB-28F44F2CCF31} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{0EB5D285-008C-48CF-9285-8660484B6779} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{0F3107D5-7946-429D-974A-47FEEDB228D7} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{105F446F-D456-4B1E-BAC9-2ACC8A9FBB57} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{11EDC8DD-692D-45AC-BD3B-BAC17094FF13} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{12234ED5-8051-43AF-9B64-C5CD979EFB35} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{13031293-B779-44E0-9761-B5BEBA364055} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{130F5065-AABA-4813-9914-ED4BC8DF0F10} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{1310EF1B-85E6-4F3C-9491-7D207ACEB5A2} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{131A5BC4-2AEE-4762-A417-1175466217DA} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{13730D74-4E54-4F46-9AF9-6D320C97CFCE} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{1398499A-1B44-4B44-A466-06AB70176F05} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{1519FAD9-7601-4512-8585-0BAEBD549FD1} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{15F90DDC-B107-44E2-8D2A-77494F605BAE} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{16111D52-4F95-49B2-8C22-1C27552883F7} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{17364D8F-AC7A-4C36-83FC-1A20D2EA9CA6} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{1748DFFA-7DBB-493D-B785-ECEB927005A3} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{178B0769-0724-422A-B9B7-65E376EC509B} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{18134B79-CEED-4FB7-ABE6-07D56454CA83} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{18537AF7-B9A5-4E2B-887A-07A5526F89FE} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{186E1B15-FA6C-4DA4-85B4-2BA3442B6774} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{199AA89C-F2E8-4B56-8CAA-7836D64F9159} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{1A042937-7B94-4F9C-9F20-744E4DC7C341} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{1A65DE3E-04A3-4E61-8F0F-6671421D1A64} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{1BB1B786-D96C-4A8B-859A-E6ACF4D08EF1} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{1BDADB9F-8FEB-44B4-A2D2-28F1D85BB82F} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{1C00AA6C-9BB1-4F1F-9FD2-47E1A7147FAD} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{1C6F1FBA-BB3B-46CC-804A-8410610D07C7} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{1CEDB402-9201-4087-860D-528BCACC3DCA} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{1D518607-8F69-4928-B0B1-BF4343C9017B} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{1DD5CEAD-B4D2-47D7-A92B-6CEEC205B184} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{1E3BC7DB-5EB9-4060-A058-CCFD7D299BCE} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{1E5A49FD-FCD3-4835-8A09-695D8797A03F} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{1E620DFB-698D-43A2-AFE4-010EAEE00CE0} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{1E70B86E-0E27-440A-B808-4A03ED09CD6B} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{1EA7E4D1-9C43-4C46-95A0-5D2DBAABF782} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{1F1371C1-DBF8-48CA-95F6-D187C01A83AE} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{1FB7473C-8214-4CA5-BF12-A748FAF5B67E} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{20037CCB-E804-43D6-9F31-91E1F1E75A08} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{20146ACB-174D-43A6-ACB6-78997434B505} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{2093BA59-E321-4585-9E52-68632ACE5BB2} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{215C730A-94E2-4879-B7E1-F27A7F56CC78} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{2274D6A2-2826-4AE5-96D2-0EFE89FB0CF5} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{233C5CE6-47B7-44D6-8640-BF0594E49DB9} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{2413A194-5757-4ED0-9C47-36A7CE9DF354} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{242B66FC-807B-43AE-9122-802961D290E7} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{25CB3563-4580-44DD-838E-5EBB66D7140F} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{25FA0432-C63C-45F5-BC42-E475AD696729} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{2698C7F2-E16C-4342-9961-48AB262EFFEC} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{269E0179-E50A-4A54-866F-E65C0A73D633} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{26C4A422-C620-4530-8590-6032564F1226} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{26CE67EF-D17E-4C04-AC09-F6D3BC6B5F93} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{26CFFA9A-8FF7-46AD-9B4E-07164F0DC629} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{2745C97D-5232-4454-B663-0AA27AB65000} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{27B934F6-3279-4D48-A3B6-863E94792823} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{27D83C76-172C-4E25-B01C-596046992A8C} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{28E0E054-F56A-4295-B517-A543050735DC} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{2907A71C-9C3D-4C18-A002-E25468719018} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{2A6A2974-6B2B-4D42-A4DE-6EA89C0FB816} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{2A8D60B3-817A-4CA5-B21E-DD71A50F519A} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{2BACE4F4-C03B-417F-BA80-4EA282DACC88} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{2C517F52-8576-4AB9-8707-6C7B0FDC27DB} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{2C5976A3-8042-4DA3-B910-748042177A6B} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{2CB74457-6FAC-439B-A20E-BBED5AC6EC1B} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{2D37F33D-E7B3-4C55-A9BB-4E58B812402A} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{2DD51C46-6A03-4766-A977-AEDAD670F3CA} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{2E480F6B-ADBD-4C65-9800-2884FDC3F46D} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{2E805967-B0B7-455E-BFFB-A8ACFBBE64AC} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{2EB6D026-3705-4958-AD26-F41FC20EC6FA} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{2ED6F9E3-2154-4BB4-89BE-F81502EAAF40} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{2F9F3F00-5B2E-4B77-9903-7C81DAFAFE9A} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{2FB9C834-0E68-4DE5-9905-3A674FB0D416} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{2FF29123-3045-41F8-B4FD-4F7B734AA076} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{30E54922-602A-454A-B8C1-C36BA858EAA8} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{311DCAB5-0919-426A-A11E-2C46DDE2DA75} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{31D3E06C-2C7A-478D-AE62-096AB77CB844} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{335BF53F-50D9-48BA-9AA4-2FAC421A0531} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{335C4818-5667-468A-8CFB-D0E35C51267C} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{33A5DB8A-8B12-4AB9-B756-21D57F212629} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{33FA299E-9201-4FBD-9256-AE4D5E11523B} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{34099201-01C1-44E3-93BA-64B61E714F45} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{345B3976-50BC-4961-88D5-D1F2334DB50B} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{34DC364A-71F3-4CE7-917F-9B75446A2AF8} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{35A728A1-E2EA-4801-832B-ECD522631D1F} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{35E284B0-11EE-49B8-BC97-BD30FD836DDC} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{3603D822-BCE0-4100-B73C-D2B538D59C1F} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{3664B59B-85E3-4DF7-A8C4-3CD391EEA0C2} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{3768E039-47B7-48A3-B874-5AA40DD272D7} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{3794C417-6D37-4698-8B6F-1D34D4E5274A} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{38418610-DA58-4B60-AB0C-E62CA2F5CA8C} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{3888E717-B721-4530-9078-C515B7BDEA88} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{38C39538-1206-4E2E-924C-496A40F9BCA1} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{398FEF4C-B73B-4E21-96FB-3B82D3EC6BFB} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{39A807A0-9A34-49B2-A2CE-383516E46254} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{39B4BFF4-B810-491A-8269-F22573BA22EB} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{39FF55E5-79C2-4FE5-9610-E9461E9FA4AF} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{3A1228FF-063D-4CD4-8BCC-6945FE689BB1} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{3ADCC2CA-FF49-4BB0-93B3-95F6F22C2A64} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{3B34AE6A-1027-4BD0-A1FF-3EBC3D793ABB} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{3B36D936-CBE5-4C58-B617-734F929E36A4} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{3D3C5863-2703-46C7-97E1-A5BF9008B042} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{3EEDED17-67CD-405A-8D95-9416C638E0FE} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{400C9644-2488-40DB-8069-D777E3497A79} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{4128B833-BA3F-4E88-964D-F91A8F07E00C} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{41A450D5-4218-4BCC-8124-D1F8A41EB305} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{427CAE3F-483D-4C91-89B8-B54A598BD208} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{4295F363-8EB1-4068-B180-1F5988EA8BBD} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{42D2D67B-F76E-45F3-967D-7FE707642F72} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{433405E2-7D8E-4E04-8FB5-6C773BF0F8E0} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{433AD178-4717-4B91-954A-BB2592C93541} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{43EACCC9-43A5-40AB-8B24-1F64D9C20598} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{445117B6-07DB-4FA1-86C9-2FFE275EC791} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{45579349-BA01-4B66-AB09-2C19A4BAC8EC} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{456ECEE3-E8C3-4C1D-A35C-707CE58D6277} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{4673EDBA-ECD3-4BFB-AB59-4A19A77960A7} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{468869B2-62F5-4370-A6A0-BE960B4A4C50} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{4781C508-BFB8-4977-8735-C36BF4132284} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{47B64AAD-EF86-4516-AEBD-BD2ADE6EC8CB} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{48045851-A81E-457C-894A-F119F2E29B5A} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{4872B0C0-76EE-416A-8F0A-38EEF2565739} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{492F84A1-6E9C-4DC2-95B4-0D4E647A46D5} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{49A969F2-0935-414E-BAE9-09F9AA8789E6} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{49CA6931-2A0E-4636-9246-DA63BE2C31AD} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{4A1556B2-7D1B-48C3-81EC-DF0E52ABD6DD} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{4AD9BCF6-C589-42C8-A1F8-7437DB83A64A} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{4B172088-D64A-4BA4-8E60-83CBD091B452} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{4BD9364D-C546-43B8-9661-E3ED476B43AD} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{4BF79271-4971-4894-B4CB-7F417BB6CD72} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{4C6AAEC0-4728-4F4C-8D92-58FFBE7EAD88} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{4C853B17-420D-4F9E-A99C-66AE5BF8B3DD} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{4D541C29-26E2-4FBE-81F6-82E866B66876} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{4DC62D5E-DCB4-4FBA-A273-7B63109DA727} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{4E98D33F-629B-4987-8DCE-D6A1969C630A} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{4F2A4581-A647-48E3-9DC5-55BDC56ED38E} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{50347353-C86E-4B71-A121-3006F1E054CF} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{5038AF24-7D6E-4B83-8A7E-4983008C82C3} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{508C7528-6347-4861-80BF-9EF460467285} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{5101C28B-72BC-466E-B500-A85CAC65856A} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{517B4364-7C20-4F5A-9045-83B4120E36CF} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{53623BA6-D0A7-4D13-AE52-1FD9BEEFB263} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{53E8D14E-F007-4E11-8310-57D8CAADF4F0} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{55EA7FC1-1F4A-47B7-B370-A10D950A7EDC} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{5668D7FF-4004-4D59-9034-F3815F2F89B2} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{56AC4461-E7BE-46E9-A888-32A2E4073FC7} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{56F2CE52-EC12-4B5B-B4AC-82A35D7C8BD8} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{56F7BEA9-47DC-4056-A213-34796C1960BB} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{5712E557-B463-4942-B88D-718160742F5B} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{5721D9F0-8EE0-4369-B4B3-F96622187EEA} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{57FA06A8-43B2-4293-9C9C-CC5AEA2578E7} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{57FBCFCF-192B-429A-9ADD-30AF4D2A0198} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{5849CB04-CC14-4B73-9A3D-F720A8F0DC5C} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{587DF4B0-3192-4C39-9D77-7F90AC02045F} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{5AC2B4C6-1E5A-4AE3-BE8C-C271BF89A981} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{5AEC50AA-C945-4F6C-ADF0-71D9666BC4CD} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{5AF9B794-48E7-4107-A7F3-A73E7F4870AF} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{5B151633-25CF-40F9-8D8F-45CBFCACFBF2} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{5BCEAF4A-62FC-4913-8DD0-62FDEAAE5556} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{5BF86ECF-8A0B-4F11-8EAD-046153E1C523} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{5C49EB75-5E40-4628-8124-4515DC256900} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{5C9843EB-62B4-4B51-ABDE-C9167352B71E} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{5D4ECA8F-0014-401B-BBC2-B3182263CD1B} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{5D5AFED4-7765-44E6-8D4F-31F8F3CC062F} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{5D7D1EBE-59D9-4C20-9D80-CA2145D9898D} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{5EA3BD28-3A80-43B7-9EB6-673B68ED6B18} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{5ECE5EE9-2A69-48E2-80DC-2B0DB5EB9401} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{5EE1A2A5-6D0B-40FA-B487-39EB3ECC3768} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{5F8C5F43-A65C-4BB7-A219-A60974397589} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{6009DF29-4D74-48B1-814D-DF60ABBE369D} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{608F4EA3-6CA2-45EF-8B8D-99666B000957} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{60FD2878-5311-466F-B80B-A003F8625452} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{614487F3-A503-4BA8-A1A8-3170CE6E988E} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{624C66B9-E87B-42E9-8BA5-E1802CE9EAFF} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{6280F9AC-DEC3-47DD-B392-FCF9818CB103} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{62E5B8B2-8D89-441D-BE54-B056C20D4FF6} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{63460D04-181D-4BF4-ABA0-2A16D6AC192C} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{6426F4B4-9195-462B-BAA4-04EB37EAE801} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{64863658-0EF8-4D4F-88BF-EC49736DA8C7} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{65174721-A2F0-4E55-A07B-F54037A0499A} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{65A8A545-53AE-4B77-9790-EAB76EAA0858} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{65E8D94E-AF42-47CE-89C4-2D2691A73739} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{6621C411-91E8-4A07-A6DB-D570C1C6C6E2} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{68075036-143A-486E-BBB1-8BE661B90F17} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{68A8D3EB-AF2B-435C-A9B0-B59EF2FA1E4A} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{68FF741A-CB6A-4779-80E5-2659DDDF7608} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{69EA1ECD-3006-4147-93BD-43D9713F726A} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{6A2751AA-7357-4632-A2A3-37022BB26F67} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{6AF8E57F-7161-4AFE-BB87-4C6D47665A3D} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{6B2F86DB-AD27-4B7F-A22E-F978311ADB91} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{6B33CACA-29CF-4B22-A81E-C61D64CEB65D} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{6BCAEBBC-D9E3-4BEE-9651-78A415D28BF4} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{6BE840F6-0B98-4F4A-BF31-01AE10666DAD} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{6C29F522-B706-4BD4-9B33-BCEAB1BFCC2F} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{6C35C9F8-0421-4426-9D56-FE17C0AE4415} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{6D101307-3C48-4725-B65F-01B359F11CF2} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{6D282B72-2485-4AC5-93F3-059A31F2BC40} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{6D458ABF-18B8-44F0-9733-360228D45F6A} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{6E483086-5CCB-45B9-B065-245ED7517301} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{6E93E1A2-FFFC-4F55-97E5-9DA732CDCA01} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{6EB2A861-EFAE-4FB7-B351-6FF0C368EAA8} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{6F8A0EBD-57D9-4CA7-AE79-66D8D4DD532B} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{6FB3FF25-4E70-4A70-B275-2FB09912CC1F} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{7030EFF4-8B9A-4298-A566-C74758FFBA38} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{70DEDAC4-A05B-4B99-8F52-BA21FBA457B5} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{710B3A99-A4B5-4B33-9217-2AA39CFF7343} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{71137712-4E5C-40D0-B92A-B922649FE068} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{71C19E4A-CF72-4143-B554-54D01C5DB271} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{722E0F3B-6C62-474E-9FA8-96FD2A4BFE02} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{726B041A-299B-49E9-A447-CE41CC31D9F4} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{73690E7F-62D0-4808-85CA-430CEE74E33E} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{73A3C1A7-5A02-4D8D-9FF8-BD8A175EE016} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{742B4286-9DBF-460E-A932-D98855D29D35} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{74E15882-2620-4E85-9800-E3D8EFC5EFE0} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{750187AE-3FB7-456E-B7E8-9DFA28D368D1} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{752F3DE1-B461-414C-A005-5487F0EFCCA2} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{7568BADB-A3F6-4CEA-8E7A-3BF9244F2EB0} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{76EEAA23-91C3-49E7-912B-26CCB631CAA9} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{779AB0CA-9358-4EB5-BE59-D724E46F4D57} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{77A02B3F-E3C9-4D3B-A9D6-84B5ADDA1BC8} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{77D05524-EE17-4D41-8AD9-DA0767A0F372} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{78C6EF4B-D206-4757-A651-40A596DF93BC} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{79839B44-E7C8-4B29-A3C8-55BE64F0C588} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{798E0CB7-E29C-48C1-8AFA-102E32BBFECD} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{79BEAE9C-5755-4D7B-8A25-1CAF29799CB7} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{7A7C26C8-0234-4676-94B7-004D02CD4DAC} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{7B1E89D5-21CA-4B97-A3AE-ABC52A52509F} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{7B26037C-EE93-48DF-8C5C-200B05499D7F} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{7B2FC836-DC18-43D4-B1BA-798EBC26CDCF} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{7B9064D0-87E8-448F-AA50-79CAD6338430} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{7C1C8190-0A25-4644-9448-2937BE0AD789} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{7CC56DBB-2D91-4826-A7EF-DB9CBE09F554} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{7D90BB0B-BA44-41B9-BD30-DCA7A1C30744} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{7DD16030-9334-4CCB-A221-DD3A92BCA3C4} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{7DFC6C1E-8373-4E9F-AC8B-D8C1BEBB4D52} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{7E227A92-8F9E-4FBD-B650-E1F0409E6DBA} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{7E2709B8-AD8D-47A4-A341-413637673998} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{7E4380C6-2630-4B52-90F5-88EB78210AC2} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{7E8FEE81-03BC-4F15-B61B-016C18CF2452} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{7EBD24F6-F3ED-46F8-8285-D1676DEA9661} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{7EC159CE-D8D4-4722-9F1A-1114EDEA3BAA} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{7F5CBD9A-1035-45A2-BD57-47FAA7ACA1CB} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{7F7B76AC-1D2F-4438-B7E4-B17A0A8F3DCC} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{803F32FD-DD86-40BB-BE12-5F14BEC051D5} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{80E427C5-335C-4772-9BC3-468CDB27B044} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{81270431-A02F-469B-B688-1C17D7A1BF40} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{813D579C-96E1-424C-A29E-4864597B5B89} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{81AF6E57-AD48-4084-8190-2C6DEA5D63A3} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{82815480-71B7-40AF-B4ED-861F657E91E2} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{833A7534-5740-43D6-BCD6-3037995A441D} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{834630F3-4BB8-4DE6-997A-A7519924E658} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{83BE1B02-E8A6-4176-B8B5-16D3FAEF3184} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{83DD3F0C-BBDF-4D30-AF84-F03C19E3AEF5} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{84178793-D9C9-4288-BF0C-D583C31FCD03} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{84197C7B-6224-49BE-85AB-056BC274E692} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{844122A1-BEAE-45C9-A5B9-937E88F2D55F} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{847252AC-0F2B-4E5A-8C4C-BD846D8DC2E8} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{8493ED93-8C68-4BF5-A9ED-9C6CDA4A1CCF} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{85B7C4C3-3139-4E6B-8079-E098D88D44F4} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{860AA0DC-1B5D-4860-AB18-4F06F320A929} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{874F3336-1EBD-4407-868E-CBADEDFC7923} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{87AC348C-18A0-4E2B-AC44-19B65F5B30DC} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{87B37782-43B5-40B0-90B1-8C20208C89F3} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{88ADD930-9610-4703-A52A-F506FAB94A06} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{88AF1F33-B114-47E1-9AAA-C1A6D4992C28} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{88B559F9-31D5-4F59-8024-6E07C7D75611} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{88F958BB-5E65-4A2E-981B-94655ADA439C} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{8950556E-8252-44E7-9D3A-201D157197C4} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{89C22D28-96E0-47BA-B814-B98E40F462A8} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{89EE6C75-29B1-4B48-B67F-3CF0B17DE38C} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{8A1210A9-ABEA-409A-B690-A70CE8691D95} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{8AB8812D-7EFE-4011-A332-FC34766DC47C} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{8B2449EF-F112-43C4-8970-2B06A749CB94} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{8B97F519-F56D-4A37-A570-FA8FA12F05A6} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{8BDC99FE-1AE0-4543-9F57-B2A57A3730FB} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{8D494966-0EFF-4F59-AF92-76E31533FF1C} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{8D53928E-50E5-4B5F-8CCE-1CD3AE59152D} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{8D7FADF5-C1CA-4F76-B8E0-5F567F39BDC0} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{8DBAB880-7E15-4A41-9C44-BBF3B4226CB1} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{8EC9FC76-DDC6-4672-8E33-DF07E357D8D6} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{90861C6B-D676-47F2-AEE6-F63CBF8E7106} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{909A38E6-89D0-4295-95C1-F74ADDCC0520} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{91CD7434-76E0-4CA7-AF5A-0DF5825BBF5D} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{91E4717B-AD06-40E8-A7D2-D19B70C54FBF} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{92B99F8E-3C6D-4296-B6DD-4B7E7EF46A01} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{932F5742-69CA-43AD-8661-7402614C9CF0} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{9364BA7C-41E9-4D38-972E-BB41910EC18D} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{93E9C7DF-D134-4846-A173-5DF8848FA1B4} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{941EB623-ED97-4E26-84DF-DE074829A2E9} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{94663C5F-2FBD-421D-B1F5-57E75FE4CACD} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{94F7257B-7C9B-4FA4-A125-1B46E8138FD0} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{9591CC96-E04E-4188-8FD8-0ECA74B8F810} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{96076D7F-FB04-499D-8661-BB1530E11895} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{965FCDA4-5139-42C8-A1D4-8B271BE7CDD7} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{96E0BF92-27BA-4753-882C-7234787150DB} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{9792AF01-1877-42E4-9A50-9F5403F2E6E0} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{97BC8954-A188-4AD3-A556-B957EE5CE7F1} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{97D11164-FD51-4E86-B1E5-0E1175E8629D} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{9831CD7F-439F-4E4C-9889-07457B185E13} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{983E4940-000D-4612-927B-5B800A63D799} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{98532A24-D76A-4BC2-ACA1-F807CB0B09B9} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{9872DFFD-A62B-4526-9316-185F585625F4} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{9905E0E2-23A1-4EC2-B24C-6B46996B18DA} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{9A41BA74-DE85-4B68-81C5-DD8CA09AB0B3} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{9A6A8E63-EB5D-4B7C-8EB8-4F8375AC31D9} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{9B0FCEBB-96E6-4F80-8C3E-3009B5C988F8} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{9B4932FC-BE65-4020-A318-1FB3128316E9} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{9BC7BEF8-F5DD-449B-9F02-712F3C9B3F84} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{9CE3557E-D8AF-4CC3-860A-E06FDAFD430C} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{9D01A94D-1114-49BC-9313-CB770E756A92} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{9D85EFBE-8FBC-4D89-A89B-A373BFF122CA} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{9E05B637-E3E6-4B08-B928-CF5D30BE1E6C} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{9EFB0E18-CEB1-4627-A364-EBCD277A95E3} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{9F008FA5-68E4-45FA-A48C-3A1370BE7014} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{9F22D889-3C49-42EE-8728-7553707CB77F} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{9F29D419-A914-423A-8674-AD40FA4CF087} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{9F88EE06-4D5B-4A8F-BB75-C85DA289EF3B} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{A003A16A-32B2-4F5B-BE1C-39A8B1A9D138} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{A02823DC-3121-4BF9-A7CC-4AEEFCAFDAE0} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{A122DFFE-0109-4575-B739-AB7E144FD42D} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{A18512D4-571F-44B5-B94A-6252B9AB8B21} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{A23A301F-3010-49AB-BA2C-13AB6794FB7B} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{A2C0B675-F5D0-4CFD-9B14-FBC8277ACF24} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{A308B214-FAB4-4535-AE2D-2E0ACBEA2415} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{A31730D2-2470-4E63-A2A7-2A48AEA233C5} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{A327AF56-AF09-4C3D-82B1-6DD0F65CDAA6} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{A32DE50D-1FFD-47CE-8315-73E4FC5CE035} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{A40E1C02-730E-4CE7-A40D-F07FE31C05D6} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{A5644513-5629-4535-8A8A-520C21F0DC7E} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{A5D180AA-713D-41B5-A043-897FE88FA4C8} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{A626BB93-BCBD-4285-8FFE-259BDBADE10C} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{A6360248-4654-4BE4-A424-9AF8F56332BA} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{A6454D74-98AE-445E-B326-9B1EEC5ECD3A} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{A6973CFE-C47A-4AEE-A4EF-BC9FD45983A9} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{A6ADC9C9-0550-453E-872C-D9C3385C8A9C} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{A9ED09BE-0C93-44E1-94DD-A0A3D236E2BE} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{AA2672D5-6226-4D92-8D5E-19112B567DDF} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{AA30E357-8664-493D-8F29-5EBF0321756E} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{AA3E9ADB-E472-4E2E-A011-62F29CB2D0D9} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{AB0DF5D0-6510-4ADA-A095-400EC7C86D0F} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{AB9338D5-4EBC-4F00-8485-500668FCE571} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{ABA410FF-01BA-4A1D-B174-86BE829BB84A} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{AC4425C3-4CC4-4665-A83C-047CF1FEE812} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{AC5049B8-71F7-4AFC-BDC3-866A2AD67297} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{ACE05250-CF05-4EA6-BC80-3F84BEF778BD} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{ACF21633-B7C1-4E64-ACA6-6CE045866143} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{AD532C8F-936F-4B21-AF50-801DE322EC7C} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{AD646570-2DCF-404F-B08E-045E68FCD7C8} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{AF12B10D-C93A-45B2-8326-5BC43ED63D9F} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{AF6292BF-5B51-4B2D-8094-BE41F977F88B} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{AF8BA24E-73F0-4EE5-A89A-10344DA0E77B} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{B04FB437-BE60-451E-AB6A-F9DBC10A2AEE} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{B09F8C95-3956-474E-8C9D-77CA8ACBC9EA} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{B0CE0F7A-B0FB-4B37-A3C0-4384880E0358} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{B1871A81-4C14-47B7-A103-2BEDA4BE7798} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{B18FC8B0-6BA9-42A2-A5A2-5311C228C92B} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{B1F5D6B9-084E-4E03-AFDF-7A3990ACA77B} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{B219F126-5224-4FAF-AD3F-31E6B2CF7642} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{B350D34A-38EB-4D87-BBCD-0A3538177938} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{B3B90472-C8B5-409C-BDDB-8E7334D78D18} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{B4CA57A0-DC2B-4769-983C-FED4BCC8AD05} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{B57F6E3E-19F7-412A-A74A-271B4F3AE5EC} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{B59E09F3-7169-4074-A182-ACFF3C62E015} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{B602484E-A912-420B-A5C3-5D491E75B059} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{B6198103-43F6-42F9-B170-753496838916} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{B639477D-5FC4-411A-A03B-FFED7A667918} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{B67301DD-B4F4-4E71-85F0-4E004B740EC2} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{B6816C28-5524-450C-92D1-E5ED7AEF6C0D} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{B6BAAA11-E08E-419E-8793-54750FE7068A} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{B6FF684F-4D85-4039-8793-26C06F6E984C} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{B7E30007-B6E2-4D92-A314-CABCDD0783AD} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{B7F50EFD-92C4-4512-BC85-158C279821D4} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{B9852E98-69FC-4726-BA1A-3DD51B9169A9} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{B9F55D37-F74D-42CD-9A55-381CD5147966} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{BA63C04A-FD87-49DA-B70F-899C250B2F17} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{BA703349-96C9-4B02-B504-ECF558D29BF4} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{BBB50AEF-CF40-4C6B-89F5-53E6B404D094} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{BC4DEFEF-18C3-4B42-A870-553E88CCA67F} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{BCCA4550-796A-438C-B508-9EE979E4ED3D} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{BCE1B097-F93F-4D18-A56F-C559FDB832B4} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{BCF9EE24-15AE-4A35-B3CD-DC05B781BDEE} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{BD0A1B15-4196-45DB-9E3E-38E5907E3FF2} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{BD99DA95-8CDF-47D3-98A8-2D7076F111E9} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{BDB844DF-0163-48B2-B070-F200F437CD48} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{BF0E11FD-5059-483D-9BAB-6C845FC54BDD} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{BF37E5E7-9D7E-4E1D-9E03-08DC82A64BAF} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{BF838431-BA4E-4E49-AB34-D0EEFD4C9335} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{BFB156CB-D49B-4F5E-8782-DB748FA5765E} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{C047F863-FCE9-4C44-8EE9-B9A547F5165F} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{C12541FB-BEAB-4AD9-A309-0DDBCD3FA6B5} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{C21E6C9C-6052-4E63-B6B9-8DC17A3202AA} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{C27D29F8-EEE2-4253-A2D3-318DC435EA33} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{C2F5E72E-2B9F-44FE-B9F0-5502D32747CC} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{C34227E9-BCD4-42BE-A7DB-9BAB9544DCC5} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{C48120F6-4F82-4970-913B-FE2FDB044947} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{C553F3A6-772D-4006-B162-D7AF7CA4022E} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{C5EF9E6E-40D5-436F-AFBF-4D531BA11898} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{C64432B4-EE8F-44D7-9693-85FE3672A0C0} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{C66156A1-BE78-431B-959B-A4DCD02DDD77} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{C77E5655-48CA-4763-B8EE-FEC00C118A36} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{C791AF28-5EB1-4BA0-9D57-486D10C484BF} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{C7A6B7D3-6419-483F-951D-CCF732A3FC59} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{C7FF258D-E971-4095-8AA2-6E93C6B53481} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{C8053456-B9AB-4546-9741-153FF7ED02EF} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{C879B667-0BA1-48B7-86DE-8E4EC474EFB1} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{C9DE751A-ED42-447E-8D66-88489283E7CD} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{CADB8DCA-13E6-4C07-AF99-27BDF0403539} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{CADEF33C-E298-4DEE-9CC7-8D43FFD9C6B5} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{CB5E3B22-87FB-40CD-9DB6-15A16C1390AB} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{CB8892C5-83FD-472E-BE09-56D5F5F840C1} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{CB95DF73-758B-4E07-8E05-498A1BFCE683} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{CBD64788-5D7B-46D3-B293-9F4F8251AF96} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{CC6BAC95-821F-466A-8FFF-D2B6328E8E70} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{CDD80658-9B69-4700-9387-D77FCA1E9672} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{CE6B9258-E890-4354-9279-B0125B8BCC32} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{D016ECCD-850E-4C66-B6F2-7C2729F1CCF6} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{D0741FEA-D9C2-4132-BC98-CEF43E66B51B} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{D21AD815-FD9D-4A9B-AC86-ECEDCF7C324A} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{D226284C-3000-41B8-B304-6AAF1D259313} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{D4197391-68A5-4407-B1A6-9EC26692E482} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{D4BE0059-F73C-40D3-B69E-31698D3182DB} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{D5CCAB65-6C35-44B5-B0CD-24FCD6E6179B} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{D63A8B67-25FE-4CF5-AE76-9B417F51BC76} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{D7D48983-E449-4D8E-9C7D-9D4C727ABEA5} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{D84D4D4C-5F0F-4658-AF61-2DD0D55B6102} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{D89F0844-784F-48A6-B876-0D2970F35B8C} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{DA134473-8163-4E9F-886A-7B1EA38AAC6A} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{DA8856BB-5740-4CAB-9B48-862F1622572F} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{DAC25D0F-A168-4295-A424-A8209AD7B4AC} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{DB875DE8-CEF7-4ED3-A812-6942C4A293DE} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{DB887A76-9583-4BE9-81F7-33A6C362A79C} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{DC41C513-702D-4D2A-88F1-74D0B855EBCD} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{DD3C7E49-DADE-41E7-98E9-0DC588684C69} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{DF34F850-AF59-42B1-B5AA-20E03C7F2515} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{DF5490A0-3BE4-442A-B761-E40715F11464} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{E0016C7B-0746-4490-9CC4-4B4E018C1C60} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{E0531F6F-44D5-4A6C-ACDC-436613B86254} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{E0A6C773-7DB6-4653-9C86-8766384E3575} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{E0E5659A-EFF8-48FD-8E2A-23F65EF613DB} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{E1984268-31CD-454D-990F-4B387C457CD1} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{E1BF8852-EC38-4EE2-B121-407453ED3AC0} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{E4B27746-C5E9-45ED-9F66-A26E294A1449} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{E4E797B4-E402-40E2-9E23-047E1053067C} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{E500C787-EF72-48F2-ADF7-94A1D199AFDE} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{E5BFD16E-4CF2-450B-8E48-8CA8EDE168E6} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{E60B3161-6642-4ACB-A857-DF8024E0134F} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{E6BFE7B6-8EF4-443F-8659-E9B157FD15F2} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{E6F39D7A-6026-4D55-938B-521646A3BE02} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{E7343B5E-939E-48B0-B3A3-7009474288E9} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{E75A3C2A-4BC8-4B4A-A9F4-28E132E4D823} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{E83B656F-6320-4BD0-AA67-FBFC49604F62} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{E8F8C867-501F-4D71-B563-4DFAA5FFAD30} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{E94E2CC4-7985-4A54-A08A-DF6888A48A54} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{E98D0CE3-B3F8-453C-B19E-E17522F49DCC} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{E9C885A9-233F-44E2-B5ED-C2DBEF52691B} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{EA12EF37-0F17-4BA4-AC8E-A33D82EAED1B} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{EAACE2EC-3DFC-4CE5-838F-81B28A3DA4A0} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{EB237BDE-0517-4FD4-95C3-F2649FC1EC0A} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{EB615690-AF50-4E9A-B0EA-4C0E9772D484} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{EBFD00F4-2C11-4EEB-AB32-E1635F8D114D} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{EC720B32-7BA8-419F-9104-9F44865BFF54} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{ECD8A825-C7AA-4542-8239-CF93C13CC400} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{ED1686B8-D2D0-427D-9E82-7A0D82A12BCE} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{EDC2CBA4-74CF-44F6-8624-8EB26D6A5399} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{EDD50C23-403B-49AA-AC4B-4170B57B6C4D} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{EE2309C5-CEBB-4B15-B469-DD18F850A461} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{EE29AFCC-2F32-4329-BB33-42BC0F4CC859} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{EF6A22DF-BEF8-4428-8E36-25B128EB73D0} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{EF97314B-B1B2-4974-8A99-BE04187BA240} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{EFBC483B-5FBF-4F39-A73E-FD75FC7C6FBA} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{EFDD1540-E865-49F7-A0DC-560BB3315B1F} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{F01E2F38-F081-4443-BC18-9ED0E00CBE2D} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{F052F83B-F745-4B15-8C7E-213FE3EE714B} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{F125B392-5531-4AE2-ACC3-041B82C63627} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{F1871594-46C2-4745-BAAF-F0599D10A024} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{F1AB898D-A701-4DBB-8C4C-05BC11E5D500} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{F203445D-3217-4F9A-A7D3-AA3E2E052614} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{F3504F3E-3273-48E0-B50B-C101BAABF192} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{F3CABE8E-532C-4157-9B04-87C7E3145213} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{F3E4965F-0804-4D73-83E6-8B61274F9D62} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{F4EADCF5-25B7-4551-A0CE-DC6E6A11D660} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{F581EDA1-6AFF-4072-A3C9-D05F866F641A} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{F58DE563-DB9A-4406-81D8-74153259FE91} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{F5E0FD4E-3A34-4A83-A0F5-1C0FF2003EE4} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{F63ED4B3-2706-4350-B19C-E10A01DE6F37} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{F66D2374-FCD6-4511-B910-120DDBC089EE} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{F66D9928-491F-462D-94BF-CFF22269638F} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{F8D2F0E5-D17E-4B1D-A4BB-DB1897F46D6A} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{F909274C-BFB3-408C-8197-25A16BD7BE1E} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{F92FB21E-5AE5-4C06-9A4F-114118B55434} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{F9CE876F-B69B-427E-8AF5-CE29E69C613B} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{FA81C349-5B25-4CFF-9AF8-420AE23137AC} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{FB1E7F9B-6E13-4733-9FE8-B1B6318A621F} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{FC72139A-C049-40D9-8B94-52A6AB98FA77} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{FCA23054-303A-43E7-B03A-FD49A359BC44} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{FD06D1CD-0662-4A8E-ACF8-886C62D71520} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{FD1FB45F-1219-4F0E-91EE-09E0CC3E5DA0} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{FD4B9CF3-9C5A-4DE0-A8EA-15D1A44F7753} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{FD8EFC5F-7598-4303-8F74-6E7A86DF6A37} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\{FF99C81F-EDBE-45C6-B677-7251ED14D7D2} (Empty Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\9a2ai59n.default\extensions\hxxps-everywhere-eff@eff.org\chrome\locale\ru@petr1708 (Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\9a2ai59n.default\extensions\hxxps-everywhere-eff@eff.org\chrome\locale\zh_CN.GB2312 (Folder)
Successfully deleted: C:\Users\Ricardo\AppData\Roaming\wyupdate au (Folder)

Deleted the following from C:\Users\Ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\9a2ai59n.default\prefs.js
user_pref(extensions.register@pgport.com.data, {ef522540-89f5-46b9-b6fe-1829e2b572c6},0,9999,999.999.999,9999,|{c50ca3c4-5656-43c2-a061-13e717f73fc8},5300,5300,4.0.1,5300,f



Registry: 1

Successfully deleted: HKLM\Software\Google\Chrome\Extensions\npdicihegicnhaangkdmcgbjceoemeoo (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 11/19/2015 at 22:26:07.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:09 PM

Posted 22 November 2015 - 09:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

This fix should take care of it.

Copy the text IN THE CODE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.
 
Windows Registry Editor Version 5.00

[-HKU\S-1-5-21-1374932667-2535497345-1150743777-1003\Software\Conduit]
[-HKU\S-1-5-21-1374932667-2535497345-1150743777-1003\Software\AppDataLow\Software\searchresults1]
Restart the when completed.

You can delete the fixme.reg file when done.

===

If the issue persists please run this tool and post the logs for my review.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Edited by nasdaq, 22 November 2015 - 09:30 AM.


#3 geno86

geno86
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 22 November 2015 - 09:20 PM

Hi nasdaq, i did the first thing, they are still there according to adw, so yep.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:22-11-2015
Ran by Ricardo (administrator) on GLOW (22-11-2015 17:56:45)
Running from C:\Users\Ricardo\Downloads
Loaded Profiles: Ricardo & UpdatusUser & postgres (Available Profiles: Ricardo & UpdatusUser & postgres)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Scarlet.Crush Productions) C:\Program Files\Ps3 controler\bin\ScpService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\PAC7302\Monitor.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Flagship Industries, Inc.) C:\Program Files\Ventrilo\Ventrilo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-01] (Research In Motion Limited)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-18] (DivX, LLC)
HKLM-x32\...\Run: [RaidCall] => C:\Program Files (x86)\RaidCall.RU\raidcall.exe [5127832 2015-09-23] (RAIDCALL.COM)
HKU\S-1-5-21-1374932667-2535497345-1150743777-1000\...\Run: [Facebook Update] => C:\Users\Ricardo\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-1374932667-2535497345-1150743777-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-20] (Valve Corporation)
HKU\S-1-5-21-1374932667-2535497345-1150743777-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-1374932667-2535497345-1150743777-1000\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [2946096 2015-11-19] (Blizzard Entertainment)
HKU\S-1-5-21-1374932667-2535497345-1150743777-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-1374932667-2535497345-1150743777-1000\...\MountPoints2: {3e48e26f-9d97-11e1-89aa-806e6f6e6963} - D:\AutoRun.exe
HKU\S-1-5-21-1374932667-2535497345-1150743777-1000\...\MountPoints2: {83c8dfbb-95c6-11e4-9a4f-e840f2067c55} - G:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-05]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2012-06-13]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-1374932667-2535497345-1150743777-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 10.213.2.12 10.213.5.15
Tcpip\..\Interfaces\{1BD992E4-6230-4ED1-8C32-F4A593AC55C3}: [DhcpNameServer] 10.213.2.12 10.213.5.15
Tcpip\..\Interfaces\{5A2294AB-89EF-40EF-8696-CB257CE0B359}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{8E90D9B8-42C5-4219-832C-925CECBE387C}: [DhcpNameServer] 10.182.28.116 10.182.28.124

Internet Explorer:
==================
HKU\S-1-5-21-1374932667-2535497345-1150743777-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130895097036011995&GUID=E1655BB2-4428-4338-957A-8CCFD2D389A9
HKU\S-1-5-21-1374932667-2535497345-1150743777-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://prodigy.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1374932667-2535497345-1150743777-1000 -> {A609E3C6-575E-4484-B76B-CFB8AF1F23EA} URL = hxxps://mx.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-11] (Oracle Corporation)
BHO-x32: Aplicación auxiliar de inicio de sesión de Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-11] (Oracle Corporation)
DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/es/uno1/GAME_UNO1.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\9a2ai59n.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-12] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Ricardo\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @raidcall.tw/RCplugin -> C:\Users\Ricardo\AppData\Roaming\RCTW\plugins\nprcplugin.dll [2013-06-24] (Raidcall)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-07-03] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1374932667-2535497345-1150743777-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Ricardo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1374932667-2535497345-1150743777-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ricardo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-09-20] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-12-09] (Nullsoft, Inc.)
FF Extension: IE Tab - C:\Users\Ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\9a2ai59n.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2015-05-30]
FF Extension: Google Search by Image - C:\Users\Ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\9a2ai59n.default\extensions\google@hitachi.com.xpi [2015-05-30]
FF Extension: No Name - C:\Users\Ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\9a2ai59n.default\Extensions\firefox@betterttv.net.xpi [2015-10-16] [not signed]
FF Extension: MEGA - C:\Users\Ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\9a2ai59n.default\Extensions\firefox@mega.co.nz.xpi [2015-11-17] [not signed]
FF Extension: ReChat for Twitch™ - C:\Users\Ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\9a2ai59n.default\Extensions\firefox@rechat.org.xpi [2015-05-28]
FF Extension: HTTPS-Everywhere - C:\Users\Ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\9a2ai59n.default\Extensions\https-everywhere-eff@eff.org [2015-08-27]
FF Extension: League of Legends Events - C:\Users\Ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\9a2ai59n.default\Extensions\jid0-8tN1572BjKN38NbylynGgV1L2AU@jetpack.xpi [2015-05-28]
FF Extension: Greek (GR) Language Pack - C:\Users\Ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\9a2ai59n.default\Extensions\langpack-el@firefox.mozilla.org.xpi [2015-11-08]
FF Extension: Adblock Plus - C:\Users\Ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\9a2ai59n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-24]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Diapositivas de Google) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-09]
CHR Extension: (Google Docs) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-09]
CHR Extension: (Google Drive) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-09]
CHR Extension: (YouTube) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-09]
CHR Extension: (Búsqueda de Google) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-09]
CHR Extension: (Hojas de cálculo de Google) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-09]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-09]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-09]
CHR Extension: (Gmail) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-06-08] (BitRaider, LLC)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 Ds3Service; C:\Program Files\Ps3 controler\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [236832 2015-09-09] (EasyAntiCheat Ltd)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3534784 2015-07-24] (INCA Internet Co., Ltd.)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 postgresql-8.4; c:\postgreSQL\bin\pg_ctl.exe [66048 2014-02-18] (PostgreSQL Global Development Group) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BRDriver64; C:\programdata\bitraider\BRDriver64.sys [74024 2013-06-06] (BitRaider)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-22] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-03-26] (Apple Inc.) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [527360 2007-09-10] (PixArt Imaging Inc.)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-10-13] (Duplex Secure Ltd.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 Gun; \??\C:\Game\SoftnyxGame\GunboundLS\Gun64.sys [X]
S3 GunBod; \??\C:\Game\SoftnyxGame\GunboundLS\avital\gunbod64.sys [X]
S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-22 17:56 - 2015-11-22 17:58 - 00024343 _____ C:\Users\Ricardo\Downloads\FRST.txt
2015-11-22 17:54 - 2015-11-22 17:56 - 00000000 ____D C:\FRST
2015-11-22 17:54 - 2015-11-22 17:54 - 02346496 _____ (Farbar) C:\Users\Ricardo\Downloads\FRST64.exe
2015-11-22 17:43 - 2015-11-22 17:43 - 01733632 _____ C:\Users\Ricardo\Downloads\adwcleaner_5.022.exe
2015-11-19 22:32 - 2015-11-19 22:35 - 00002210 _____ C:\Users\Ricardo\Desktop\Rkill.txt
2015-11-19 22:32 - 2015-11-19 22:32 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Ricardo\Downloads\rkill.com
2015-11-19 22:26 - 2015-11-19 22:26 - 00059279 _____ C:\Users\Ricardo\Desktop\JRT.txt
2015-11-19 22:21 - 2015-11-19 22:21 - 01599080 _____ (Malwarebytes) C:\Users\Ricardo\Downloads\JRT.exe
2015-11-19 22:16 - 2015-11-19 22:16 - 00001077 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-11-19 22:16 - 2015-11-19 22:16 - 00000000 ____D C:\Users\Ricardo\AppData\Local\VS Revo Group
2015-11-19 22:16 - 2015-11-19 22:16 - 00000000 ____D C:\ProgramData\VS Revo Group
2015-11-19 22:16 - 2015-11-19 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-11-19 22:16 - 2015-11-19 22:16 - 00000000 ____D C:\Program Files\VS Revo Group
2015-11-19 22:16 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-11-19 22:15 - 2015-11-19 22:16 - 11069616 _____ (VS Revo Group ) C:\Users\Ricardo\Downloads\RevoUninProSetup.exe
2015-11-19 21:57 - 2015-11-19 21:58 - 00000000 ____D C:\Users\Ricardo\Documents\Overwatch
2015-11-19 21:53 - 2015-11-19 21:53 - 00001098 _____ C:\Users\Public\Desktop\Overwatch.lnk
2015-11-19 21:53 - 2015-11-19 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2015-11-19 21:33 - 2015-11-22 17:47 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-19 21:33 - 2015-11-19 21:33 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-19 21:33 - 2015-11-19 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-19 21:33 - 2015-11-19 21:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-19 21:33 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-19 21:33 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-19 21:33 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-19 21:31 - 2015-11-19 21:32 - 22908888 _____ (Malwarebytes ) C:\Users\Ricardo\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-19 21:01 - 2015-11-19 21:57 - 00000000 ____D C:\Program Files (x86)\Overwatch
2015-11-10 14:15 - 2015-11-10 14:15 - 00001461 _____ C:\Users\Ricardo\Desktop\Fallout4 - Acceso directo.lnk
2015-11-10 12:06 - 2015-11-10 12:06 - 00000000 ____D C:\Users\Ricardo\AppData\Roaming\Steam
2015-11-10 12:00 - 2015-11-10 12:00 - 00000000 ____D C:\Users\Ricardo\AppData\Local\Fallout4
2015-11-10 11:50 - 2015-11-10 11:50 - 00001058 _____ C:\Users\Ricardo\Desktop\Fallout 4.lnk
2015-11-10 11:50 - 2015-11-10 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout 4
2015-11-10 11:28 - 2015-11-10 12:06 - 00000000 ____D C:\Program Files (x86)\Fallout 4
2015-11-09 19:04 - 2015-11-09 19:04 - 00000000 ____D C:\Users\Ricardo\Desktop\FAALOUT
2015-11-09 13:57 - 2015-11-12 15:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-09 13:57 - 2015-11-09 13:57 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-08 16:28 - 2015-11-08 16:28 - 00000221 _____ C:\Users\Ricardo\Desktop\Borderlands 2.url
2015-11-06 16:15 - 2015-11-11 14:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-05 10:44 - 2015-11-05 10:44 - 00001934 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-11-05 10:44 - 2015-11-05 10:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-11-05 10:44 - 2015-11-05 10:44 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-11-03 14:02 - 2015-11-03 14:03 - 00000000 ____D C:\Program Files (x86)\RaidCall.RU
2015-11-03 14:02 - 2015-11-03 14:02 - 06046240 _____ C:\Users\Ricardo\Downloads\raidcall_v8.1.8.exe
2015-11-03 14:02 - 2015-11-03 14:02 - 00001034 _____ C:\Users\postgres\Desktop\RaidCall.lnk
2015-11-03 14:02 - 2015-11-03 14:02 - 00000000 ____D C:\Users\Ricardo\AppData\Roaming\RCTW
2015-11-03 14:02 - 2015-11-03 14:02 - 00000000 ____D C:\Users\Ricardo\AppData\LocalLow\RCTW
2015-11-02 21:27 - 2015-11-03 14:02 - 00001034 _____ C:\Users\Ricardo\Desktop\RaidCall.lnk
2015-11-02 21:27 - 2015-11-02 21:27 - 00000000 ____D C:\RaidCall
2015-11-02 21:25 - 2015-11-02 21:26 - 08429958 _____ (RAIDCALL LIMITED. ) C:\Users\Ricardo\Downloads\raidcall.exe
2015-11-02 15:13 - 2015-11-02 15:13 - 00000219 _____ C:\Users\Ricardo\Desktop\Dota 2.url
2015-11-02 02:28 - 2015-11-02 02:28 - 00000383 _____ C:\ftconfig.ini

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-22 17:56 - 2014-09-19 12:59 - 00001036 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-22 17:52 - 2012-11-22 18:37 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-22 17:50 - 2012-05-13 23:41 - 01279090 _____ C:\Windows\WindowsUpdate.log
2015-11-22 17:49 - 2015-10-16 01:37 - 00000000 ____D C:\AdwCleaner
2015-11-22 17:46 - 2015-09-15 15:03 - 00000000 ____D C:\Users\postgres
2015-11-22 17:45 - 2015-10-11 00:00 - 00003360 _____ C:\Windows\setupact.log
2015-11-22 17:45 - 2014-09-19 12:59 - 00001032 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-22 17:45 - 2012-05-14 01:01 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-22 17:45 - 2012-05-13 23:42 - 00000000 ____D C:\Users\Ricardo
2015-11-22 17:45 - 2010-11-20 19:47 - 00536226 _____ C:\Windows\PFRO.log
2015-11-22 17:45 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-22 17:44 - 2012-05-14 03:47 - 00000000 ____D C:\Users\Ricardo\AppData\Roaming\TS3Client
2015-11-22 17:41 - 2012-05-15 09:06 - 00000000 ____D C:\Users\Ricardo\AppData\Roaming\Skype
2015-11-22 17:14 - 2012-07-24 07:07 - 00000838 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-22 17:06 - 2013-12-04 18:58 - 00000000 ____D C:\Users\Ricardo\AppData\Local\Battle.net
2015-11-22 17:06 - 2013-12-04 18:58 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-11-22 16:51 - 2012-06-16 07:41 - 00001074 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1374932667-2535497345-1150743777-1000UA.job
2015-11-22 16:51 - 2012-06-16 07:41 - 00001052 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1374932667-2535497345-1150743777-1000Core.job
2015-11-22 16:50 - 2012-08-20 19:57 - 00000000 ____D C:\Users\Ricardo\AppData\Local\PokerStars
2015-11-22 16:50 - 2012-08-20 19:57 - 00000000 ____D C:\Program Files (x86)\PokerStars
2015-11-22 11:12 - 2009-07-13 20:45 - 00032208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-22 11:12 - 2009-07-13 20:45 - 00032208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-22 04:35 - 2015-09-15 15:05 - 00000000 ____D C:\Users\Ricardo\AppData\Roaming\HoldemManager
2015-11-22 04:07 - 2015-10-03 11:05 - 00000000 ____D C:\Jivaro
2015-11-22 02:00 - 2012-05-14 00:13 - 00000000 ____D C:\Users\Ricardo\AppData\Local\Adobe
2015-11-19 21:34 - 2011-04-12 01:10 - 00747720 _____ C:\Windows\system32\perfh00A.dat
2015-11-19 21:34 - 2011-04-12 01:10 - 00159192 _____ C:\Windows\system32\perfc00A.dat
2015-11-19 21:34 - 2009-07-13 21:13 - 01678218 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-15 20:27 - 2013-08-28 08:04 - 00000000 ____D C:\Users\Ricardo\AppData\Roaming\vlc
2015-11-11 14:46 - 2012-05-14 00:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-11 14:45 - 2012-05-17 15:33 - 00000000 ____D C:\Users\Ricardo\AppData\Roaming\uTorrent
2015-11-11 11:59 - 2014-09-19 13:06 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-10 19:14 - 2012-07-24 07:07 - 00003776 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-10 19:14 - 2012-05-14 00:14 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-10 19:14 - 2012-05-14 00:14 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-10 12:00 - 2012-06-13 06:41 - 00000000 ____D C:\Users\Ricardo\Documents\My Games
2015-11-10 10:36 - 2013-12-20 18:27 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-11-09 13:57 - 2015-05-17 01:29 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-09 13:57 - 2012-05-14 00:13 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-09 13:56 - 2012-05-13 23:59 - 00000000 ____D C:\ProgramData\Adobe
2015-11-05 02:44 - 2012-09-14 16:10 - 00000000 ____D C:\Users\Ricardo\Desktop\League of legends
2015-11-03 14:03 - 2012-08-01 12:26 - 00000000 ____D C:\Users\Ricardo\AppData\LocalLow\raidcall
2015-11-03 14:02 - 2014-08-22 09:25 - 00001058 _____ C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk
2015-11-03 14:02 - 2014-08-22 09:25 - 00001034 _____ C:\Users\UpdatusUser\Desktop\RaidCall.lnk
2015-11-03 01:53 - 2013-10-08 17:21 - 00002153 _____ C:\Users\Ricardo\Desktop\vba.ini
2015-11-02 23:43 - 2014-12-28 13:58 - 00000000 ____D C:\Users\Ricardo\AppData\LocalLow\yoclient
2015-10-30 11:27 - 2012-05-15 09:06 - 00000000 ____D C:\ProgramData\Skype
2015-10-29 19:02 - 2015-10-22 09:39 - 00000000 ____D C:\Users\Ricardo\AppData\Local\Equilab
2015-10-28 14:14 - 2012-05-14 03:45 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2015-10-25 13:35 - 2013-04-01 11:53 - 00000000 ____D C:\Users\Ricardo\AppData\Local\Warframe

==================== Files in the root of some directories =======

2012-06-22 20:02 - 2012-08-06 15:30 - 0000565 _____ () C:\Users\Ricardo\AppData\Roaming\MPQEditor.ini
2012-06-15 08:53 - 2012-12-04 12:43 - 0007704 _____ () C:\Users\Ricardo\AppData\Roaming\Rim.Desktop.Exception.log
2012-06-15 08:45 - 2012-09-30 22:06 - 0002306 _____ () C:\Users\Ricardo\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-06-15 08:53 - 2012-12-04 12:43 - 0005621 _____ () C:\Users\Ricardo\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-06-15 08:54 - 2012-09-30 22:03 - 0005005 _____ () C:\Users\Ricardo\AppData\Roaming\Rim.Transcoder.Exception.log
2012-08-12 15:16 - 2012-09-30 22:03 - 0016896 _____ () C:\Users\Ricardo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-25 08:58 - 2014-05-25 08:58 - 0607664 _____ (Neople inc) C:\Users\Ricardo\AppData\Local\DFOIns.exe
2014-05-25 08:43 - 2014-05-25 10:10 - 0477104 _____ (Neople inc) C:\Users\Ricardo\AppData\Local\NeopleCustomURLStarter.exe
2012-06-21 16:55 - 2015-06-04 00:46 - 0007591 _____ () C:\Users\Ricardo\AppData\Local\Resmon.ResmonCfg
2015-10-22 09:57 - 2015-10-22 09:57 - 0004967 _____ () C:\ProgramData\flwjycbm.bab
2014-12-28 10:13 - 2014-10-29 10:13 - 0000032 ____R () C:\ProgramData\hash.dat
2014-10-09 14:13 - 2014-10-09 14:13 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some files in TEMP:
====================
C:\Users\Ricardo\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Ricardo\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Ricardo\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Ricardo\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Ricardo\AppData\Local\Temp\vlc-2.2.1-win32.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-20 12:26

==================== End of FRST.txt ============================

 

 

Heres the extra file

Attached File  Addition.txt   82.1KB   1 downloads

 

 

Thanks in advance!



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:09 PM

Posted 23 November 2015 - 08:16 AM



Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-1374932667-2535497345-1150743777-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Extension: No Name - C:\Users\Ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\9a2ai59n.default\Extensions\firefox@betterttv.net.xpi [2015-10-16] [not signed]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 Gun; \??\C:\Game\SoftnyxGame\GunboundLS\Gun64.sys [X]
S3 GunBod; \??\C:\Game\SoftnyxGame\GunboundLS\avital\gunbod64.sys [X]
S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
Task: {15593FD6-79BE-451C-8AB2-F250D41E0548} - \EPUpdater -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Microsoft:1jxQHvz6zohXGmjQXSade
AlternateDataStreams: C:\ProgramData\Microsoft:HGD0fqU3lkxh8uZcwDw4ldxfCvr
AlternateDataStreams: C:\Users\Ricardo\Cookies:VnVSKW7JH0sJVPNB4Ds2tX51
AlternateDataStreams: C:\Users\Ricardo\AppData\Local\Temp:8uY8WtlBkfriY5XsoCx2pAH
AlternateDataStreams: C:\Users\Ricardo\AppData\Local\Temp:9oFd9M0Ws2Lqc6ZlW
AlternateDataStreams: C:\Users\Ricardo\AppData\Local\Temp:TClry78dU8LGsxgy6s0fo7Y

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Run this search on the registry.

Please run the Farbar Recovery Scan Tool. Enter Conduit in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

Please run the Farbar Recovery Scan Tool. Enter searchresults1 in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

Post both logs for my review.

#5 geno86

geno86
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 23 November 2015 - 02:03 PM

The program kind of got stuck at some point when i clicked the fix option, it was something on mozilla firefox, anyways heres the log.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:22-11-2015
Ran by Ricardo (2015-11-23 10:30:11) Run:1
Running from C:\Users\Ricardo\Desktop\FAALOUT
Loaded Profiles: Ricardo & UpdatusUser & postgres (Available Profiles: Ricardo & UpdatusUser & postgres)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR
HKU\S-1-5-21-1374932667-2535497345-1150743777-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Extension: No Name - C:\Users\Ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\9a2ai59n.default\Extensions\firefox@betterttv.net.xpi [2015-10-16] [not signed]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 Gun; \??\C:\Game\SoftnyxGame\GunboundLS\Gun64.sys [X]
S3 GunBod; \??\C:\Game\SoftnyxGame\GunboundLS\avital\gunbod64.sys [X]
S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
Task: {15593FD6-79BE-451C-8AB2-F250D41E0548} - \EPUpdater -> No File <==== ATTENTION
AlternateDataStreams:
C:\ProgramData\Microsoft:1jxQHvz6zohXGmjQXSade
AlternateDataStreams: C:\ProgramData\Microsoft:HGD0fqU3lkxh8uZcwDw4ldxfCvr
AlternateDataStreams: C:\Users\Ricardo\Cookies:VnVSKW7JH0sJVPNB4Ds2tX51
AlternateDataStreams: C:\Users\Ricardo\AppData\Local\Temp:8uY8WtlBkfriY5XsoCx2pAH
AlternateDataStreams: C:\Users\Ricardo\AppData\Local\Temp:9oFd9M0Ws2Lqc6ZlW
AlternateDataStreams: C:\Users\Ricardo\AppData\Local\Temp:TClry78dU8LGsxgy6s0fo7Y

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
CHR => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1374932667-2535497345-1150743777-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION => Error: No automatic fix found for this entry.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
C:\Users\Ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\9a2ai59n.default\Extensions\firefox@betterttv.net.xpi => moved successfully
EagleX64 => service removed successfully
Gun => service removed successfully
GunBod => service removed successfully
NEWDRIVER => service removed successfully
RimUsb => service removed successfully
xhunter1 => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15593FD6-79BE-451C-8AB2-F250D41E0548}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15593FD6-79BE-451C-8AB2-F250D41E0548}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater => key not found.
AlternateDataStreams: => Error: No automatic fix found for this entry.
Could not move "C:\ProgramData\Microsoft:1jxQHvz6zohXGmjQXSade" => Scheduled to move on reboot.
C:\ProgramData\Microsoft => ":HGD0fqU3lkxh8uZcwDw4ldxfCvr" ADS removed successfully.
"C:\Users\Ricardo\Cookies" => ":VnVSKW7JH0sJVPNB4Ds2tX51" ADS not found.
C:\Users\Ricardo\AppData\Local\Temp => ":8uY8WtlBkfriY5XsoCx2pAH" ADS removed successfully.
C:\Users\Ricardo\AppData\Local\Temp => ":9oFd9M0Ws2Lqc6ZlW" ADS removed successfully.
C:\Users\Ricardo\AppData\Local\Temp => ":TClry78dU8LGsxgy6s0fo7Y" ADS removed successfully.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-11-23 10:48:04)

==> ATTENTION: System is not rebooted.
"C:\ProgramData\Microsoft:1jxQHvz6zohXGmjQXSade" => Could not move

==== End of Fixlog 10:48:04 ====

 

 

And the searches.

 

Farbar Recovery Scan Tool (x64) Version:22-11-2015
Ran by Ricardo (2015-11-23 11:00:41)
Running from C:\Users\Ricardo\Desktop\FAALOUT
Boot Mode: Normal

================== Search Registry: "Conduit" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitSearchProtect]
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitSearchProtect]
"PageId"="ConduitSearchProtect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"09699DDB14539164D9A2C3DD3B1EF5E9"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\09699DDB14539164D9A2C3DD3B1EF5E9]
"File"="iSyncConduit.dll"
[HKEY_USERS\S-1-5-21-1374932667-2535497345-1150743777-1003\Software\Conduit]

====== End of Search ======

 

 

And 2nd one.

 

Farbar Recovery Scan Tool (x64) Version:22-11-2015
Ran by Ricardo (2015-11-23 11:02:23)
Running from C:\Users\Ricardo\Desktop\FAALOUT
Boot Mode: Normal

================== Search Registry: "searchresults1" ===========

[HKEY_USERS\S-1-5-21-1374932667-2535497345-1150743777-1003\Software\AppDataLow\Software\searchresults1]

====== End of Search ======



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:09 PM

Posted 24 November 2015 - 07:37 AM


This should do it.

Copy the text IN THE CODE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitSearchProtect]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\09699DDB14539164D9A2C3DD3B1EF5E9]
[-HKEY_USERS\S-1-5-21-1374932667-2535497345-1150743777-1003\Software\Conduit]
[-HKEY_USERS\S-1-5-21-1374932667-2535497345-1150743777-1003\Software\AppDataLow\Software\searchresults1]

Restart the when completed.

You can delete the fixme.reg file when done.

===


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 geno86

geno86
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 24 November 2015 - 10:19 AM

Yep thanks, it worked,  ill take my team to read that later. Thank you so much again!



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:09 PM

Posted 25 November 2015 - 08:04 AM

Glad we could help.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:09 PM

Posted 01 December 2015 - 09:48 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users