Jump to content

Removal of Malware

cnicklin
 Share

Recommended Posts

cnicklin

cnicklin

Posted
Posted

I posted on a previous section of this forum and was redirected to post on this one.  Here are my logs and my pevious thread can be found in PC Help.

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 11/11/2012 21:54:32
System Uptime: 17/07/2013 21:49:15 (0 hours ago)
.
Motherboard: Dell Inc. |  | 0N826N
Processor: Intel® Core2 Duo CPU     E7500  @ 2.93GHz | Socket 775 | 2926/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 189.274 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 7.292 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
J: is Removable
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP32: 01/04/2013 21:00:06 - Windows Update
RP33: 02/04/2013 20:58:09 - Windows Update
RP34: 12/04/2013 23:12:08 - Windows Update
RP35: 21/04/2013 21:55:17 - Scheduled Checkpoint
RP36: 23/04/2013 22:45:29 - Windows Update
RP37: 16/05/2013 21:10:12 - Windows Update
RP38: 02/06/2013 16:49:11 - Windows Update
RP39: 12/06/2013 20:27:43 - Windows Update
RP40: 11/07/2013 20:33:37 - Scheduled Checkpoint
RP41: 12/07/2013 03:00:38 - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Additional ActiveTeach
Additional TTPP
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.3
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AS+A2 Biology for AQA
µTorrent
Bonjour
BUFFALO BuffaloTools Launcher
BUFFALO TurboCopy
BUFFALO TurboPC for FLASH/HDD
Bullzip PDF Printer 7.1.0.1218
CameraHelperMsi
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Registration Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
CCleaner
Championship Manager 2007
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CM 03-04
Compatibility Pack for the 2007 Office system
Copy+
Corel GuideMenu
D3DX10
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Wireless WLAN Card Utility
Driver Mender
erLT
Eusing Free Registry Cleaner
Extension ActiveTeach
Extension TTPP
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
GPL Ghostscript Lite 8.70
GuideMenu
iLivid
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
InterVideo WinDVD SE
iPod for Windows 2005-09-06
iTunes
Java 6 Update 13
Junk Mail filter update
LeapFrog Connect
LeapFrog Tag Plugin
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Internet Security
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office File Validation Add-In
Microsoft Office Outlook Connector
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft XML Parser
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nikon Message Center 2
Nikon Movie Editor
OGA Notifier 2.0.0048.0
Onzo Uploader
PC Connectivity Solution
PDFCreator
pdfforge Toolbar v1.1.1
PeerGuardian 2.0
Picture Control Utility
Planning and Personalisation Tool
QuickTime
Realtek High Definition Audio Driver
Roxio Burn
Roxio Update Manager
SAMSUNG SYMBIAN USB Download Driver
SAMSUNG USB Driver for Mobile Phones
SamsungConnectivityCableDriver
Science ActiveTeach
Science AP
Science TTPP
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Segoe UI
Shared C Run-time for x86
Skype Click to Call
Skype™ 5.10
Spelling Dictionaries Support For Adobe Reader 9
swMSM
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Twenty First Century Additional Applied Science iPack
Twenty First Century Additional Science iPack
Twenty First Century Science iPack
Ulead DVD MovieFactory SE
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
uTorrentControl_v2 Toolbar
ViewNX 2
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (32-bit)
WinZip
Yahoo! Install Manager
Year 7 ActiveTeach
Year 7 Activity Pack
Year 7 Assessment Pack
Year 7 Planning Guide
Year 8 ActiveTeach
Year 8 Activity Pack
Year 8 Assessment Pack
Year 8 Planning Guide
Year 9 ActiveTeach
Year 9 Activity Pack
Year 9 Assessment Pack
Year 9 Planning Guide
.
==== Event Viewer Messages From Past Week ========
.
17/07/2013 21:53:54, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
17/07/2013 21:52:57, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
17/07/2013 21:52:38, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
17/07/2013 21:52:31, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
17/07/2013 21:52:25, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
17/07/2013 21:49:52, Error: Service Control Manager [7023]  - The Power service terminated with the following error:  The service has not been started.
17/07/2013 21:49:51, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache spldr Wanarpv6
17/07/2013 21:49:50, Error: Service Control Manager [7003]  - The Network Location Awareness service depends the following service: NSI. This service might not be installed.
17/07/2013 21:49:50, Error: Service Control Manager [7003]  - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
17/07/2013 21:49:49, Error: Service Control Manager [7003]  - The Workstation service depends the following service: NSI. This service might not be installed.
17/07/2013 21:49:49, Error: Service Control Manager [7003]  - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
17/07/2013 21:49:49, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
17/07/2013 21:49:49, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
17/07/2013 21:49:47, Error: Service Control Manager [7003]  - The DNS Client service depends the following service: NSI. This service might not be installed.
17/07/2013 21:49:47, Error: Service Control Manager [7003]  - The DHCP Client service depends the following service: NSI. This service might not be installed.
17/07/2013 21:49:46, Error: Service Control Manager [7003]  - The Windows Audio Endpoint Builder service depends the following service: PlugPlay. This service might not be installed.
17/07/2013 21:49:46, Error: Service Control Manager [7001]  - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error:  The dependency service does not exist or has been marked for deletion.
17/07/2013 21:48:38, Error: Service Control Manager [7023]  - The Server service terminated with the following error:  The service has not been started.
17/07/2013 21:48:37, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Workstation service which failed to start because of the following error:  The dependency service does not exist or has been marked for deletion.
17/07/2013 20:10:30, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
14/07/2013 13:12:21, Error: Service Control Manager [7000]  - Th§žšniØ°X¼iØ€ný'1¢k*¤ñ†ý»û þ„"혥°³ZLó°lámØpà'ë}ܨDÁì«`}‘b¾¨/çÛMœë.àj šÎ1=Õ=“rÍ^ÊÐôòFã±T7é–¼¤Amù‹nA(ÌQ y_Dù'úòUkï¡F ª hóæ•f²ß˜¾UUHßÃå#Ô—D>Û-¬U®²/k§R»oþƒPxo† í^QÂîwðÞA­Dñ£

 

dds:

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 10.0.9200.16635
Run by Carl at 21:55:44 on 2013-07-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3317.2796 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.

uURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
uURLSearchHooks: <No Name>: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\pdfforge toolbar\SearchSettings.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
mURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20121117142350.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: pdfforge Toolbar: {B922D405-6D13-4A2B-AE89-08A030DA4402} - c:\program files\pdfforge toolbar\pdfforgeToolbarIE.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: <No Name>: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\pdfforge toolbar\SearchSettings.dll
TB: uTorrentControl_v2 Toolbar: {7473B6BD-4691-4744-A82B-7854EB3D70B6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: pdfforge Toolbar: {B922D405-6D13-4A2B-AE89-08A030DA4402} - c:\program files\pdfforge toolbar\pdfforgeToolbarIE.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Adobe ARM]  FILES\ADOBE\ARM\1.0\ADOBEARM.EXE"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [APSDaemon] .EXE"
mRun: [broadcom Wireless Manager UI] DOWS\SYSTEM32\WLTRAY.EXE
mRun: [buffaloTools] c:\program files\buffalo\buffalotools\BuffaloTools.exe
mRun: [dellsupportcenter] TER
mRun: [Desktop Disc Tool] CHER.EXE"
mRun: [GuideMenu] U.EXE -HIDE
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [Microsoft Default Manager] AGER\DEFMGR.EXE" -RESUME
mRun: [searchSettings] GS.EXE
mRun: [igfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE
mRun: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE
mRun: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE
mRun: [mcui_exe] KEY
mRun: [Nikon Message Center 2] KMC2.EXE -S
mRun: [Monitor] ITOR.EXE"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] ESHELPER.EXE"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRunOnce: [sPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}


DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll




TCP: NameServer = 192.168.0.1
TCP: Interfaces\{33585A1F-6F5D-48E9-A812-384736288978} : DHCPNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.72\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 bftpdskc;BUFFALO TurboPC Cache Filter;c:\windows\system32\drivers\bftpdskc.sys [2011-3-14 39680]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-11-11 565888]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-11 210608]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-11-11 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-12-6 172416]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-11 363080]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-10-23 81920]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.362.0\BBSvc.EXE [2012-2-13 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-12-22 167784]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-12-22 167784]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-12-22 167784]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-12-22 167784]
S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-11-11 203840]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
S2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.362.0\SeaPort.EXE [2012-2-13 240408]
S3 bftpusbx;BUFFALO TurboPC USB Filter;c:\windows\system32\drivers\bftpusbx.sys [2011-3-14 10624]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-11 60920]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2012-9-28 19456]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-7-16 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-3-22 36608]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-12-22 146872]
S3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2012-11-11 203080]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-11-11 235264]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-11-11 65928]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-11-11 92632]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-3-3 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-11-14 1343400]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; [x]
S4 McOobeSv;McAfee OOBE Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-12-22 167784]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-07-17 19:04:57 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-17 19:04:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-17 19:04:47 -------- d-----w- c:\users\carl\appdata\local\Programs
2013-07-17 18:06:44 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2013-07-17 17:59:37 -------- d-----w- c:\program files\CCleaner
2013-07-17 17:22:19 -------- d-----w- c:\users\carl\malwareBytes
2013-07-14 10:01:17 -------- d-----w- c:\users\carl\appdata\local\{D4A78792-DA37-430E-BC1A-58988F7301EA}
2013-07-12 20:19:59 -------- d-----w- c:\users\carl\appdata\local\{D620D457-4A71-473F-A91F-DB0C1FE10FAF}
2013-07-11 18:47:24 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-07-11 18:47:22 509440 ----a-w- c:\windows\system32\qedit.dll
2013-07-11 18:47:22 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-11 18:47:21 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-07-11 18:47:19 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2013-07-11 18:47:18 988672 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2013-07-11 18:47:18 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2013-07-11 18:47:18 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2013-07-11 18:38:11 -------- d-----w- c:\users\carl\appdata\local\{4CD98D83-48E6-4EE1-8BE4-CC2A6E0063A5}
2013-07-10 20:12:18 -------- d-----w- c:\users\carl\appdata\local\{65381A02-25B3-46FB-B677-6C2332210DC1}
2013-07-08 19:30:06 -------- d-----w- c:\users\carl\appdata\local\{0EA9F6D0-C2CC-4FFA-A041-BD7C6B266673}
2013-07-06 19:02:37 -------- d-----w- c:\users\carl\appdata\local\{8051F50D-6C5D-4D2D-9435-7D4D1C4EF6E7}
2013-07-05 21:18:10 -------- d-----w- c:\users\carl\appdata\local\{267A3D70-1BDD-4539-B48F-52C12D848448}
2013-07-03 19:07:51 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-07-03 19:07:51 -------- d-----w- c:\program files\iTunes
2013-07-03 18:57:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-07-03 18:57:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-07-03 18:57:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-07-03 18:57:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-07-03 18:57:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-07-03 18:37:54 -------- d-----w- c:\users\carl\appdata\local\{56C0EAEE-0805-486A-A4C5-CAC4518F0E59}
.
==================== Find3M  ====================
.
2013-07-14 10:17:45 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-14 10:17:45 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-06 19:15:05 523685 ----a-w- c:\windows\system32\~.tmp
2013-06-11 23:43:37 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-07 02:37:52 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-13 04:45:55 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 03:08:10 903168 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- c:\windows\system32\certenc.dll
2013-05-10 03:20:54 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-08 05:38:00 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06:47 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-06 05:06:47 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-01 02:59:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 02:59:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-26 04:55:21 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- c:\windows\system32\d3d11.dll
.
============= FINISH: 21:55:49.19 ===============
 

Link to post
Share on other sites
  • Replies 73
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hello and :welcome:

Please run the following steps and post back all the logs as ATTACHMENTS by clicking on the More Reply Options button.
Please don't put logs in code or quote tags or copy/paste them into your reply unless you're unable to attach them.
Please enable your system to show hidden files: How to see hidden files in Windows

P2P/Piracy Warning:

  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Please download AdwCleaner by Xplode to your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • If prompted by the User Account Control click Yes to allow it to run.
  • Under Actions click on the Delete button.
  • Click OK on all prompts.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the entire contents of that logfile to your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites
cnicklin

cnicklin

Posted
  • Author
Posted

Hi Thanks for your help.  I have tried to remove the programs you mention but my machine is stopping me from doing moty things so I ended up having to just delete the directories (If you can tell me of way to remove them from my list of installed programs I will do it as I don't use them).  Please also note that I had to run all of the tests in 'Safe Mode' as my machine would not let me run them in normal mode and I have no access to the Internet so could not run Step 6 and could not update Malware in Step 3.  Here are my log files:

 

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode with network support
User : Carl [Admin rights]
Mode : Scan -- Date : 07/18/2013 21:11:21
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤
[Rogue.FakeHDD] explorer.exe -- C:\Windows\Explorer.EXE[7] -> KILLED [TermProc]
[Rogue.FakeHDD]  -- [x] -> KILLED [TermThr]

¤¤¤ Registry Entries : 8 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> FOUND

¤¤¤ Driver : [NOT LOADED 0xc000035f] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM
 x:\Windows\system32
 
-> D:\windows\system32\config\SOFTWARE
 x:\Windows\system32
 
-> D:\windows\system32\config\SECURITY
 x:\Windows\system32
 
-> D:\windows\system32\config\SAM
 x:\Windows\system32
 
-> D:\windows\system32\config\DEFAULT
 x:\Windows\system32
 
-> D:\Users\Default\NTUSER.DAT
 x:\Windows\system32
 

¤¤¤ Infection : Rogue.FakeHDD|ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 5b59486f2e431819d11fc32fa3a34213
[bSP] 346b64ba3606b9c23b53a66f6abcac30 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 129024 | Size: 15360 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31586304 | Size: 595056 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] 8e95ef4d5f1e35824be944745423dd2a
[bSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 1935 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_07182013_211121.txt >>

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.06.01.01

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16635
Carl :: HOME-PC [administrator]

18/07/2013 21:14:54
mbar-log-2013-07-18 (21-14-54).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 261684
Time elapsed: 8 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.6 (07.17.2013:4)
OS: Windows 7 Home Premium x86
Ran by Carl on 18/07/2013 at 21:25:11.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchsettings

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\bandoocore.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{1301a8a5-3dfb-4731-a162-b357d00c9644}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{4d076ab4-7562-427a-b5d2-bd96e19dee56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\bandoocore.bandoocore
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\bandoocore.bandoocore.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\bandoocore.resourcesmngr
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\bandoocore.resourcesmngr.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\bandoocore.settingsmngr
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\bandoocore.settingsmngr.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\bandoocore.statisticmngr
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\bandoocore.statisticmngr.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{66eef543-a9ac-4a9d-aa3c-1ed148ac8eee}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{826d7151-8d99-434b-8540-082b8c2ae556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{bb76a90b-2b4c-4378-8506-9a2b6e16943c}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{c3ab94a4-bfd0-4bba-a331-de504f07d2db}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{06de5702-44cf-4b79-b4ef-3ddf653358f5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{477f210a-2a86-4666-9c4b-1189634d2c84}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{66eef543-a9ac-4a9d-aa3c-1ed148ac8eee}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{6f43fa77-c18f-4d0c-9c7e-958876fe2061}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{df948646-8bf4-450e-a059-cf8a4e0fe2be}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{e96b49b0-e11f-48fc-984a-eec29a4f57e1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{ff871e51-2655-4d06-aed5-745962a96b32}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{11549fe4-7c5a-4c17-9fc3-56fc5162a994}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bandoo
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pc optimizer pro
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\searchqutoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\internet explorer\lowregistry\search settings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ilivid
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a6eb8fe4c9986914497e92c7f5a702e3
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a6eb8fe4c9986914497e92c7f5a702e3
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\internet explorer\low rights\elevationpolicy\{424624f4-c5dd-4e1d-bdd0-1e9c9b7799cc}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\internet explorer\low rights\elevationpolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\internet explorer\low rights\elevationpolicy\{9c8a3ca5-889e-4554-beec-ec0876e4e96a}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\internet explorer\low rights\elevationpolicy\{f9189560-573a-4fde-b055-ae7b0f4cf080}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3220468
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2861330F-A898-4533-A61F-580C286FA032}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\softsafe"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Carl\AppData\Roaming\bandoo"
Successfully deleted: [Folder] "C:\Users\Carl\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Carl\appdata\local\ilivid player"
Successfully deleted: [Folder] "C:\Users\Carl\appdata\locallow\bandoo"
Successfully deleted: [Folder] "C:\Users\Carl\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Carl\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\Carl\appdata\locallow\pdfforge"
Successfully deleted: [Folder] "C:\Users\Carl\appdata\locallow\search settings"
Successfully deleted: [Folder] "C:\Users\Carl\appdata\locallow\searchquband"
Successfully deleted: [Folder] "C:\Users\Carl\appdata\locallow\utorrentcontrol_v2"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\eusing free registry cleaner"
Successfully deleted: [Folder] "C:\Program Files\free offers from freeze.com"
Successfully deleted: [Folder] "C:\Program Files\ilivid"
Successfully deleted: [Folder] "C:\Program Files\pdfforge toolbar"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ilivid"
Successfully deleted: [Folder] "C:\Users\Carl\AppData\Roaming\microsoft\windows\start menu\programs\free registry cleaner"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{00AF1492-C794-403E-BF8D-8C3E39FA67F3}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{00B0DD15-E1DC-4176-8F54-13E22C5E21D5}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{00C418EE-7BC2-4DE1-93A1-9885DE1D6E3F}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{01D1A67D-BEC9-406B-B112-E37699D9F803}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{01DF240B-E741-4B8F-8B9E-49A640A6148D}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{0202D55D-1E72-44D5-BCB6-09FF19CAA9DB}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{036403AB-5564-47EF-B409-DC99D0F5D22F}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{0370BDBA-7A84-446A-97F6-C505DD0DD5E4}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{03C07116-FF74-4780-96D4-F7267FE184A9}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{04C89EE5-0E4A-4E93-A881-BDA3D70A61BD}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{04FDFDD6-4285-49F8-97E8-81DA7BBBE63E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{05BDC1C2-5C5A-4ABC-9707-5AAECE70B3FF}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{05DB5FF7-6F4C-4133-82A2-C47A88C44AC8}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{05FC5D04-86C1-4F3E-889D-AD428E599C5C}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{06541D0D-901E-488D-9AA1-DCFECF0F25CF}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{0655D1E3-5878-4A7F-A113-092D30BD7FA1}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{06D7CE7D-7FD3-44CD-B786-A32E15B8BD5F}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{074AB036-FCA4-4273-96FB-2601EBB79FB9}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{078E2D3A-56B6-4390-8F9D-06FBB22E36DF}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{07AD2EAB-88BE-4EFB-8C04-362E1A7212D4}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{07D6D90E-B892-411B-9D81-AAD21045A23B}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{07F6FA19-8D59-4DC6-B589-87A0E42A4461}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{08244F41-4BCB-4CD2-9271-A82C7564808F}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{08B2638D-3EC4-4777-A318-45EE9FEBABDB}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{097F306B-40BC-41DE-96CD-3BD121E51E62}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{0A307285-462B-4D8C-9F0A-CBBA16B0FDD7}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{0A6023D6-BF21-4605-9C57-385DFF57A3D0}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{0A638EA0-A1C5-4AB6-8511-85D21A2110C3}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{0A70C7FA-1560-4E65-8BB1-9D28866C2B0B}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{0B419A2C-BB57-4E81-A7D5-014C4FF9C671}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{0B6DE4EA-D21F-4329-819E-4163338BF6FE}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{0B72553C-7DC3-4519-8A1F-B0343409C07F}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{0BEBF15E-EF4A-497A-AD6E-F660B240B2B5}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{0CFFD02B-2284-4E02-A245-F8FCF66AAE40}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{0E246E9D-D29A-42CA-AC94-1FFE2FB8DFC6}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{0E7FC65F-8FEA-4415-A327-7753A620483A}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{0E8DAE8C-FA69-4635-91D2-F9550C3DBDAE}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{0E9331BA-5100-4E34-9FCF-8074C852F3AE}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{0EA9F6D0-C2CC-4FFA-A041-BD7C6B266673}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{0EC0DEF8-F3FF-47EB-ACB2-16DCCD76FD3F}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{0ED1CE1F-55D0-4AA5-AEAD-C2D06FDF00ED}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{0F10545F-6A30-407F-A9E7-E7169376C90D}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{0F10E09F-4699-4216-8667-EE0A1ADC677A}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{0F71F494-0031-4472-832A-430E4637C48F}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{0F952D30-DD34-4AC6-BCA7-1F3F6AA939E2}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{0FB1DC9E-EF8B-4B50-A1FF-F1014E1EDC28}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{0FE7C5BF-BD62-4EFF-89AB-FF31A1A45A88}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{0FEFE9FF-8B80-4E88-A021-D76121B009D5}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{1064B377-4634-488A-BFDE-0953C3243707}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{1090C283-0D27-44A0-A489-F537417028CF}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{10A29010-C2D7-4481-8FFF-5274656DBC44}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{10BCA7FD-1C73-4A13-A870-9A9FE5CFA7FC}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{1274A7B7-12E2-4658-AC43-340388CAC1AC}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{12A5A7BA-33AF-442C-9B5E-BC1F190A868A}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{137630B0-8A01-4D13-A453-7BAE44456BCC}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{15503124-8B46-440E-A8D2-6A6DED6E0247}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{155452F4-1D73-420C-B222-B7AB92ADFC92}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{16119018-7CEC-4EDE-889E-41B75B96434E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{173D2881-011D-4401-9B17-33B34F67C3D2}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{17996014-C13A-42EA-9800-F1BB3C7FBFA9}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{17BA0327-3009-4A8B-B8B7-879B70720053}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{17D483F3-FDFA-472E-A588-9360D3A101E2}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{1827B54D-D556-4991-AB65-9DECE8F448AD}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{182F2E21-C5CC-49F9-AF8A-799F287D9898}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{1929F3F7-A14A-4D83-AFE4-AA0D1F6CC146}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{1AC7954D-46EE-4F24-85A6-DD322E80C146}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{1ADF5015-29AD-4B80-AC0F-CD888457DDF9}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{1AE84C4B-6E74-4530-95DA-C34F9F73558A}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{1B2CC84D-CB6F-4804-A37C-647194C8BBE5}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{1B4D590F-CA1D-48AE-AC43-F066545DAB66}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{1B534AF4-9A8C-493A-84F2-2C7D7FC9C426}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{1C12806E-A98D-4615-9C2E-96FE0B99714C}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{1C623139-8410-4553-8686-5D3EB3B31EB7}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{1CB3C60F-704E-4CA2-9AEB-095EF99DA47B}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{1CB59C6A-B1D6-49FB-8D8B-83773250A989}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{1CC5D91A-542B-4F24-BE1F-8D6AFC880B9D}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{1D202E26-1FFB-4E4D-8501-0E9AD25EE030}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{1E21D017-76FD-4996-B104-BB27875F1F68}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{1EACEF73-5E8D-4663-A582-AD2DE9E254F9}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{1ECC6935-FB85-4AF2-B20F-251C7931396A}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{1FBBBFC4-2154-4C48-91EE-CFAC96DFE30B}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{2061C090-3327-4E79-9BA7-8675CA5B9351}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{210CCAC7-8816-48AC-9D19-3EA3D6BCC277}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{214547C1-7AA4-48D2-84CC-F58B41FD15EC}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{21A6066C-DD5A-45CB-ABEE-33CD21AD2409}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{21A6767D-3F75-4B5D-8D4E-A911DA21711C}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{22264AFD-2760-4FDC-8D6E-87AD9BBFD55A}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{227D89C9-40E1-4D69-B7C4-CFB58BF02849}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{22E90501-2ACC-44F6-B1A9-C0FB9A4F8A26}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{22FE782A-A326-4072-910B-C0BCE55FD8D0}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{23530D0B-DE08-4697-AF68-812A081DF216}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{23AFFC1D-AF44-4471-B3E6-0A6666576F6B}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{23FB6D6F-EAA5-4950-AECD-E4C446898443}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{249184B7-6F21-4946-A99E-E80CB3E7630D}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{25207F2A-FBAE-4DBA-BDC7-C54426A25F68}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{25F1CA9B-5ED1-4DE0-9A62-95DBCBFCEA05}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{26219D62-E289-4528-ACA8-678CDC35C7F5}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{26478CB6-9327-419A-AF91-16025FD9695F}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{267A3D70-1BDD-4539-B48F-52C12D848448}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{26A574E8-BD66-4D99-89F5-331D603E485D}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{272F5A19-E1A9-498A-846D-A2244290C3D4}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{2768C024-DBDF-45C1-BE4C-593EB7549FED}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{27BC7168-A88E-41EC-9A59-4570EB006264}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{280E4D65-288C-4A86-BE6F-D184F19CAD42}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{28963C5F-8ACB-4B14-8B52-A0106A1CD109}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{28F749DB-8F85-486E-80E3-5DEFB032D69E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{298AB9CD-802B-49EF-859C-C3D3DE43A276}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{2A0C483D-4D6A-4632-B99A-D5667C4D9A87}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{2AAD69ED-CC6F-4919-AD76-E98EA25E30F8}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{2AED12BB-DE07-49EF-A38D-98857546C889}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{2B1C25DB-8E84-4680-B661-193FB73550ED}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{2B1D7152-CF68-4394-9AC4-1D2184E8A36A}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{2B279C40-BA1E-4153-8A75-56DCB0EF412B}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{2B8C9D13-53F2-4F2F-B240-505935580F36}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{2C86DAE3-E183-4CB9-B3A9-074CADBEB9B3}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{2D357DC7-51DF-4EE3-A40E-F991788AEAA8}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{2E734C1D-8699-4CF2-8CC8-AC9B4E27C31E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{2EEB6920-B5E9-49F9-AB58-7870A6E40EA0}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{2F76D12F-C051-4D67-BAAF-0DC819A14FA4}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{2F7DF8FE-D28B-42E8-B6A3-0128C9C1A21F}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{30071E2A-980C-4BB2-B225-C2A23CF07C5A}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{300DED01-CE83-45BB-9592-E33B99A7B153}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{302B26B7-C971-47B6-8191-0912B9C03CA0}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{30541870-F910-44D3-A568-6927DDBBAF38}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{30805138-DE78-4E53-A9BF-C15C67424C6B}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{30A64A1E-8376-440D-B185-72A0C41053CC}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{30CFC646-635E-4CCB-884B-74D8A119C546}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{31507907-42FD-40E9-8B75-9D569D7C7D30}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{316A3F90-7645-4694-BA2C-2E67E6EF95E8}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{33D609C1-6F3F-4541-9C1B-69CFE1341E69}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{33DE8D3B-9A3C-4102-9287-3E16FEF931FE}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{34546FE3-B215-4341-8FCA-E06BDE5BD8E6}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{3481B76B-EB1A-497B-AD69-5CC19D36F178}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{3485802C-4AAF-426A-9CD9-D746AE2D6351}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{34B7BEAE-0C4C-4926-AE46-30748F3486FE}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{3523DA96-C4F7-4E77-9F97-41290625CEC9}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{35C48447-1F1D-4537-B440-02819281AC53}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{3660664F-EFB7-4D85-9E3A-0253A57B7440}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{36AF0869-2E49-4ADE-B451-9015F7815A3D}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{37085541-B804-4CFC-AF7F-77D8CF096545}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{3741214E-2689-4D4C-89E2-175914C93C89}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{37A5D556-B08D-4614-8B24-FA9EC5CC4257}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{37CC9396-AD89-43E6-B96F-A54D9F1CB406}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{387DC8C5-0B93-4328-AD37-9AB5A3D9A01E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{388393B7-687B-4B2B-80DA-FF4DD8098745}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{395BAECA-2C83-44F6-89D8-117A59B8654B}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{3A2CB8CE-96E7-4984-B79B-21273E7E2121}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{3A9703CE-CEDC-44D0-B3B9-C60C21641AB7}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{3AD36F5B-52E9-460D-9255-E5842EF62A35}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{3B17CCCC-9771-4133-9FA4-C2FAA6D8DFDD}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{3B39ED50-C457-4D84-8527-296DAD4BB74C}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{3BE786A8-4CE3-44E9-8ECC-BD969AF2FFCE}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{3C5BBE09-E42D-4C66-914D-34DD5DC7E3C1}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{3D0721D9-BE37-4EE4-B2A6-1D31DD2ADD74}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{3DD9E64A-CBA7-4C3F-B48A-8666F82E35EE}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{3DDA13DC-78DD-4055-9AC3-EFDB7B7FC87D}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{3E57E262-1547-447D-ACFA-544C3CCAB020}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{3E989B8E-F6E8-493D-88F5-259B53833772}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{3F17EB9D-2509-4440-AC87-6A14B72D9774}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{3F4E1F3E-72D1-4880-8AF0-8471E58672DB}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{3FBB988E-427A-4EB8-94F7-0A410534B8A9}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{3FF0116A-80C8-4C3B-B999-BE14A3049A24}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{40F33FCF-4ABE-413F-AA7B-83D21EF08B5A}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{418C9731-12D5-4C8F-A9BC-FD00BF7A9A00}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{41B0D0FC-A1F7-45D5-83ED-FEE2A7CA935F}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{41D8FC27-3FAD-4A5A-87D8-AFA36161ED9D}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{41FCF750-E886-4CEF-A060-C47ED6FD7856}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{426B1B72-1B0F-452F-8904-FC1F913568D3}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{42A55D1F-05B2-4582-8D94-575A99D1C062}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{4439FE8D-34C2-489B-A11C-469992CBD519}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{446F796A-96F8-4742-AE41-FDDD1B9E6EB3}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{447A97E4-DAEC-4648-B6F4-B4653DA6DF0D}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{44C77FBC-4B5E-4939-A3C4-0D5C9CEE8896}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{44FDF1B5-4E87-4893-9F16-7DBF39614B27}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{458D2109-10CB-451B-A502-B896DA8AEFBA}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{458D8046-262A-4E86-A07E-0A53F75DC23B}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{468A362F-CE10-4A44-88F0-C72B36F19C92}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{46AA1BB7-13B7-4D22-8F99-B1D2D3A5EA49}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{46DBA621-7811-488E-B983-B65241BF8933}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{47127422-10DE-4131-BDA4-6899397A0C39}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{4735DA9A-4203-4494-AFA9-C0288DE662EA}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{4739D865-1C0C-40EF-8DA6-5BD0EDDC92D9}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{4826CE8B-C26D-486B-ADE5-74FC827B851C}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{484363AE-6D7E-4E81-A6CA-B3AC3F975A5B}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{49A08F31-FBFA-4D03-B87B-BFDDA497462C}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{49C9E220-379D-4F7F-8D54-A37DF712426C}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{49CE5948-945C-44FB-9137-FBDC58318095}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{4B0997F5-7635-4EA4-BAEA-C70B18CCDAEA}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{4B62DB61-D58F-4C9E-8A99-6D6ACC369F36}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{4BA554A6-5CF4-4B76-92F4-50A829134FEF}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{4BFFD522-CB3A-4F5C-8639-2B7EBB094057}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{4C0D8ABB-80FB-462E-AC20-4CC06BD66A10}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{4C8C4099-2C0C-407E-9FD4-B6F6A2C3E209}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{4C963E0F-6CDA-4867-81D9-B18F3C9061C2}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{4C9D532B-2B9A-41C1-9DD7-2B14649B5B67}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{4CD98D83-48E6-4EE1-8BE4-CC2A6E0063A5}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{4D3FB91B-9B22-4D5A-8C3B-7DB038438DDF}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{4D472884-05CC-486C-AF61-E683907F3023}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{4D9B2CAB-3E15-4C80-AE52-F0EB43E53D97}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{4DC17F70-E09C-49A5-8854-DD3061FD52B5}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{4DC57009-9F30-4D4D-B74C-7E570BAC82C9}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{4F42837D-21AB-4A0B-962D-9E5420701126}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{4F57E01B-2D52-4227-BC0C-76233A4EA531}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{4F8F962D-7551-4541-8B28-8B90CF5B9FD4}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{4FEADCB6-D9AB-4B3C-8C7A-CE53DC94AF87}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{50761103-C73B-4196-B807-EE6FA3E84E65}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{509FEF42-0126-49B0-9274-DF2A16211046}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{51939E30-D7AB-4C54-8738-6C43290C7DC5}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{51B248D0-B7F7-4192-8497-6D882FA62DCC}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{51D2D57B-74FA-446C-B5A1-81A280E4CD37}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{52A579B4-71A6-4B6F-8B4E-91A1E9434E0E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{52CE8E67-8EDE-4F39-B4A4-DBFAEC8B636E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{52D62201-34A9-4674-B4F0-344C9C6FB5A3}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{530CA413-F111-45BF-8206-C1A8AA6A39E7}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{535323C5-AC35-41B4-8006-A35035118256}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{5391909F-CC7A-47DE-9EA9-E05C3E3EDD71}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{5398D3B8-BACE-4134-A25A-673CAE05616A}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{53FBCEDE-D561-4A34-917F-51CB9EB838E2}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{5467AC52-360B-4382-BED7-B15D64B38EFD}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{54ECA018-510B-49B5-A3FC-2822199B54D2}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{554C2AAA-AFF2-4595-869F-CFBBC04BC000}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{557F5CFD-F14E-4B3E-8838-78300F87D985}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{55DC98C9-7CEB-40C4-9800-C2C3A11973E1}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{55FF102B-61C8-44BD-801F-C02516AB9812}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{56027730-BC20-4FD1-9BED-5FAD9765773A}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{564A3A6C-254B-4818-B71C-F501D70284AC}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{56C0EAEE-0805-486A-A4C5-CAC4518F0E59}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{56CE8E60-9CB1-4B0E-918E-77B59403A2BB}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{571D1904-C20B-4093-B17A-37FF771F4B6F}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{5735BBAA-C2A1-4BB5-A734-4E32CC3DACCA}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{578FF301-1E6B-45F4-9246-AD27238839D6}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{57B5D941-6D1B-4345-8E39-7BCAFCCBB368}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{588C48BA-7C38-459B-B42D-C4A78E2DA001}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{58B7CAE4-FBE7-42B1-90EC-1D30A8E54E1F}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{5943404D-0C99-47F3-9292-AE2C24B8B121}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{59515350-5E3A-4AA3-8545-55E213535944}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{5953D09A-219F-4D68-87B0-949437A2C772}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{59BD8CE1-8265-47C3-8E57-9874372E4C5A}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{5B09EF6E-3E06-41C8-B676-355FAEA30F98}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{5B59C0E0-8C68-4E7E-9FB2-780A61EC5D84}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{5C22771B-9CEC-478D-8414-65063132D003}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{5C438910-D35A-45A4-B18F-B175ABFEBABD}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{5CA40AF5-5335-4148-A672-8550FEC8F330}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{5CC1AC3B-33B4-4FC9-ADD5-3D28AF6BFADD}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{5CC37FD3-6F09-44C4-BB46-579DA242E5C7}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{5D1379FF-60FA-4C15-A9B6-321012F007B1}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{5D199810-6708-4110-892A-A213EA8CD023}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{5DBFB4E8-84A5-4D83-BF76-4F67E317E88F}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{5E40B1F2-E619-4725-9EB0-B547E4298BAE}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{5E53F95C-8456-4172-90E8-40AED41D3603}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{5EE49E1A-3139-4A54-AC68-731651684BEF}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{5EF9924D-F235-42B4-B7DA-7B4A7D505339}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{5F57B56E-50E7-478D-9EB8-5F1CF74060E0}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{5F6A60AE-A632-4AD4-81C1-C940897E87A6}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{60036EAC-E746-48DD-B027-E366CD2EE07E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{60607148-7EE4-476D-8215-24EF4814619E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{60A36813-E7A0-4C92-81A4-0AF6A6477600}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{60D7798A-D05A-4F71-AFB7-427758FE0E3F}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{60FCDDA7-FEC5-4E6D-BB6A-2A51C417C23E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{6158608E-2F3B-448A-90B3-B0DE03B93671}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{6202E275-F939-4601-96FD-40A997D8F474}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{6274381E-4F97-4F60-83A0-7B7D78698028}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{62C895BF-C939-4083-863A-D474AAD6D3F7}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{6324A467-0F84-4A5A-942F-56060917A54E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{634C03BB-EC60-4CB3-84DB-FAAE0DA7D179}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{6368CC94-AC0F-47D1-83A7-F7473438D579}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{637F1F07-CB0A-449C-83C4-51A88C426A93}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{63C4D97C-D594-47E1-9A62-A577E45CAF52}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{64362822-FB11-4374-8BA8-AEE3BB33BF2D}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{643DBE20-1FC5-4272-8C5F-E5595D945B48}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{64471AA5-AEAC-4555-96F1-B256C62EB53C}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{6447AF2E-DCFC-4F8B-8DB5-0B3E2EAA23D5}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{64684AB0-6565-43BB-A04A-A2F659A5F2A2}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{65381A02-25B3-46FB-B677-6C2332210DC1}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{65A6322A-943D-4353-BFBF-BCB7C81727A4}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{66493953-1FFE-4B3B-8DC7-570E5535C8F3}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{666376EB-C2C5-42A4-ABBE-531A30FAD815}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{66BC9B22-106B-4F8C-BD2C-7D3F0BE9787E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{66D0B829-4025-4A67-8358-ACB70A7BE3E4}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{66F00F94-8EC2-4F39-8771-D5C65E6DED2E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{67241A0C-B43F-47B7-A013-EA7FF7BCBA02}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{674262D9-76CC-4F81-8561-1185D02EF8E5}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{6842C2D7-84FA-47AE-A742-87E917C1DDC7}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{68A61476-F6F0-4B07-A72B-4D598C8271E6}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{68C3629A-C1FA-42B4-8EB3-313F9663D428}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{68FA3C08-F412-4A6A-9BF6-B5EB1D8C031E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{69255556-8819-4A3A-97BA-7854400B017B}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{6938A75F-C950-4540-B77B-6E6AB4ADDB11}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{69EB111B-A508-4543-992E-10D2499C6669}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{69F1967D-473C-4C72-A447-770698D23411}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{6A13C865-915D-4763-BE70-E3307A892F7E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{6A753ABF-4D9F-47CB-AB58-D5D5D13F7CB7}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{6AA6BA1A-9DB2-4B57-8468-48AD5ACE3754}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{6AE87287-EEAD-4404-9444-91B40B268285}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{6B9BFBAB-CBF5-4830-9837-B81C67DE0ED5}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{6BE2D809-17F2-4346-A7D1-2CF41EF74911}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{6C0999C2-4A0D-4A3C-BF59-421680C2A1A8}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{6C55BC88-AAC2-4260-8D2C-683D9AFB7907}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{6D870610-5D7B-4132-9277-BC2ACE33517E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{6DEA02A4-7D01-419F-967D-7DC8195CE5AB}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{6EEF7660-9DB4-407C-8ADC-DD079D5D7CE9}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{6F346D9B-EC60-4C19-99CC-CC1F92A10C83}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{6F6CDEBE-B63E-4D77-9585-4818E0F9DA70}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{6FD06336-B68F-46CE-A419-AFC055ED2402}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{70E9E9D4-621E-4B14-899E-925EA18527E0}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{71B10C69-1C96-4EE0-A96F-713BCAA9BC68}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{7233F078-00E8-4DE3-9DD8-5CDC0C12198A}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{7259894D-377B-4E31-8948-7CD8E04FF8A7}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{725C4BB7-3E58-4B65-A6B3-320A54A82708}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{7269B972-DB50-4347-853B-2C2CE4BB312B}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{736D9EBB-AC3C-4A52-95C7-2AB376A6ECC9}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{736DCBD7-C1D6-4A24-80A8-025ECEB3A3C0}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{74266AA0-6D1B-47E8-9809-15811F35FF18}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{744653F7-FA9D-413A-9021-68FE71379D72}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{749C2494-2F82-4E11-8A72-AABF87076A3A}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{74DB28FC-6939-4ABD-864F-B1A21C999965}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{7541936F-8120-4751-B980-7949C44AB1B8}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{755A49BD-4B38-4361-B76F-8A0FFE1D1943}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{75A5263D-630E-4968-922B-5FE7315EFEBD}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{7621FA34-AA4A-442E-A092-0B29C233B3E3}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{76411C4C-F00C-436F-A7D0-69D6A4EF8830}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{76B06EFC-AF38-4DEB-BBA5-CC16B6F8C781}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{76ECA633-2873-443D-BC84-14A4D0081B24}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{76FDD3A3-4CD5-48CA-85B3-2E1534FCD038}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{771B20C0-915C-447E-B22F-7AFEC7A80950}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{7769B92E-859B-424C-99B5-96FCA5599D82}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{78AE143E-7383-41A4-A3D2-4AFFA9CFCB11}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{78C1B037-695E-49B8-8C0C-9106D0896611}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{78D6D988-DC1D-41BF-A125-2EDB144E2CF4}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{794CCCED-5A4E-42A2-BE77-875F17C1164D}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{79867DF6-9BDE-48B9-896F-49EF5E3F4610}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{7A03C084-40E8-44BC-A456-A8B8B3CEFC5A}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{7AA4579D-9420-4A76-A5BD-A7D045881046}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{7AD748AC-C207-461A-80DD-894FFD5CB56E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{7BB7C557-FAA2-41BE-B386-9E304EB24501}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{7C0108C3-2BA8-413E-AA69-374D03021E0F}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{7C568E05-0505-45B4-8C4C-A761BE1E1CF8}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{7CF30FB0-599A-40C1-A23C-E564E1560F5B}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{7D33DE66-BA4E-4BDF-BC48-9547F9D96285}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{7D706100-8174-4F6A-9211-7337B89474B3}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{7DA7604E-B4D5-421F-823B-4BF2F6C8160C}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{7DBB840E-6572-418E-B260-798326637643}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{7DFA6593-2D84-4041-A0A7-E2B43DD428FF}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{7E0BB4A3-9982-4C43-BD25-88E330E8FE92}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{7E4A7FC5-9FBF-440D-9C6B-09659DA13077}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{7E655F68-DED7-4097-B9FA-74801F25645D}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{7F389A76-C210-4B7C-8898-F3A58CADE20B}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{7F46D4DF-D9AA-4942-8F58-EF742A0605E4}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{7F8DBED5-C9B2-4942-ADA0-5C5BAF3222E4}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{7FF67F15-AE20-4FD8-85F7-69C401BAE01E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{8051F50D-6C5D-4D2D-9435-7D4D1C4EF6E7}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{815A86E3-F615-4076-920E-9AEC26E34E4D}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{81618C04-8243-44D8-A218-0026C8CDE74B}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{81B00045-CC1C-4A38-9812-99D116994AE6}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{820642A0-814D-478A-B52D-319EBEC8262C}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{8216215A-558A-455B-9438-B19EF4110338}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{83B60EC9-BCEC-4625-9672-52C6F1B30495}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{841C4F5E-9B6F-4EE8-AAB6-1C14F54FE940}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{843229A5-7643-489C-B1D6-B79846F2B582}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{846B997E-779A-43B6-B767-FFCE19E89518}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{84760362-2502-4819-ADC8-2C03CFC186B7}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{848A49C9-0028-4B94-92D6-C918D3EE7FED}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{850BBA48-E52E-4F8D-BC7E-78DF75AE0E7D}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{864C0B9C-6780-42A8-A0EE-75E5151ABB6B}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{8782746B-5318-4E06-AD63-2B8AD03A7C90}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{88514983-70A4-42A7-BB8C-60BC9F334850}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{8890E51B-6F79-4A0A-AC15-2D404658F26F}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{88A808FB-23CB-4BC7-B97B-DEE30DEEF7BA}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{88B9BAB7-F26D-4A34-92C1-55261E7F732D}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{89701BAB-EC39-4810-B51C-BB676D0D6715}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{8998283C-EBBB-4E91-AE40-85DD7720A027}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{89BB2C27-E7E9-40D5-990B-B707D8509C81}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{89C0EA3F-AA92-4734-9533-9FE1B9D33E24}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{89D0DD95-701A-42B8-B904-9E24E54FEDA4}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{8A123084-2B60-486C-8199-46E0D9E93F84}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{8A60B2AE-4CEC-41E8-9CDC-3124A5655805}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{8B07FFBA-C1C8-4BA7-B37D-9CA838C91632}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{8B0AD5AC-3BBE-44A1-B5D0-F5301E238FDA}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{8B33E3C9-FE4F-416D-A908-0E18B38695BE}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{8B5BC5B2-1875-4DF2-B321-50AC301017E7}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{8C102739-8B2F-4B82-B614-7AE0BFAEF9E5}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{8C5D22C4-1DC0-43CB-B9DB-D8A6AFB0FF13}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{8C86F5F5-1024-41D0-A39E-1C9E6D541E2A}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{8D2E2F15-A55C-428F-B854-86CC421BB3CF}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{8D81C7D7-4207-43B4-BD2B-0C0EA1D128AD}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{8DF430D4-5E72-4E77-8466-7C60DB605D89}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{8E9C6768-B974-4C83-BA33-6264149E5E78}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{8EDAFBAA-ABE7-4545-8021-E93CC2D74683}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{8F1724EC-CF9E-4505-B905-C923CA2005C8}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{8F29009F-4E49-4C3A-B096-A4A2D3404D7B}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{8FA9F4BA-8A0B-4439-AE73-461F3F144C23}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{90C61585-3FCA-4463-8A95-55C6BD94F7B2}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{917B64DB-CD6C-4747-81CE-561BD882B2B8}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{9222044E-15E6-4254-846C-D4B613E199ED}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{9251884B-981D-4F20-8E2F-6E2E89E8780B}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{9265C061-8C05-49DE-958F-CB360EB1D429}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{931525A4-8150-40A8-905D-FEA34DB1D51A}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{937F8328-1BEF-4AED-950C-CF4172BCF4D6}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{9450CF9B-A9AE-4A07-81D2-B140635E4D55}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{9488029D-5873-400A-8036-211FD17E777F}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{9491890B-0727-49E2-9231-D6C7AE868296}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{94CCB042-06AD-4456-BEDD-1E5AA2F2F817}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{951AC101-D643-4D72-88B2-D4EAAC29352A}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{952FD914-D5EC-4610-B8E7-D11AD2A4CA9F}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{95F49CF7-7A5A-43C3-A751-883B963ADA78}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{965BEE16-0276-4411-9D68-59A0AD8C93FF}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{97016DAC-C394-4D62-9CF6-E0968C90F280}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{970E579A-0311-490C-89D0-43ED0F0FC356}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{9723BF46-98BF-4FF3-9BF2-B016BAB2DC50}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{981D5974-34AC-400D-8B9E-29D362C5446E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{98C54560-4419-4500-B780-9F03E94903B8}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{98CF2D18-5289-4540-A6C3-F2557F72DF67}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{98E74891-88CA-4B5E-9271-39ADDE427EA3}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{992AA3E3-8D4E-47FE-8F70-4B947C4C807D}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{992E38AF-C828-4611-85F5-4A438CCBB33E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{9943D3CA-1DC0-4FF4-BA5C-F6F61E6E9AFF}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{999F8E3B-F4A4-4EAC-84AB-34E427C45A52}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{99E4B4BA-BF57-440D-8672-AF39E3EBF0E3}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{9A8EF66D-1E7D-418E-8DAE-DC98BC7BC8DF}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{9A943372-AB56-4BF6-A9FC-089FDA253A43}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{9AA31941-95C2-44EC-BF2B-3CB2EAB0B4EC}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{9AD92AD5-E0D5-49C1-BA9A-62AF569454AA}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{9AFD2436-3C57-4E98-99EF-E904CECC5FAD}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{9B397480-6E03-4169-A9B6-E0A6F5AB9E2D}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{9B83319D-B9BC-4DEB-B96B-4D80569F03ED}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{9C4D56EC-A163-4DE0-AE7A-A475C6056C79}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{9C68C380-50CC-4DE3-8CDC-9242BF7DD7A4}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{9C92B18E-5BDD-45CD-9976-1DE6BC8D3747}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{9D55F164-431F-4971-8993-364FDCC8FD52}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{9D722277-30A8-4C9B-8724-DFDCD1512E82}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{9DB6CE49-9D48-4987-8B10-B1BF03C82E87}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{9DB8FFEB-13DE-447B-9EAD-5784EAC9F73F}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{9E02F2E1-1B39-40D7-BEEA-46BF3960555D}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{9E77A007-E6BC-42AB-AC90-B9F537EAABDE}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{9ED72BAC-21A5-4EBF-B52A-186A4DD7FE5F}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{9F189006-A2BB-43D2-92D8-E419E8D41769}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{9F5164BA-F4C7-4AC8-8CAC-1731AAA2EEF7}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{9FE4952D-36B3-427F-972B-FBAC86E920C8}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{A0386D90-B6C0-400E-9DDD-D8749CC0DDD0}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{A056F1CA-1CE5-4F36-A81D-EB4271EAD625}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{A06FD899-8149-4112-9F6E-C0B8C76E69BD}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{A0EC49DC-6593-4F35-8A0A-510DA44DC5E6}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{A1362B5F-0D48-4B99-B2C6-3B480BB5C751}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{A1749CCD-B182-4A21-96D1-8E2CB8B8BF10}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{A1A3E567-FAD1-44C2-9742-D756E03CE66E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{A1B7149D-511F-41B1-8C52-607A922C5FA4}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{A44A1397-29A5-4736-82F6-B73849B0E5C0}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{A44E040F-5DB5-477F-A67A-35EA46A4B3E4}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{A4E17E6D-8628-4A1A-AB40-D0E5BFECFE34}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{A4F13B7A-0B2A-4E12-B379-5F597927B5D6}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{A53D513A-3FC2-400A-9A7C-72AC0255D630}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{A575F746-6C4D-4B2D-8EA3-C693154C3F8A}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{A687A056-3760-43C4-B708-6EDBC8314FBB}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{A69720EC-FDE2-48FF-BBFC-34C1464CB1AA}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{A72A8CCB-9EB8-4369-9595-2D34879409D8}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{A762FF29-3B15-42B9-ACC3-0717CFFA5169}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{A7BE7EAA-44B6-487A-A927-D3EEE9B2A270}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{A7C1F8C7-E7CF-4957-8C8F-6FB6F53F14A6}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{A804CA9B-5724-40F9-B87B-422123E550CC}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{A893E004-E425-4F21-BEC3-C6671F3F0AAB}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{A8AC7A23-D82B-4B6A-85FB-15D4E87B8FD9}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{A9828CD6-8C2E-4A7D-8C07-B7EFA906B03A}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{A9FA2E4A-9385-48E3-B16C-0803C196EF12}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{AA5D06D8-AB1B-4ED2-AD2F-74D85B374A71}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{AAF9CEA2-0651-42DD-99B4-AEB7F516BAEC}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{ABD67316-D552-4939-824F-4F11058762A2}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{ABF32A23-2961-4532-A35D-B07DFBA501FA}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{AC4FB3AE-13E0-4BA6-A555-8D29E7C2DDC5}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{ACBD8ABA-647A-4F55-94DF-B04AD383B3C4}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{AD1A0CDB-FBF1-47F7-9390-BC26CAECAC2F}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{AD50C3D3-2529-477D-9703-A609564CCC0A}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{AD6D3106-42EE-4A04-BEBF-BC95547EBEED}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{AE4D511A-BFA5-4536-B320-5BBB1DF3CFED}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{AED19ADE-C0ED-4E09-B246-B35F7D89B896}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{AEF0BC61-35B6-48CE-AB96-458B2C630573}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{AFCA6F7E-2359-43F5-ACDF-22C96BE8B53E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{B08B5E6F-76FA-4343-8C81-930653160555}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{B0D2CD61-C50D-445B-8FF3-9F77A855845C}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{B22832A3-0B93-41B6-97CE-D147E60BF207}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{B27F12DA-252D-4B17-9466-5E9CE4ED60D8}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{B31EB0A8-D2A5-4763-ABB9-40D7FF705AEF}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{B3222707-4F3F-42D5-AB23-F8B53C9C6C9D}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{B36AD66A-8352-4955-9E69-B300B08417D0}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{B48FA553-1981-4749-BDC8-5A6B3FEB2829}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{B4B01E2C-4608-497D-B049-D2F3DBF36328}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{B4B7CD15-88C7-429B-BE69-76EE4DE642D1}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{B4BFCCBA-C69B-4766-A25A-27BBDAA98D41}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{B51D5246-0CF1-416F-BB16-BA26990EDCEF}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{B5D19738-FA3C-477F-BA78-8CDB3B924203}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{B72A6AED-8748-49C4-9606-DDD4537D8181}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{B8640977-E715-4CA1-A678-ECE0131FBEE3}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{B87BC9A1-E396-4097-8DCA-4EAAB76FC26A}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{B98B4B83-64BC-4441-8408-68058CD7F014}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{B9B58113-4FB5-412E-A0A1-425B6D343880}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{BA9A671C-4377-4E26-AF98-D27811BD555B}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{BBF5E175-292D-46ED-9BDC-CE5938DB2527}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{BC4FC5D1-347D-45CA-873B-78164622B168}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{BC70B6C7-EC5C-47F6-934D-973A39EB7FB3}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{BC901726-F579-4B53-AD1E-2D1FC65356D6}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{BD12EE63-B013-4C7A-858F-27CF949C5574}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{BD93A14A-F836-4B87-A2F5-122A49C1F276}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{BDA432DC-423B-42C2-A59A-B74C53B79281}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{BDC8C84E-0661-42C6-8642-77F848585A9F}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{BDC9AF0C-9142-4D77-83DA-61BBFA2D307D}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{BEC33599-3E4B-40A0-816E-7EAE4D95735C}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{BF95640B-1F1E-417E-AF18-3749EB917378}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{BFAB443C-A31F-432E-9B93-5FE459174790}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C0EBB1F6-2329-4A20-AC0C-782942EF85FA}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C131C282-668A-4348-BE95-5CABEF635D99}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C16DD855-ECFC-41F7-8519-3AF26204D009}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C1779D4A-27EF-4BA3-B402-97B7EFD1B53E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C20D91AD-9A7C-48B4-8596-84A9BC761CD3}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C225865B-C314-40DC-AD7E-69FD7DAD7E5E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C24E7567-CFEA-4F72-AF6D-8501A852E53D}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C25470EF-90FD-4A22-9E59-94640ED126E0}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C255CB60-4DAE-4BBA-B43E-A95659E617A2}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C29BFB4B-3FE5-41D6-9E1C-18C0F8B2D219}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C2E53013-8134-4DF2-A829-1C2D13AC990E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C3AB3601-E5E8-41B0-832A-CC69BF5A42E5}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C3CDF94E-BC32-4C1E-AC32-C77A9726B16E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C3D51985-4640-4791-943F-924BA50DE462}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C3F02083-F9ED-4FBF-8D74-849C17B21C1D}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C3FF9C86-6F4B-4CBF-B65B-280DE31EDDB4}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C444CB1C-FE7E-48CF-93A0-54C08389A869}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C52B8B49-CE48-493A-8308-369AE64FFD02}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C599AB05-3B22-488A-A274-E40659EC0D41}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C5C2F690-A6E1-48BB-95D1-EE8DFC3C243F}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C5CB9DEF-6351-463C-88D0-826D0C21D809}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C608FB6F-DFDB-4CB4-A3F2-62E65B4E5714}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C60FBE31-4332-44E7-AD9F-CDD46C9FAF99}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C630797B-3306-4EEE-ADC6-10F3486E6A5A}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C65E8D96-A61C-4B4B-BA1B-0E7DE9E82BCD}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C67A2DE7-87CA-4F84-AA66-5715927FE3B2}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C709D669-CF38-406C-88A6-C22C1E6F21BF}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C70D3684-D796-4D83-9260-E14F489BF0EF}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C7AB2388-44A9-4152-8640-3B9514EE2C97}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C846AB0E-977F-460B-9EEF-D7CF4B0911D4}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C893CE2F-9CB9-4148-B3F5-5DC482CBF92B}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C8D9782D-88D5-4804-8A30-0EA463CB9098}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C9028097-56EA-43E7-91A6-61ED3AFD912E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C9474DA8-1E99-41E1-BA94-9B1F28867FF2}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C950EDE1-AC76-40A2-9566-F132A4CDFEBC}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{C9BC4FBC-2FFF-4AB0-8350-F070C0870C7E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{CA746C5F-3FC3-411D-8B12-D49E8D050498}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{CABA4099-E044-478B-9275-7FB23D3B482D}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{CB70D1A1-EB57-4A1C-A90A-2D5B9EADE2DD}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{CC1EB008-1855-4209-ABFF-D03DE6CE6C58}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{CCD5AD89-BE48-4A2E-9796-3F0628537CF7}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{CD3DA4FA-5DA8-410F-B2D2-3AE5A37F06B0}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{CD83FBA8-3C9B-4A3A-A41D-DA93F222D5E2}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{CDEC6148-2EDE-46A3-85C7-F43CCC12EBDE}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{CDF932E7-318F-4CC4-AFCA-EF51DC4464A4}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{CE3BECC7-EA45-4A24-837E-F440F4203BF3}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{CEF3B41E-9B38-429D-B108-9A0F255F94CF}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{CF86300C-C6B6-4C5D-83D3-C2A55208811C}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{CFC9B700-8B9A-405F-9E61-22D7D1EDB308}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D0804951-90AD-4FDA-AF0B-88FA93B41E36}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D081573C-9838-454A-A6DD-132C7A1CC435}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D085C658-A36D-45B4-B814-F8E4DF5CDC22}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D0F9C4EA-B831-4C19-AD57-B66CC77B146C}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D1399456-77FB-4C10-88D9-D3231357A495}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D205C1B0-830D-4746-891B-E4E525C969CC}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D2D40380-5636-4395-B4A2-58CDBFA4AA05}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D2E67B2A-A83E-4A90-B562-F3BDE983ED09}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D3098EA3-1BE6-46D8-ABB3-CC046F995D6F}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D32828EF-11A0-401E-B813-9951A84B8B13}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D36B9F36-8196-44B8-A8C9-C8C737F94745}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D393C685-DB4C-48AD-83FD-0E57F5D3E538}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D440FE7D-21F6-4CCE-974E-0738FAC85D20}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D49D5519-CE75-453B-86F9-C91446D99BBB}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D4A78792-DA37-430E-BC1A-58988F7301EA}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D512A306-6DC2-4A4B-AAB9-2DE6A9467E6F}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D5F3FA7F-E93F-483C-A5D6-FD670445AB61}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D614BEB6-1C29-42CE-838B-01F39008C3E9}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D6196771-802C-4C1A-9650-A2AFB530DFC2}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D620D457-4A71-473F-A91F-DB0C1FE10FAF}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D69B73F4-DFB3-4A29-9BBE-A304CA637FED}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D6A8DCDD-EED0-4FC5-8694-610CC2522BB3}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D6C03390-8180-4CBC-8922-995CB21DD521}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D7094E85-5C89-4B4D-B103-9B8246009FBB}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D760E1F7-3119-4F64-A59E-56528999CEFE}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D7F8E889-0046-418D-B644-B9D9207200A9}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D83AE9D8-58E7-4358-9EAB-2EAF424DF99B}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D8483D6A-F537-4FD2-A7AD-59F6F234BEB8}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{D9853F67-804E-483E-8FC7-A6377FAD753C}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{DA29BE74-E431-4780-8182-2C8A017C30F8}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{DAC065C0-DF88-43BC-9A97-1A1C9259FB79}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{DAE10118-007B-4ADD-B7B6-B7E0B17DA5FC}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{DB3A0EBF-420E-4543-A279-018558358EAB}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{DC34D127-F2A3-411A-A443-F5C5F2DAA14F}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{DC3AF2FC-5882-4EF3-94C1-AC334FB61CCF}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{DD75CD01-4546-4F30-B13E-EF840E284A67}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{DD97A6DB-1E03-418E-9FB7-DABD4F42C73E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{DE2F3228-FBEC-4C64-85FF-85CC8F571070}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{DE347730-F31A-42D2-860D-9BE22E767BBD}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{DEAA102E-906C-4B7A-9253-E2C47B710A8A}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{DEAB8565-5BEF-4E94-92CB-C70E09E8AA65}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{DEAC117E-BE49-4B0C-9996-9D22077262CF}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{DF6A693F-01C3-4F23-8B0E-7B3FD8EED22B}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{DF9F10A6-C242-471C-95B0-0758C8A69B8F}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{DFA04236-BB7D-4E62-8CDD-D8C22BC45076}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{DFB444D0-4E06-4BD4-9B4A-FAA85D5BB255}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{DFB8AE9A-9408-4C04-BF2E-B1E8694A6D90}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{DFEF61F5-CFE9-4684-B5D3-8BF78AE42B75}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{E09BE1AF-2866-44EE-8AEB-1BCF830FCBC0}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{E29040D7-EBBD-441D-97E0-2FF7F5ECBC72}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{E2AEB461-419B-4883-8E47-E70C881D2D85}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{E2D2B395-4C8F-4EF0-BACF-27A1EB5A4ADC}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{E3DFA4F0-E213-490D-9E33-656C307F8EE3}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{E48806C7-9834-4BE2-853F-927981BCD0A0}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{E518A0A0-45C6-4DC5-925A-F53E129C881B}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{E5673514-D981-44B8-8786-D54BD8BD3986}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{E71003AF-B2C4-4980-A9BF-695066254AB3}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{E7244330-6988-43E9-B999-8F26E21D3A34}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{E7B23EAD-4487-4A90-9A96-63448428A0A9}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{E7F338EF-D3CD-44BA-84B0-DE3BE5C85E90}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{E81C11F6-0DC4-48D9-A4F3-937E8DB2108C}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{E8DA0FBF-9A56-4774-96D1-A4EF2FEA594C}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{EA6307AD-740D-4039-A246-DB429389C921}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{EABA7BB9-2D69-4E32-A6C1-5C3D03D5DBAE}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{EABD65C4-EB65-4F0F-AFD4-34760FFB32D0}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{EB71C948-11EA-4CBF-8C30-A864950641B6}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{EB84E046-05CD-44F5-9C53-F802B7653E15}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{EBF07744-D92F-478F-B7EE-CEDC520E3E28}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{EC6DDBEC-39EA-403D-9E35-0BE4E130704D}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{ECF73666-EF41-41E5-8144-08EA540AA058}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{ED0953C5-0072-4640-A052-915EAF6AC34F}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{ED4ED03B-08F6-49C4-B40C-0502C2AB8BF7}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{ED761746-C23D-40F3-90A5-41E69C917D48}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{EDB23AF8-7D2F-4741-9267-73BC861AC6D7}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{EE0627D3-1E00-4C15-AB1D-C749A62F581B}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{EF22B7C3-1EAA-41F6-904C-77C7C6E6E17B}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{EF243C0A-2158-4B3F-A9D0-15BA74AC6B50}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{EF2D28C3-EADB-428E-8869-A30B64157F4E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{EF3B95D3-86B3-41F2-B61D-B86ECEDA6751}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{EF787355-1081-41AD-9BE2-8A449FFA30CD}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{EF7BE498-0837-4845-A13A-F506C64865B7}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F04B92DC-6744-4F39-91B5-44CD22C1021E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F08C0577-73CA-46C8-A068-91E323AC8AFC}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F0A2BC4C-55B5-4498-8586-F929A5D9F9A1}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F133A747-6378-4C64-A9C4-C4C718A4DAF7}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F1CDFBAF-878C-42C0-A494-850386E3C29D}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F20885F1-109F-4A8E-AE4D-E4164E3D1AF6}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F28BB4CB-D34D-4913-8AD3-F2ADEE527F0E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F28C1A75-E5F9-4D5B-93C9-564EE94B27B9}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F29F2FAB-810D-4A1A-84F2-BB2362B0F4F0}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F2A9349D-61A2-4CFC-A081-B5056B4F4C77}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F3962630-3A55-4E2F-9045-8BFA8BAAF13C}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F3CB7A31-4DD8-44F5-93C6-1309DB4AAE09}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F450FB57-EE2B-4492-8793-4609AD0E4F97}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F4B4FD1A-0F85-4036-A370-08A4D504B0D0}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F5BE79F5-905A-4DF1-8A4C-482D736A5C9E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F5CEEA0B-06D1-4C65-BF35-BB5CC6B62DE3}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F5E1E1B3-6822-420D-B3BA-CCCB1FF9FD52}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F5EAD5E4-3D17-49B6-ACB6-7BB430076678}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F60658B1-A0A7-48F6-BCA7-95532ACB4312}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F6605CA9-3A85-4610-B820-9BA358E93097}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F677BC3D-B7F0-4EAE-BD4A-F1DD776F7A6E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F6ABA461-04E1-47A7-B3FE-C4FC1EE9531A}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F6EB580E-B93E-4D7E-8410-DC2B0176778D}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F7A6ECCA-9C07-4A9E-9933-57DE253AE3A3}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F80C6640-27CB-4575-8B80-3AA46486A95C}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F80ECDD0-FCBF-4E6A-93C4-EDE3FD9A0549}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F847092B-3ADF-417B-A250-6FF24EC04F33}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F85656BF-8678-4F86-A9B2-ACA9AE1216E7}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F86E4081-4001-4E3A-B5B0-C487AEC51D91}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F8C62EAB-8D7E-405B-A618-7F632D863443}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F944B3CB-AF5C-41AF-B14C-1719652850EA}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{F9858A7D-58CD-4649-9C1F-2E126A74B980}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{FA0831DE-EBB2-4F9A-BAAF-CC450ED61D56}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{FA38ACDA-0F6C-4487-8A35-2624F0A8B597}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{FA4F4ABB-F210-424C-BB5B-D1C9F2A4E05A}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{FB19E695-3DB6-42B3-A17C-BF11E7431B32}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{FB43E044-7FB9-4C0F-9D36-088DEBAA045D}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{FBF0C5B9-FDB4-4743-A3AC-45EFD19AD92D}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{FBF262CE-AC98-4069-BF3A-C43E599CD223}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{FC41BDA5-2CD3-4005-B97E-8B069B2ACD11}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{FC440F49-0C89-4A91-961E-9AD9E69A869E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{FC76ADF4-F2FD-4009-9454-D5D2C0EBDB02}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{FC96FF8D-1EA0-4767-BB22-67DC9A2C7B1E}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{FD2EA54C-5D9D-4934-8353-88040ED66AF3}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{FDC2B5E5-F174-468B-B157-2C69E12F15DF}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{FE06AF85-71FB-403C-961A-AD2642FA9446}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{FE151809-FA6B-4FE9-B3D3-791888549B38}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{FE43E864-C7A8-4525-8CC8-8A0EC984B159}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{FE911BBE-C08D-4C25-BDAC-3EF965532753}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{FF839F1E-FEB4-45A7-B9DA-9F7128AAEA89}

 

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Carl\appdata\local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/07/2013 at 21:26:23.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 AdwCleaner v2.305 - Logfile created 07/18/2013 at 21:27:57
# Updated 11/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Carl - HOME-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Carl\Documents\System Fix\AdwCleaner.exe
# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Users\Carl\AppData\Local\PackageAware

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v2
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKLM\Software\Classes\Installer\Features\2B1E51D87B2D71A44BB42DDD5E894160
Key Deleted : HKLM\Software\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF172108-950F-4A8E-8A08-A1C4EE9EA728}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC79ED88-9ACA-4E42-89DA-14426922A6D4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6770AEB7E06F926409292E7BC2601EFE
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AC8629C735242C4C8DA212489E5DE11
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A6EB8FE4C9986914497E92C7F5A702E3
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar
Key Deleted : HKLM\Software\pdfforge
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\uTorrentControl_v2
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Preferences

E× @àmèNäzoã,¼@dÞkùC€ @€ *¾`ªTJœüV rèÓ¡‘^†d:F @€ æ’Í©µL  þÏ^‘ @€ @ Š€!Y•J‰“ ü$ÙD— @€ @ ¥€!Y˲JŠ Ÿ ”é @€ ü*`H¦+ 0LÀlXÁ¥K€ @€À%C²KL"@€@C²>µ”  @€ ë ÉÖYºJ’•(“   @€ 0$ ·

 

Link to post
Share on other sites
cnicklin

cnicklin

Posted
  • Author
Posted

I had to make a secnd post t have everything included: FRST was empty!!!

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-07-2013 02
Ran by Carl at 2013-07-18 21:46:23
Running from C:\Users\Carl\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Installed Programs =======================

µTorrent (Version: 3.1.3)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Additional ActiveTeach (Version: 1.00.0000)
Additional TTPP (Version: 1.00.0000)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader 9.5.3 (Version: 9.5.3)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
AS+A2 Biology for AQA (Version: 1.0.0.0)
Bonjour (Version: 3.0.0.10)
BUFFALO BuffaloTools Launcher
BUFFALO TurboCopy
BUFFALO TurboPC for FLASH/HDD
Bullzip PDF Printer 7.1.0.1218 (Version: 7.1.0.1218)
CameraHelperMsi (Version: 13.25.1010.0)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.4.0.9)
Canon Camera Window MC 6 for ZoomBrowser EX (Version: 6.3.0.8)
Canon G.726 WMP-Decoder (Version: 1.1.0.4)
CANON iMAGE GATEWAY Registration Guide (Version: 1.0.0.2)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.3.1.5)
Canon Internet Library for ZoomBrowser EX (Version: 1.5.1.4)
Canon MovieEdit Task for ZoomBrowser EX (Version: 2.4.0.14)
Canon RAW Image Task for ZoomBrowser EX (Version: 0.9.3.9)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.7.0.8)
Canon Utilities ZoomBrowser EX (Version: 5.8.0.74)
CCleaner (Version: 3.25)
Championship Manager 2007 (Version: 7.0.0)
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
CM 03-04 (Version: 4.1.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Copy+
Corel GuideMenu (Version: 1.00.0000)
D3DX10 (Version: 15.4.2368.0902)
Dell Dock (Version: 2.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.2.09085)
Dell Wireless WLAN Card Utility (Version: 5.10.38.30)
Driver Mender (Version: 8.0.1)
erLT (Version: 1.20.138.34)
ERUNT 1.1j
Eusing Free Registry Cleaner
Extension ActiveTeach (Version: 1.00.0000)
Extension TTPP (Version: 1.00.0000)
Google Chrome (Version: 28.0.1500.72)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.153)
GoToAssist 8.0.0.514
GPL Ghostscript Lite 8.70
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel® TV Wizard
InterVideo WinDVD SE (Version: 8.0-B6.196)
iPod for Windows 2005-09-06 (Version: 3.8.0)
iTunes (Version: 11.0.4.4)
Java 6 Update 13 (Version: 6.0.130)
Junk Mail filter update (Version: 15.4.3502.0922)
LeapFrog Connect (Version: 4.2.9.15649)
LeapFrog Tag Plugin (Version: 4.2.9.15649)
Logitech Vid HD (Version: 7.2 (7248))
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.20.1166.0)
LWS Gallery (Version: 13.20.1166.0)
LWS Help_main (Version: 13.25.1016.0)
LWS Launcher (Version: 13.20.1166.0)
LWS Motion Detection (Version: 13.20.1176.0)
LWS Pictures And Video (Version: 13.25.1010.0)
LWS Twitter (Version: 13.20.1166.0)
LWS Video Mask Maker (Version: 13.10.1216.0)
LWS VideoEffects (Version: 13.25.1005.0)
LWS Webcam Software (Version: 13.20.1168.0)
LWS WLM Plugin (Version: 1.20.1166.0)
LWS YouTube Plugin (Version: 13.20.1166.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Internet Security (Version: 11.6.511)
McAfee Security Scan Plus (Version: 3.0.318.3)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Default Manager (Version: 2.1.54.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.58299)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft XML Parser (Version: 8.20.8730.4)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nikon Message Center 2 (Version: 2.1.0)
Nikon Movie Editor (Version: 2.3.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Onzo Uploader (Version: 1.14.675)
PC Connectivity Solution (Version: 8.47.7.0)
PDFCreator (Version: 1.1.0)
PeerGuardian 2.0 (Version: 2.1.0.2)
Picture Control Utility (Version: 1.4.2)
Planning and Personalisation Tool (Version: 1.0.8)
Planning and Personalisation Tool (Version: 1.0.9)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver
Roxio Burn (Version: 1.0)
Roxio Burn (Version: 1.0.0)
Roxio Update Manager (Version: 6.0.0)
SAMSUNG SYMBIAN USB Download Driver (Version: 1.1.808.7165)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.650.0)
SamsungConnectivityCableDriver (Version: 6.83.6.2.1)
Science ActiveTeach (Version: 1.00.0000)
Science AP (Version: 1.00.0000)
Science TTPP (Version: 1.00.0000)
Segoe UI (Version: 15.4.2271.0615)
Shared C Run-time for x86 (Version: 10.0.0)
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.10 (Version: 5.10.116)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
swMSM (Version: 12.0.0.1)
TomTom HOME 2.7.3.1894 (Version: 2.7.3.1894)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Twenty First Century Additional Applied Science iPack (Version: 1.00.0000)
Twenty First Century Additional Science iPack (Version: 1.00.0000)
Twenty First Century Science iPack (Version: 1.00.0000)
Ulead DVD MovieFactory SE (Version: 5.6)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (Version: 4.2.9.15649)
ViewNX 2 (Version: 2.3.0)
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (Version: 11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
WinZip (Version:  8.1  (4331))
Yahoo! Install Manager
Year 7 ActiveTeach (Version: 1.0.0)
Year 7 Activity Pack (Version: 1.0.0)
Year 7 Assessment Pack (Version: 1.0.0)
Year 7 Planning Guide (Version: 1.0.0)
Year 8 ActiveTeach (Version: 1.0.0)
Year 8 Activity Pack (Version: 1.0.0)
Year 8 Assessment Pack (Version: 1.0.0)
Year 8 Planning Guide (Version: 1.0.0)
Year 9 ActiveTeach (Version: 1.0.0)
Year 9 Activity Pack (Version: 1.0.0)
Year 9 Assessment Pack (Version: 1.0.0)
Year 9 Planning Guide (Version: 1.0.0)
 

==================== Restore Points  =========================

01-04-2013 20:00:06 Windows Update
02-04-2013 19:58:09 Windows Update
12-04-2013 22:12:08 Windows Update
21-04-2013 20:55:17 Scheduled Checkpoint
23-04-2013 21:45:29 Windows Update
16-05-2013 20:10:12 Windows Update
02-06-2013 15:49:11 Windows Update
12-06-2013 19:27:43 Windows Update
11-07-2013 19:33:37 Scheduled Checkpoint
12-07-2013 02:00:38 Windows Update

==================== Hosts content: ==========================

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {024A41BD-CA6A-4DF9-9318-47BCB1035069} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-21] (Google Inc.)
Task: {0DCC5183-C81D-43DF-AD68-75F65820015D} - System32\Tasks\Launch BCM WLAN Tray => C:\Windows\system32\WLTRAY.EXE [2009-01-19] (Dell Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {22A568DD-40E6-42F9-8249-F8C78B4F423B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {37E65072-A8B0-469F-8C44-0AA3DD374B66} - System32\Tasks\{F395002C-DC68-4EAE-BDE4-FDA2210CB8C8} => C:\Program Files\Internet Explorer\IEXPLORE.EXE [2013-06-12] (Microsoft Corporation)
Task: {3B14FBC7-4E4D-42A7-A018-128B900817C9} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2010-11-20] (Microsoft Corporation)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs No File
Task: {56BAAF6D-9178-413C-BDF3-3408AC2D1CE9} - System32\Tasks\{99857366-8AE7-47D4-B7AB-5A34D6F0CB61} => C:\Program Files\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {5DA7B10C-7A2C-43F8-90F9-2671A12F2DAA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-14] (Adobe Systems Incorporated)
Task: {63822DDD-4112-43BB-A839-51E718A8114B} - System32\Tasks\RegistryBooster => C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe No File
Task: {97BDEDDF-98F0-42AF-B000-664CEB1A72B9} - System32\Tasks\PC Optimizer Pro startups => C:\Program Files\PC Optimizer Pro\StartApps.exe No File
Task: {D63D33B3-C14F-4A0F-9095-613559803218} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {D9D56E12-2592-4A30-BDF0-9DFA552126B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-21] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs No File
Task: {EFDF7F2B-2C6B-4CCB-9EC8-E4BF7805DE4E} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2009-07-14] (Microsoft Corp.)
Task: {FD4791ED-ECD0-4051-9957-682D2981E36C} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PC Optimizer Pro startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe
Task: C:\Windows\Tasks\RegistryBooster.job => C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe

==================== Faulty Device Manager Devices =============

Could not list Devices.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2013 09:43:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2013 09:33:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2013 09:30:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (07/18/2013 09:46:17 PM) (Source: DCOM) (User: )
Description: 1084McNaiAnn{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (07/18/2013 09:44:21 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (07/18/2013 09:43:25 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (07/18/2013 09:43:19 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/18/2013 09:43:12 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (07/18/2013 09:42:16 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%1062

Error: (07/18/2013 09:42:15 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
discache
spldr
Wanarpv6

Error: (07/18/2013 09:42:14 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (07/18/2013 09:42:14 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness service depends the following service: NSI. This service might not be installed.

Error: (07/18/2013 09:42:13 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

Microsoft Office Sessions:
=========================
Error: (07/18/2013 09:43:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2013 09:33:53 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2013 09:30:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
  Date: 2013-07-17 20:23:57.854
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-17 20:23:57.839
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-17 20:23:57.839
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2010-06-01 22:15:59.399
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-06-01 22:14:39.974
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-06-01 22:07:02.360
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-06-01 22:03:17.288
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-06-01 22:01:58.653
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-06-01 21:58:59.749
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-06-01 21:54:42.378
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 3317.18 MB
Available physical RAM: 2865.74 MB
Total Pagefile: 6632.64 MB
Available Pagefile: 6206.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1912.01 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:581.11 GB) (Free:189.18 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.29 GB) NTFS
Drive e: (130717_1726) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive l: (FULLARTON) (Removable) (Total:1.89 GB) (Free:0.49 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: A0000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=581 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================

Link to post
Share on other sites
cnicklin

cnicklin

Posted
  • Author
Posted

Sorry FRST log, it just did not copy across as I am having to run the tests on the faulty machine and post using another one.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-07-2013 02
Ran by Carl (administrator) on 18-07-2013 22:16:30
Running from C:\Users\Carl\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) ===================

(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(McAfee, Inc.) c:\PROGRA~1\mcafee.com\agent\mcagent.exe

==================== Registry (Whitelisted) ==================

HKU\Carl-Jill\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Carl-Jill\...\RunOnce: [WAB Migrate] - %ProgramFiles%\Windows Mail\wab.exe /Upgrade [ 2010-11-20] (Microsoft Corporation)
HKU\Carl-Jill\...\RunOnce: [DPAPIKeyMig] - %SystemRoot%\system32\dpapimig.exe -quiet [ 2009-07-14] (Microsoft Corporation)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
le Inc.)
HKLM\...\Run: [iTunesHelper] - ESHELPER.EXE" [x]
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [Logitech Vid] - C:\Program Files\Logitech\Vid HD\Vid.exe [6129496 2011-01-13] (Logitech Inc.)
HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKCU\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKCU\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [247144 2009-11-13] (TomTom)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-09-03] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
Startup: C:\Users\Carl-Jill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
SearchScopes: HKLM - {CE6722A2-4177-447A-9F57-D2069132BE9E} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF7&pc=MDDC&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
SearchScopes: HKCU - {3B61C9E7-9424-486C-B9DC-DE044D3AC688} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}
SearchScopes: HKCU - {5AD788AE-0654-4525-B72C-96167BFB9C74} URL = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {CE6722A2-4177-447A-9F57-D2069132BE9E} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF7&pc=MDDC&src=IE-SearchBox
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121117142350.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome:
=======

CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Platform SE 6 U13) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U13) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (SiteAdvisor) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0
CHR Extension: (Gmail) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

========================== Services (Whitelisted) =================

S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [203080 2011-01-28] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203840 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [172416 2013-02-19] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S2 ProtexisLicensing; C:\Program Files\Common Files\Protexis\License Service\PSIService.exe [174656 2006-11-02] ()
S3 RasMan; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 SensrSvc; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2009-06-03] (SupportSoft, Inc.)
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2006-06-14] (Ulead Systems, Inc.)
S2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-04-01] (Logitech Inc.)
S3 WebClient; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2009-01-19] (Dell Inc.)
S3 WPDBusEnum; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 WPFFontCache_v0400;

==================== Drivers (Whitelisted) ====================

S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2009-01-19] (Broadcom Corporation)
R0 bftpdskc; C:\Windows\System32\drivers\bftpdskc.sys [39680 2010-01-08] (BUFFALO INC.)
S3 bftpusbx; C:\Windows\System32\drivers\bftpusbx.sys [10624 2010-01-16] (BUFFALO INC.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-02-19] (McAfee, Inc.)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2012-09-28] (LeapFrog)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-20] (McAfee, Inc.)
R3 Iviaspi; C:\Windows\System32\drivers\iviaspi.sys [10368 2009-11-01] (InterVideo, Inc.)
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133416 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235264 2013-02-19] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [363080 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565888 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92632 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [210608 2013-02-19] (McAfee, Inc.)
S3 pgfilter; C:\Program Files\PeerGuardian2\pgfilter.sys [8192 2007-06-02] ()
U3 TrueSight; \??\C:\Windows\system32\TrueSight.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-18 21:46 - 2013-07-18 21:46 - 00020822 _____ C:\Users\Carl\Desktop\Addition.txt
2013-07-18 21:45 - 2013-07-18 21:45 - 00000000 ____D C:\FRST
2013-07-18 21:31 - 2004-11-02 12:15 - 01218860 _____ (Farbar) C:\Users\Carl\Desktop\FRST.exe
2013-07-18 21:27 - 2013-07-18 21:28 - 00006441 _____ C:\AdwCleaner[s1].txt
2013-07-18 21:26 - 2013-07-18 21:26 - 00080970 _____ C:\Users\Carl\Desktop\JRT.txt
2013-07-18 21:24 - 2004-11-02 12:10 - 00559341 _____ (Oleg N. Scherbakov) C:\Users\Carl\Desktop\JRT.exe
2013-07-18 21:14 - 2013-07-18 21:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-18 21:11 - 2013-07-18 21:11 - 00004568 _____ C:\Users\Carl\Desktop\RKreport[0]_S_07182013_211121.txt
2013-07-18 21:09 - 2013-07-18 21:12 - 00000000 ____D C:\Users\Carl\Desktop\RK_Quarantine
2013-07-18 21:07 - 2013-07-18 21:25 - 00000000 ____D C:\Windows\ERUNT
2013-07-18 21:07 - 2013-07-18 21:07 - 00000824 _____ C:\Users\Carl\Desktop\NTREGOPT.lnk
2013-07-18 21:07 - 2013-07-18 21:07 - 00000805 _____ C:\Users\Carl\Desktop\ERUNT.lnk
2013-07-18 20:59 - 2013-07-18 21:13 - 00000000 ____D C:\Users\Carl\Documents\System Fix
2013-07-18 20:22 - 2013-07-18 20:22 - 00017408 _____ C:\Users\Carl\Desktop\dds.txt
2013-07-18 20:22 - 2013-07-18 20:22 - 00012460 _____ C:\Users\Carl\Desktop\attach.txt
2013-07-17 21:46 - 2013-07-17 21:46 - 00000000 ____D C:\Users\Carl\Documents\ExamQuest
2013-07-17 20:04 - 2013-07-17 20:04 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-17 20:04 - 2013-07-17 20:04 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-17 20:04 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-17 20:02 - 2004-11-01 11:15 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Carl\Documents\mbam-setup-1.75.0.1300.exe
2013-07-17 19:06 - 2013-07-17 19:06 - 00001025 _____ C:\Users\Carl\Desktop\Eusing Free Registry Cleaner.lnk
2013-07-17 18:59 - 2013-07-17 18:59 - 00000967 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-17 18:59 - 2013-07-17 18:59 - 00000000 ____D C:\Program Files\CCleaner
2013-07-17 18:22 - 2013-07-17 18:22 - 00000000 ____D C:\Users\Carl\malwareBytes
2013-07-17 10:49 - 2013-07-17 10:49 - 10285040 ____R (Malwarebytes Corporation                                    ) C:\Users\Carl\Desktop\New shortcut.lnk
2013-07-15 10:52 - 2013-07-15 10:52 - 00001033 _____ C:\Users\Carl\Desktop\AS+A2 Biology for AQA (2).lnk
2013-07-12 03:14 - 2013-06-12 00:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 03:14 - 2013-06-12 00:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 03:14 - 2013-06-12 00:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 03:14 - 2013-06-12 00:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 03:14 - 2013-06-12 00:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 03:14 - 2013-06-12 00:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 03:14 - 2013-06-12 00:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 03:14 - 2013-06-12 00:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 03:14 - 2013-06-12 00:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 03:14 - 2013-06-12 00:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 03:14 - 2013-06-12 00:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 03:14 - 2013-06-12 00:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 03:14 - 2013-06-12 00:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 03:14 - 2013-06-12 00:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 03:14 - 2013-06-11 23:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-12 03:14 - 2013-06-07 03:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 19:47 - 2013-06-05 04:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 19:47 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 19:47 - 2013-05-06 05:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 19:47 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 21:13 - 2013-07-10 21:13 - 00000000 ____D C:\Users\Carl-Jill\Documents\Car
2013-07-03 20:09 - 2013-07-03 20:09 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-07-03 20:07 - 2013-07-03 20:09 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-07-03 20:07 - 2013-07-03 20:09 - 00000000 ____D C:\Program Files\iTunes
2013-07-03 19:57 - 2013-07-03 19:57 - 00001817 _____ C:\Users\Public\Desktop\QuickTime Player.lnk

==================== One Month Modified Files and Folders =======

2013-07-18 22:16 - 2012-11-11 22:06 - 00000000 ___RD C:\Users\Carl\Desktop
2013-07-18 21:48 - 2012-11-11 23:39 - 00001830 _____ C:\Users\Public\Desktop\McAfee Internet Security.lnk
2013-07-18 21:48 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-18 21:46 - 2013-07-18 21:46 - 00020822 _____ C:\Users\Carl\Desktop\Addition.txt
2013-07-18 21:46 - 2012-11-11 23:00 - 00730320 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-18 21:45 - 2013-07-18 21:45 - 00000000 ____D C:\FRST
2013-07-18 21:39 - 2012-11-11 22:04 - 00011440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-18 21:39 - 2012-11-11 22:04 - 00011440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-18 21:32 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-18 21:30 - 2009-10-29 21:28 - 00000000 ____D C:\Users\Carl\Tracing
2013-07-18 21:29 - 2011-11-27 11:43 - 00000330 _____ C:\Windows\Tasks\RegistryBooster.job
2013-07-18 21:29 - 2011-11-21 22:32 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-18 21:29 - 2011-08-24 23:20 - 00000404 _____ C:\Windows\Tasks\PC Optimizer Pro startups.job
2013-07-18 21:28 - 2013-07-18 21:27 - 00006441 _____ C:\AdwCleaner[s1].txt
2013-07-18 21:26 - 2013-07-18 21:26 - 00080970 _____ C:\Users\Carl\Desktop\JRT.txt
2013-07-18 21:25 - 2013-07-18 21:07 - 00000000 ____D C:\Windows\ERUNT
2013-07-18 21:23 - 2013-07-18 21:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-18 21:13 - 2013-07-18 20:59 - 00000000 ____D C:\Users\Carl\Documents\System Fix
2013-07-18 21:12 - 2013-07-18 21:09 - 00000000 ____D C:\Users\Carl\Desktop\RK_Quarantine
2013-07-18 21:11 - 2013-07-18 21:11 - 00004568 _____ C:\Users\Carl\Desktop\RKreport[0]_S_07182013_211121.txt
2013-07-18 21:07 - 2013-07-18 21:07 - 00000824 _____ C:\Users\Carl\Desktop\NTREGOPT.lnk
2013-07-18 21:07 - 2013-07-18 21:07 - 00000805 _____ C:\Users\Carl\Desktop\ERUNT.lnk
2013-07-18 20:22 - 2013-07-18 20:22 - 00017408 _____ C:\Users\Carl\Desktop\dds.txt
2013-07-18 20:22 - 2013-07-18 20:22 - 00012460 _____ C:\Users\Carl\Desktop\attach.txt
2013-07-17 21:46 - 2013-07-17 21:46 - 00000000 ____D C:\Users\Carl\Documents\ExamQuest
2013-07-17 20:04 - 2013-07-17 20:04 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-17 20:04 - 2013-07-17 20:04 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-17 19:06 - 2013-07-17 19:06 - 00001025 _____ C:\Users\Carl\Desktop\Eusing Free Registry Cleaner.lnk
2013-07-17 18:59 - 2013-07-17 18:59 - 00000967 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-17 18:59 - 2013-07-17 18:59 - 00000000 ____D C:\Program Files\CCleaner
2013-07-17 18:22 - 2013-07-17 18:22 - 00000000 ____D C:\Users\Carl\malwareBytes
2013-07-17 18:22 - 2012-11-11 22:06 - 00000000 ____D C:\Users\Carl
2013-07-17 18:18 - 2009-07-14 05:53 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-17 10:49 - 2013-07-17 10:49 - 10285040 ____R (Malwarebytes Corporation                                    ) C:\Users\Carl\Desktop\New shortcut.lnk
2013-07-17 07:14 - 2012-11-11 22:34 - 00052460 _____ C:\Windows\PFRO.log
2013-07-17 07:06 - 2011-11-21 22:32 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-17 06:52 - 2012-06-01 08:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-16 22:33 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2013-07-15 10:52 - 2013-07-15 10:52 - 00001033 _____ C:\Users\Carl\Desktop\AS+A2 Biology for AQA (2).lnk
2013-07-14 13:31 - 2012-11-11 22:49 - 01974952 _____ C:\Windows\WindowsUpdate.log
2013-07-14 11:17 - 2012-06-01 08:14 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-07-14 11:17 - 2011-06-15 20:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-07-14 11:09 - 2012-09-03 21:37 - 00002131 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-14 11:07 - 2009-10-30 09:28 - 00000000 ____D C:\Users\Carl\AppData\Local\Adobe
2013-07-14 10:53 - 2009-07-14 05:39 - 01849505 _____ C:\Windows\setupact.log
2013-07-12 21:30 - 2009-11-01 20:28 - 00000000 ____D C:\Carl's Stuff
2013-07-12 03:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-12 03:37 - 2009-07-14 05:33 - 00412904 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 03:36 - 2009-10-22 21:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 03:35 - 2009-07-14 08:49 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 03:35 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 03:16 - 2006-11-02 11:23 - 00000272 _____ C:\Windows\win.ini
2013-07-12 03:09 - 2012-12-17 21:49 - 75699896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-11 20:34 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-07-11 19:33 - 2012-11-11 23:38 - 00000000 ____D C:\Program Files\McAfee
2013-07-10 21:13 - 2013-07-10 21:13 - 00000000 ____D C:\Users\Carl-Jill\Documents\Car
2013-07-06 20:15 - 2013-03-12 22:07 - 00523685 _____ C:\Windows\system32\~.tmp
2013-07-03 20:09 - 2013-07-03 20:09 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-07-03 20:09 - 2013-07-03 20:07 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-07-03 20:09 - 2013-07-03 20:07 - 00000000 ____D C:\Program Files\iTunes
2013-07-03 20:07 - 2010-01-09 22:30 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-07-03 20:07 - 2010-01-08 21:43 - 00000000 ____D C:\Program Files\iPod
2013-07-03 19:57 - 2013-07-03 19:57 - 00001817 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-07-03 19:57 - 2012-11-12 22:54 - 00000000 ____D C:\Program Files\QuickTime

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

LastRegBack: 2013-07-11 20:26

==================== End Of Log ============================

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

You can run this from Safe Mode

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites
cnicklin

cnicklin

Posted
  • Author
Posted

Here you go, either I did not do smething right or something but did not seem to do anything.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-07-2013 02
Ran by Carl at 2013-07-19 19:55:44 Run:1
Running from C:\Users\Carl\Desktop
Boot Mode: Safe Mode (with Networking)

==============================================

==== End of Fixlog ====

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Sorry for the delay but I was traveling.

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
cnicklin

cnicklin

Posted
  • Author
Posted

I tried turning the antivirus off but my PC would not let me.  Here is my log.  Thanks

 

ComboFix 13-07-30.03 - Carl 30/07/2013  21:38:31.1.2 - x86 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3317.2815 [GMT 1:00]
Running from: c:\users\Carl\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Carl\AppData\Roaming\DataSafeDotNet.exe
c:\windows\system32\~.inf
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-28 to 2013-07-30  )))))))))))))))))))))))))))))))
.
.
2013-07-18 20:45 . 2013-07-18 20:45 -------- d-----w- C:\FRST
2013-07-18 20:14 . 2013-07-18 20:23 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-18 20:07 . 2013-07-18 20:25 -------- d-----w- c:\windows\ERUNT
2013-07-17 19:04 . 2013-07-17 19:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-17 19:04 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-17 19:04 . 2013-07-17 19:04 -------- d-----w- c:\users\Carl\AppData\Local\Programs
2013-07-17 17:59 . 2013-07-17 17:59 -------- d-----w- c:\program files\CCleaner
2013-07-17 17:22 . 2013-07-17 17:22 -------- d-----w- c:\users\Carl\malwareBytes
2013-07-11 18:47 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-07-11 18:47 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll
2013-07-11 18:47 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-11 18:47 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-07-11 18:47 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 18:47 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-11 18:47 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-11 18:47 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-03 19:07 . 2013-07-03 19:09 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-07-03 19:07 . 2013-07-03 19:09 -------- d-----w- c:\program files\iTunes
2013-07-03 18:57 . 2013-07-03 18:57 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-07-03 18:57 . 2013-07-03 18:57 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-07-03 18:57 . 2013-07-03 18:57 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-07-03 18:57 . 2013-07-03 18:57 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-07-03 18:57 . 2013-07-03 18:57 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-14 10:17 . 2012-06-01 07:14 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-14 10:17 . 2011-06-15 19:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-06 19:15 . 2013-03-12 21:07 523685 ----a-w- c:\windows\system32\~.tmp
2013-05-13 04:45 . 2013-06-12 18:42 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 18:42 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 04:45 . 2013-06-12 18:42 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 03:08 . 2013-06-12 18:42 903168 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 18:42 43008 ----a-w- c:\windows\system32\certenc.dll
2013-05-10 03:20 . 2013-06-12 18:42 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-08 05:38 . 2013-06-12 18:42 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06 . 2013-06-12 18:42 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-06 05:06 . 2013-06-12 18:42 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="TER" [X]
"GuideMenu"="U.EXE -HIDE" [X]
"Microsoft Default Manager"="AGER\DEFMGR.EXE -RESUME" [X]
"mcui_exe"="KEY" [X]
"Nikon Message Center 2"="KMC2.EXE -S" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-13 6609440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"BuffaloTools"="c:\program files\BUFFALO\BuffaloTools\BuffaloTools.exe" [2010-03-05 169336]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-22 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-10-29 106560]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-01-13 81920]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.362.0\BBSvc.exe [2012-02-13 193816]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-03 160944]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.362.0\SeaPort.exe [2012-02-13 240408]
R3 bftpusbx;BUFFALO TurboPC USB Filter;c:\windows\system32\drivers\bftpusbx.sys [2010-01-16 10624]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 60920]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2012-09-28 19456]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 146872]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-01-28 203080]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 92632]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-12 1343400]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 bftpdskc;BUFFALO TurboPC Cache Filter;c:\windows\system32\drivers\bftpdskc.sys [2010-01-08 39680]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 210608]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 169320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 172416]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 363080]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - cmderd
*Deregistered* - cmdGuard
*Deregistered* - cmdHlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-14 10:06 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 10:17]
.
2013-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-21 21:32]
.
2013-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-21 21:32]
.
.
------- Supplementary Scan -------
.

uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Adobe ARM - FILES\ADOBE\ARM\1.0\ADOBEARM.EXE
HKLM-Run-APSDaemon - .EXE
HKLM-Run-Broadcom Wireless Manager UI - DOWS\SYSTEM32\WLTRAY.EXE
HKLM-Run-Desktop Disc Tool - CHER.EXE
HKLM-Run-IgfxTray - DOWS\SYSTEM32\IGFXTRAY.EXE
HKLM-Run-HotKeysCmds - DOWS\SYSTEM32\HKCMD.EXE
HKLM-Run-Persistence - DOWS\SYSTEM32\IGFXPERS.EXE
HKLM-Run-Monitor - ITOR.EXE
HKLM-Run-iTunesHelper - ESHELPER.EXE
AddRemove-Eusing Free Registry Cleaner - c:\progra~1\EUSING~1\UNWISE.EXE
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe
AddRemove-{CA4C02DD-DCC6-3765-8E86-DD60497A1DCA} - c:\progra~2\INSTAL~1\{1DF16~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_      x   
 
 
  l
  n
 
  ’
  –
  ˜
  œ
  ž
  ¨
  ª
  Ê
  Ì
  Î
  Ð
  ø
  ú
      $   &   B   D   p   t   v   x   z   |   ~   ‚   ¨   ¬   ®   °   ²   ´   ¶   º   à   ä   æ   è   ê   ì   î   ò   H   L   N   P   R   T   V   Z   ^   p   r   t   v   ò
  ô
          "  $  .  0  ü÷üí÷üÜü÷ü÷ü÷ü÷ü÷ü÷ü÷ü÷ü÷ü÷üÎÉÎÂÎÉÎüÎÉÎÂÎÉÎüÎÉÎÂÎÉÎüÎÉÎÂÎÉÎü½üí÷üÜü÷ü÷ü÷ü÷     hLzÚ 6 hLzÚ 5>*  hLzÚ >*j    hLzÚ >*PJ QJ U !j    hLzÚ 5UmH nH tH uj    hLzÚ 5U  hLzÚ 5hLzÚ J   J  ©     Ÿ   l
  ö
    "   @   P   r   ò
  |  –  ¦  º  Ö 
  ˜  ¬  È  Þ  î  ý            ñ            ï            í          

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Okay this box is seriously still messed up.  We're going to be a bit more aggressive at trying to clean it up.

 

Please download the attached file CFScript.txt and save it to the same location as combofix.exe and then drag and drop it onto combofix.exe to have it run.

 

After it's done and has rebooted please try to run the following McAfee removal tool.

McAfee Removal Tool - MCPR.exe

 

Then after that reboots again please click on START and type in CMD.EXE and when it shows on the start menu right click over it and choose "Run as administrator"

 

Then in the DOS box type the following line by line and pressing the Enter key after each line.  Write down any error messages you get and post back on your next reply.

 

SC DELETE cfwids
SC DELETE HipShieldK
SC DELETE McAfee SiteAdvisor Service
SC DELETE McAWFwk
SC DELETE McComponentHostService
SC DELETE McMPFSvc
SC DELETE McNaiAnn
SC DELETE McOobeSv
SC DELETE mfefire
SC DELETE mfefirek
SC DELETE mferkdet
SC DELETE mfevtp
SC DELETE mfewfpk
SC DELETE SkypeUpdate
SC DELETE UMVPFSrv

 

Next please run a NEW FRST scan and post back that log as well.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

 

CFScript.txt

Link to post
Share on other sites
cnicklin

cnicklin

Posted
  • Author
Posted

The following messages:

 

SC DELETE cfwids [sC] OpenService FAILED 1060: The specified service does not exist as an installed service.
SC DELETE HipShieldK SUCCESS
SC DELETE McAfee SiteAdvisor Service [sC] OpenService FAILED 1060: The specified service does not exist as an installed service.
SC DELETE McAWFwk SUCCESS
SC DELETE McComponentHostService SUCCESS
SC DELETE McMPFSvc [sC] OpenService FAILED 1060: The specified service does not exist as an installed service.
SC DELETE McNaiAnn [sC] OpenService FAILED 1060: The specified service does not exist as an installed service.
SC DELETE McOobeSv [sC] OpenService FAILED 1060: The specified service does not exist as an installed service.
SC DELETE mfefire [sC] OpenService FAILED 1060: The specified service does not exist as an installed service.
SC DELETE mfefirek [sC] OpenService FAILED 1060: The specified service does not exist as an installed service.
SC DELETE mferkdet [sC] OpenService FAILED 1060: The specified service does not exist as an installed service.
SC DELETE mfevtp [sC] OpenService FAILED 1060: The specified service does not exist as an installed service.
SC DELETE mfewfpk [sC] OpenService FAILED 1060: The specified service does not exist as an installed service.
SC DELETE SkypeUpdate SUCCESS
SC DELETE UMVPFSrv SUCCESS

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 04
Ran by Carl (administrator) on 01-08-2013 22:01:16
Running from C:\Users\Carl\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) ===================

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6609440 2009-01-13] (Realtek Semiconductor)
HKLM\...\Run: [buffaloTools] - C:\Program Files\BUFFALO\BuffaloTools\BuffaloTools.exe [169336 2010-03-05] (BUFFALO INC.)
HKLM\...\Run: [GuideMenu] - U.EXE -HIDE [x]
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
HKU\Carl-Jill\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [ 2010-11-20] (Microsoft Corporation)
HKU\Carl-Jill\...\RunOnce: [DPAPIKeyMig] - C:\Windows\system32\dpapimig.exe [ 2009-07-14] (Microsoft Corporation)
Startup: C:\Users\Carl-Jill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
URLSearchHook: (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {CE6722A2-4177-447A-9F57-D2069132BE9E} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF7&pc=MDDC&src=IE-SearchBox
SearchScopes: HKCU - {3B61C9E7-9424-486C-B9DC-DE044D3AC688} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}
SearchScopes: HKCU - {5AD788AE-0654-4525-B72C-96167BFB9C74} URL = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {CE6722A2-4177-447A-9F57-D2069132BE9E} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF7&pc=MDDC&src=IE-SearchBox
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -  No File
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome:
=======

CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Platform SE 6 U13) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U13) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (SiteAdvisor) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0
CHR Extension: (Gmail) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation)
S2 ProtexisLicensing; C:\Program Files\Common Files\Protexis\License Service\PSIService.exe [174656 2006-11-02] ()
S3 RasMan; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 SensrSvc; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2009-06-03] (SupportSoft, Inc.)
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2006-06-14] (Ulead Systems, Inc.)
S3 WebClient; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2009-01-19] (Dell Inc.)
S3 WPDBusEnum; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 WPFFontCache_v0400;

==================== Drivers (Whitelisted) ====================

S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2009-01-19] (Broadcom Corporation)
R0 bftpdskc; C:\Windows\System32\drivers\bftpdskc.sys [39680 2010-01-08] (BUFFALO INC.)
S3 bftpusbx; C:\Windows\System32\drivers\bftpusbx.sys [10624 2010-01-16] (BUFFALO INC.)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2012-09-28] (LeapFrog)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
R3 Iviaspi; C:\Windows\System32\drivers\iviaspi.sys [10368 2009-11-01] (InterVideo, Inc.)
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
S3 pgfilter; C:\Program Files\PeerGuardian2\pgfilter.sys [8192 2007-06-02] ()
S3 catchme; \??\C:\Users\Carl\AppData\Local\Temp\catchme.sys [x]
U3 TrueSight; \??\C:\Windows\system32\TrueSight.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-01 21:21 - 2013-08-01 21:21 - 00010842 _____ C:\ComboFix.txt
2013-08-01 20:42 - 2013-08-01 20:35 - 01222064 _____ (Farbar) C:\Users\Carl\Desktop\FRST.exe
2013-08-01 20:41 - 2013-08-01 20:33 - 03191888 _____ (McAfee, Inc.) C:\Users\Carl\Desktop\MCPR.exe
2013-07-30 21:35 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-30 21:35 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-30 21:35 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-30 21:35 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-30 21:35 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-30 21:35 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-30 21:35 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-30 21:35 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-30 21:34 - 2013-08-01 21:21 - 00000000 ____D C:\Qoobox
2013-07-30 21:33 - 2013-07-30 22:12 - 00000000 ____D C:\Windows\erdnt
2013-07-30 21:33 - 2004-11-14 12:50 - 05095806 ____R (Swearware) C:\Users\Carl\Desktop\ComboFix.exe
2013-07-18 21:45 - 2013-07-18 21:45 - 00000000 ____D C:\FRST
2013-07-18 21:27 - 2013-07-18 21:28 - 00006441 _____ C:\AdwCleaner[s1].txt
2013-07-18 21:26 - 2013-07-18 21:26 - 00080970 _____ C:\Users\Carl\Desktop\JRT.txt
2013-07-18 21:24 - 2004-11-02 12:10 - 00559341 _____ (Oleg N. Scherbakov) C:\Users\Carl\Desktop\JRT.exe
2013-07-18 21:14 - 2013-07-18 21:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-18 21:11 - 2013-07-18 21:11 - 00004568 _____ C:\Users\Carl\Desktop\RKreport[0]_S_07182013_211121.txt
2013-07-18 21:09 - 2013-07-18 21:12 - 00000000 ____D C:\Users\Carl\Desktop\RK_Quarantine
2013-07-18 21:07 - 2013-07-18 21:25 - 00000000 ____D C:\Windows\ERUNT
2013-07-18 21:07 - 2013-07-18 21:07 - 00000824 _____ C:\Users\Carl\Desktop\NTREGOPT.lnk
2013-07-18 21:07 - 2013-07-18 21:07 - 00000805 _____ C:\Users\Carl\Desktop\ERUNT.lnk
2013-07-18 20:59 - 2013-08-01 20:42 - 00000000 ____D C:\Users\Carl\Documents\System Fix
2013-07-18 20:22 - 2013-07-18 20:22 - 00017408 _____ C:\Users\Carl\Desktop\dds.txt
2013-07-18 20:22 - 2013-07-18 20:22 - 00012460 _____ C:\Users\Carl\Desktop\attach.txt
2013-07-17 21:46 - 2013-07-17 21:46 - 00000000 ____D C:\Users\Carl\Documents\ExamQuest
2013-07-17 20:04 - 2013-07-17 20:04 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-17 20:04 - 2013-07-17 20:04 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-17 20:04 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-17 20:02 - 2004-11-01 11:15 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Carl\Documents\mbam-setup-1.75.0.1300.exe
2013-07-17 19:06 - 2013-07-17 19:06 - 00001025 _____ C:\Users\Carl\Desktop\Eusing Free Registry Cleaner.lnk
2013-07-17 18:59 - 2013-07-17 18:59 - 00000967 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-17 18:59 - 2013-07-17 18:59 - 00000000 ____D C:\Program Files\CCleaner
2013-07-17 18:22 - 2013-07-17 18:22 - 00000000 ____D C:\Users\Carl\malwareBytes
2013-07-17 10:49 - 2013-07-17 10:49 - 10285040 ____R (Malwarebytes Corporation                                    ) C:\Users\Carl\Desktop\New shortcut.lnk
2013-07-15 10:52 - 2013-07-15 10:52 - 00001033 _____ C:\Users\Carl\Desktop\AS+A2 Biology for AQA (2).lnk
2013-07-12 03:14 - 2013-06-12 00:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 03:14 - 2013-06-12 00:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 03:14 - 2013-06-12 00:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 03:14 - 2013-06-12 00:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 03:14 - 2013-06-12 00:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 03:14 - 2013-06-12 00:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 03:14 - 2013-06-12 00:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 03:14 - 2013-06-12 00:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 03:14 - 2013-06-12 00:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 03:14 - 2013-06-12 00:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 03:14 - 2013-06-12 00:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 03:14 - 2013-06-12 00:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 03:14 - 2013-06-12 00:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 03:14 - 2013-06-12 00:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 03:14 - 2013-06-11 23:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-12 03:14 - 2013-06-07 03:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 19:47 - 2013-06-05 04:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 19:47 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 19:47 - 2013-05-06 05:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 19:47 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 21:13 - 2013-07-10 21:13 - 00000000 ____D C:\Users\Carl-Jill\Documents\Car
2013-07-03 20:09 - 2013-07-03 20:09 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-07-03 20:07 - 2013-07-03 20:09 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-07-03 20:07 - 2013-07-03 20:09 - 00000000 ____D C:\Program Files\iTunes
2013-07-03 19:57 - 2013-07-03 19:57 - 00001817 _____ C:\Users\Public\Desktop\QuickTime Player.lnk

==================== One Month Modified Files and Folders =======

2013-08-01 21:46 - 2012-11-11 23:00 - 00730320 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-01 21:41 - 2012-11-11 22:34 - 00056714 _____ C:\Windows\PFRO.log
2013-08-01 21:40 - 2009-10-22 22:01 - 00000000 ____D C:\ProgramData\McAfee
2013-08-01 21:39 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\config\Journal
2013-08-01 21:38 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-01 21:21 - 2013-08-01 21:21 - 00010842 _____ C:\ComboFix.txt
2013-08-01 21:21 - 2013-07-30 21:34 - 00000000 ____D C:\Qoobox
2013-08-01 21:19 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2013-08-01 20:42 - 2013-07-18 20:59 - 00000000 ____D C:\Users\Carl\Documents\System Fix
2013-08-01 20:35 - 2013-08-01 20:42 - 01222064 _____ (Farbar) C:\Users\Carl\Desktop\FRST.exe
2013-08-01 20:33 - 2013-08-01 20:41 - 03191888 _____ (McAfee, Inc.) C:\Users\Carl\Desktop\MCPR.exe
2013-07-31 01:54 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2013-07-30 22:12 - 2013-07-30 21:33 - 00000000 ____D C:\Windows\erdnt
2013-07-30 21:38 - 2012-11-11 23:39 - 00001830 _____ C:\Users\Public\Desktop\McAfee Internet Security.lnk
2013-07-30 21:18 - 2012-11-11 22:04 - 00011440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-30 21:18 - 2012-11-11 22:04 - 00011440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-21 21:56 - 2009-10-29 21:28 - 00000000 ____D C:\Users\Carl\Tracing
2013-07-18 21:45 - 2013-07-18 21:45 - 00000000 ____D C:\FRST
2013-07-18 21:28 - 2013-07-18 21:27 - 00006441 _____ C:\AdwCleaner[s1].txt
2013-07-18 21:26 - 2013-07-18 21:26 - 00080970 _____ C:\Users\Carl\Desktop\JRT.txt
2013-07-18 21:25 - 2013-07-18 21:07 - 00000000 ____D C:\Windows\ERUNT
2013-07-18 21:23 - 2013-07-18 21:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-18 21:12 - 2013-07-18 21:09 - 00000000 ____D C:\Users\Carl\Desktop\RK_Quarantine
2013-07-18 21:11 - 2013-07-18 21:11 - 00004568 _____ C:\Users\Carl\Desktop\RKreport[0]_S_07182013_211121.txt
2013-07-18 21:07 - 2013-07-18 21:07 - 00000824 _____ C:\Users\Carl\Desktop\NTREGOPT.lnk
2013-07-18 21:07 - 2013-07-18 21:07 - 00000805 _____ C:\Users\Carl\Desktop\ERUNT.lnk
2013-07-18 20:22 - 2013-07-18 20:22 - 00017408 _____ C:\Users\Carl\Desktop\dds.txt
2013-07-18 20:22 - 2013-07-18 20:22 - 00012460 _____ C:\Users\Carl\Desktop\attach.txt
2013-07-17 21:46 - 2013-07-17 21:46 - 00000000 ____D C:\Users\Carl\Documents\ExamQuest
2013-07-17 20:04 - 2013-07-17 20:04 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-17 20:04 - 2013-07-17 20:04 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-17 19:06 - 2013-07-17 19:06 - 00001025 _____ C:\Users\Carl\Desktop\Eusing Free Registry Cleaner.lnk
2013-07-17 18:59 - 2013-07-17 18:59 - 00000967 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-17 18:59 - 2013-07-17 18:59 - 00000000 ____D C:\Program Files\CCleaner
2013-07-17 18:22 - 2013-07-17 18:22 - 00000000 ____D C:\Users\Carl\malwareBytes
2013-07-17 18:22 - 2012-11-11 22:06 - 00000000 ____D C:\Users\Carl
2013-07-17 18:18 - 2009-07-14 05:53 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-17 10:49 - 2013-07-17 10:49 - 10285040 ____R (Malwarebytes Corporation                                    ) C:\Users\Carl\Desktop\New shortcut.lnk
2013-07-16 22:33 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2013-07-15 10:52 - 2013-07-15 10:52 - 00001033 _____ C:\Users\Carl\Desktop\AS+A2 Biology for AQA (2).lnk
2013-07-14 13:31 - 2012-11-11 22:49 - 01974952 _____ C:\Windows\WindowsUpdate.log
2013-07-14 11:17 - 2012-06-01 08:14 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-07-14 11:17 - 2011-06-15 20:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-07-14 11:09 - 2012-09-03 21:37 - 00002131 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-14 11:07 - 2009-10-30 09:28 - 00000000 ____D C:\Users\Carl\AppData\Local\Adobe
2013-07-14 10:53 - 2009-07-14 05:39 - 01849505 _____ C:\Windows\setupact.log
2013-07-12 21:30 - 2009-11-01 20:28 - 00000000 ____D C:\Carl's Stuff
2013-07-12 03:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-12 03:37 - 2009-07-14 05:33 - 00412904 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 03:36 - 2009-10-22 21:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 03:35 - 2009-07-14 08:49 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 03:35 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 03:16 - 2006-11-02 11:23 - 00000272 _____ C:\Windows\win.ini
2013-07-12 03:09 - 2012-12-17 21:49 - 75699896 _____ (Microsoft Corporation)W5=ɩy@NJ~=߹:03fu2M
wI?7aI+e2BR,,MA{甿(L'tbe7. b*e
V]Uq+Z;!m`.&=UǁÆJdW{>BuQA-竧LqB.MS?G}to2uNl8p}5]V;-h]乯I mlQe_v.bYMblEvc CuWVlrE~#B/prL ,pQhٴjOTХZYTdOGcA8Gg2Q}o\lA#Ghr2Wݝݻ-JAIЯ[8eL ɏRoYԭG:a튠Q%_׽ejCT*Q mV/Lc Ӌdy]rW Ak,<B0a*
*H]+u="XݿQUS:aӲɚ0 GZh2ZړS28I>znz£d PSE;iqeat8 XZnz܄FM>:x:{0}a8߲_\y_{|!
,灊BIoj7\mY<dWO$#0UUlCq (75tΨL҃>fbhMz
;5^<_I9ͬ<CU6%˶=hcn0Ҙ>eԠZtoFů
k$Zֺ ŕk:ZYTC5ea?/T]  }fkT[98X/Yp1:bMbK/FD~NbP[ER,6rn8-ՀSBYxUۢܺOwN;:xx6k^N8іG'}*]
0M[x;7FPF֢qƈ*L$?oZ4kgӌk -FjIgd]g?8VBF+<!=zNNL.^dEGv#EWM
7h 2,:L>Ɂ>"[j*8ɡ]XTjPPu@pZVndÝ mj,a5BXWىܱKI
2a%3zl9_/.&XMEӉk
/iL65Qn/? {ف.s
H@XQ ~$7myUԳD(]q
/ǹ0뽩Lf*f0XǨs"7Wf%d

 

 

ADDITION:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-07-2013 04
Ran by Carl at 2013-08-01 22:02:17
Running from C:\Users\Carl\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Installed Programs =======================

Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Additional ActiveTeach (Version: 1.00.0000)
Additional TTPP (Version: 1.00.0000)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader 9.5.3 (Version: 9.5.3)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
AS+A2 Biology for AQA (Version: 1.0.0.0)
Bonjour (Version: 3.0.0.10)
BUFFALO BuffaloTools Launcher
BUFFALO TurboCopy
BUFFALO TurboPC for FLASH/HDD
Bullzip PDF Printer 7.1.0.1218 (Version: 7.1.0.1218)
CameraHelperMsi (Version: 13.25.1010.0)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.4.0.9)
Canon Camera Window MC 6 for ZoomBrowser EX (Version: 6.3.0.8)
Canon G.726 WMP-Decoder (Version: 1.1.0.4)
CANON iMAGE GATEWAY Registration Guide (Version: 1.0.0.2)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.3.1.5)
Canon Internet Library for ZoomBrowser EX (Version: 1.5.1.4)
Canon MovieEdit Task for ZoomBrowser EX (Version: 2.4.0.14)
Canon RAW Image Task for ZoomBrowser EX (Version: 0.9.3.9)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.7.0.8)
Canon Utilities ZoomBrowser EX (Version: 5.8.0.74)
CCleaner (Version: 3.25)
Championship Manager 2007 (Version: 7.0.0)
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
CM 03-04 (Version: 4.1.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Copy+
Corel GuideMenu (Version: 1.00.0000)
D3DX10 (Version: 15.4.2368.0902)
Dell Dock (Version: 2.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.2.09085)
Dell Wireless WLAN Card Utility (Version: 5.10.38.30)
Driver Mender (Version: 8.0.1)
erLT (Version: 1.20.138.34)
ERUNT 1.1j
Extension ActiveTeach (Version: 1.00.0000)
Extension TTPP (Version: 1.00.0000)
Google Chrome (Version: 28.0.1500.72)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.153)
GoToAssist 8.0.0.514
GPL Ghostscript Lite 8.70
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel® TV Wizard
InterVideo WinDVD SE (Version: 8.0-B6.196)
iPod for Windows 2005-09-06 (Version: 3.8.0)
iTunes (Version: 11.0.4.4)
Java 6 Update 13 (Version: 6.0.130)
Junk Mail filter update (Version: 15.4.3502.0922)
LeapFrog Connect (Version: 4.2.9.15649)
LeapFrog Tag Plugin (Version: 4.2.9.15649)
Logitech Vid HD (Version: 7.2 (7248))
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.20.1166.0)
LWS Gallery (Version: 13.20.1166.0)
LWS Help_main (Version: 13.25.1016.0)
LWS Launcher (Version: 13.20.1166.0)
LWS Motion Detection (Version: 13.20.1176.0)
LWS Pictures And Video (Version: 13.25.1010.0)
LWS Twitter (Version: 13.20.1166.0)
LWS Video Mask Maker (Version: 13.10.1216.0)
LWS VideoEffects (Version: 13.25.1005.0)
LWS Webcam Software (Version: 13.20.1168.0)
LWS WLM Plugin (Version: 1.20.1166.0)
LWS YouTube Plugin (Version: 13.20.1166.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.0.318.3)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Default Manager (Version: 2.1.54.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.58299)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft XML Parser (Version: 8.20.8730.4)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nikon Message Center 2 (Version: 2.1.0)
Nikon Movie Editor (Version: 2.3.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Onzo Uploader (Version: 1.14.675)
PC Connectivity Solution (Version: 8.47.7.0)
PDFCreator (Version: 1.1.0)
PeerGuardian 2.0 (Version: 2.1.0.2)
Picture Control Utility (Version: 1.4.2)
Planning and Personalisation Tool (Version: 1.0.8)
Planning and Personalisation Tool (Version: 1.0.9)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver
Roxio Burn (Version: 1.0)
Roxio Burn (Version: 1.0.0)
Roxio Update Manager (Version: 6.0.0)
SAMSUNG SYMBIAN USB Download Driver (Version: 1.1.808.7165)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.650.0)
SamsungConnectivityCableDriver (Version: 6.83.6.2.1)
Science ActiveTeach (Version: 1.00.0000)
Science AP (Version: 1.00.0000)
Science TTPP (Version: 1.00.0000)
Segoe UI (Version: 15.4.2271.0615)
Shared C Run-time for x86 (Version: 10.0.0)
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.10 (Version: 5.10.116)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
swMSM (Version: 12.0.0.1)
TomTom HOME 2.7.3.1894 (Version: 2.7.3.1894)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Twenty First Century Additional Applied Science iPack (Version: 1.00.0000)
Twenty First Century Additional Science iPack (Version: 1.00.0000)
Twenty First Century Science iPack (Version: 1.00.0000)
Ulead DVD MovieFactory SE (Version: 5.6)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (Version: 4.2.9.15649)
ViewNX 2 (Version: 2.3.0)
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (Version: 11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
WinZip (Version:  8.1  (4331))
Yahoo! Install Manager
Year 7 ActiveTeach (Version: 1.0.0)
Year 7 Activity Pack (Version: 1.0.0)
Year 7 Assessment Pack (Version: 1.0.0)
Year 7 Planning Guide (Version: 1.0.0)
Year 8 ActiveTeach (Version: 1.0.0)
Year 8 Activity Pack (Version: 1.0.0)
Year 8 Assessment Pack (Version: 1.0.0)
Year 8 Planning Guide (Version: 1.0.0)
Year 9 ActiveTeach (Version: 1.0.0)
Year 9 Activity Pack (Version: 1.0.0)
Year 9 Assessment Pack (Version: 1.0.0)
Year 9 Planning Guide (Version: 1.0.0)
 

.

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please delete your current copy of combofix and download a new fresh copy and run it.

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites
cnicklin

cnicklin

Posted
  • Author
Posted

Once again thanks for your continued help it is greatly appreciated.  Are we getting any closer to resolving my issues?  Here is my ComboFix log.

 

ComboFix 13-08-02.03 - Carl 03/08/2013  20:55:15.3.2 - x86 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3317.2804 [GMT 1:00]
Running from: c:\users\Carl\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-03 to 2013-08-03  )))))))))))))))))))))))))))))))
.
.
2013-08-03 20:03 . 2013-08-03 20:03 -------- d-----w- c:\users\Jill-Carl\AppData\Local\temp
2013-08-03 20:03 . 2013-08-03 20:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-03 20:03 . 2013-08-03 20:03 -------- d-----w- c:\users\Carl-Jill\AppData\Local\temp
2013-08-01 20:21 . 2013-08-03 20:03 -------- d-----w- c:\users\Carl\AppData\Local\temp
2013-07-18 20:45 . 2013-07-18 20:45 -------- d-----w- C:\FRST
2013-07-18 20:14 . 2013-07-18 20:23 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-18 20:07 . 2013-07-18 20:25 -------- d-----w- c:\windows\ERUNT
2013-07-17 19:04 . 2013-07-17 19:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-17 19:04 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-17 19:04 . 2013-07-17 19:04 -------- d-----w- c:\users\Carl\AppData\Local\Programs
2013-07-17 17:59 . 2013-07-17 17:59 -------- d-----w- c:\program files\CCleaner
2013-07-17 17:22 . 2013-07-17 17:22 -------- d-----w- c:\users\Carl\malwareBytes
2013-07-11 18:47 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-07-11 18:47 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll
2013-07-11 18:47 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-11 18:47 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-07-11 18:47 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 18:47 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-11 18:47 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-11 18:47 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-11 18:47 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-11 18:47 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-11 18:47 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-14 10:17 . 2012-06-01 07:14 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-14 10:17 . 2011-06-15 19:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-06 19:15 . 2013-03-12 21:07 523685 ----a-w- c:\windows\system32\~.tmp
2013-05-13 04:45 . 2013-06-12 18:42 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 18:42 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 04:45 . 2013-06-12 18:42 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 03:08 . 2013-06-12 18:42 903168 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 18:42 43008 ----a-w- c:\windows\system32\certenc.dll
2013-05-10 03:20 . 2013-06-12 18:42 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-08 05:38 . 2013-06-12 18:42 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06 . 2013-06-12 18:42 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-06 05:06 . 2013-06-12 18:42 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GuideMenu"="U.EXE -HIDE" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-13 6609440]
"BuffaloTools"="c:\program files\BUFFALO\BuffaloTools\BuffaloTools.exe" [2010-03-05 169336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-01-13 81920]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.362.0\BBSvc.exe [2012-02-13 193816]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-21 136176]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.362.0\SeaPort.exe [2012-02-13 240408]
R3 bftpusbx;BUFFALO TurboPC USB Filter;c:\windows\system32\drivers\bftpusbx.sys [2010-01-16 10624]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2012-09-28 19456]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-21 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-12 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 bftpdskc;BUFFALO TurboPC Cache Filter;c:\windows\system32\drivers\bftpdskc.sys [2010-01-08 39680]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - cmderd
*Deregistered* - cmdGuard
*Deregistered* - cmdHlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-14 10:06 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.

uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-03  21:04:59
ComboFix-quarantined-files.txt  2013-08-03 20:04
ComboFix2.txt  2013-08-01 20:21
ComboFix3.txt  2013-07-30 21:13
.
Pre-Run: 204,768,620,544 bytes free
Post-Run: 204,620,451,840 bytes free
.
- - End Of File - - 204C04FCBEE12DF1905E031DBABD29A4
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Well that log looks much better but not sure we're out of the woods just yet.  Let me have you run the following.

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender

    [*]Press "Scan". [*]It will create a log (FSS.txt) in the same directory the tool is run. [*]Please copy and paste the log to your reply.


 

 

 

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.
 
 
Then run this one as well.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


 

 

I'll check back on you when I can.   Thanks

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Let's try this tool again.

 

Please download Malwarebytes Anti-Rootkit from HERE
If needed there is a self help tutorial here: MBAR tutorial

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

Link to post
Share on other sites
cnicklin

cnicklin

Posted
  • Author
Posted

I still have no internet connection on my infected PC so I updated the software on one PC and transferred the directory to the infected PC and ran it.  I also cannot run any programs in normal mode so have to run everything in Safe mode.  Here are the logs.

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.08.06.07

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16635
Carl :: HOME-PC [administrator]

06/08/2013 20:55:10
mbar-log-2013-08-06 (20-55-10).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 272641
Time elapsed: 7 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 牁慩䄨慲楢⥣紻屻㕦尶扦摩⁩晜睳獩屳捦慨獲瑥㠱尶灦煲′牁慩慂瑬捩紻屻㕦尷扦摩⁩晜睳獩

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.398000 GHz
Memory total: 400777216, free: 127361024

Downloaded database version: v2013.08.06.07
Downloaded database version: v2013.07.29.01
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 10.0.9200.16635

Java version: 1.6.0_13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.926000 GHz
Memory total: 3478310912, free: 3055792128

Host not found
Initializing...
DDA Driver installation error.
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 10.0.9200.16635

Java version: 1.6.0_13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.926000 GHz
Memory total: 3478310912, free: 3087654912

Initializing...
------------ Kernel report ------------
     08/06/2013 20:55:06
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\bftpdskc.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl6.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\drivers\iviaspi.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\drivers\USBSTOR.SYS
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\lpk.dll
\Windows\System32\shlwapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\sechost.dll
\Windows\System32\clbcatq.dll
\Windows\System32\imagehlp.dll
\Windows\System32\imm32.dll
\Windows\System32\psapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\urlmon.dll
\Windows\System32\msvcrt.dll
\Windows\System32\user32.dll
\Windows\System32\advapi32.dll
\Windows\System32\nsi.dll
\Windows\System32\wininet.dll
\Windows\System32\shell32.dll
\Windows\System32\difxapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\msctf.dll
\Windows\System32\ole32.dll
\Windows\System32\usp10.dll
\Windows\System32\kernel32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\setupapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\iertutil.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xffffffff865b3030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000069\
Lower Device Object: 0xffffffff870e1030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff870e0ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000068\
Lower Device Object: 0xffffffff870c7030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff870e0030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000067\
Lower Device Object: 0xffffffff870c79b8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff870e18b8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000066\
Lower Device Object: 0xffffffff870c66d0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff865b8ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000063\
Lower Device Object: 0xffffffff8659d030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85ecc030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff85a56908
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85ecc030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff860d0020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85ecd018, DeviceName: Unknown, DriverName: \Driver\bftpdskc\
DevicePointer: 0xffffffff85ecc030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85a63918, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85a56908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\bftpdskc\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A0000000

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 128457

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 129024  Numsec = 31457280

    Partition 2 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 31586304  Numsec = 1218674688
    Partition file system is NTFS
    Partition is bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1250243728-1250263728)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff865b8ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff865ab020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff865b8ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8659d030, DeviceName: \Device\00000063\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18

Partition information:

    Partition 0 type is Other (0x6)
    Partition is ACTIVE.
    Partition starts at LBA: 32  Numsec = 3963872
    Partition file system is FAT
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2029518848 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff870e18b8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff870e1598, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff870e18b8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff870c66d0, DeviceName: \Device\00000066\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff870e0030, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff870c36b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff870e0030, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff870c79b8, DeviceName: \Device\00000067\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff870e0ac8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff870e07a8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff870e0ac8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff870c7030, DeviceName: \Device\00000068\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xffffffff865b3030, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff865b3d10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff865b3030, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff870e1030, DeviceName: \Device\00000069\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================

Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_2_31586304_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_1_0_32_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removal finished

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Okay, please delete the current copy of combofix and download a new fresh copy from your other computer and copy over to the affected computer and run it.

Then post back the new log.

 

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

 

Also, please try the same thing with this tool.

 

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.
 
 
 
and this one too.   We need to see if one of the services is screwed up causing this
 
 
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender

    [*]Press "Scan". [*]It will create a log (FSS.txt) in the same directory the tool is run. [*]Please copy and paste the log to your reply.


 

Link to post
Share on other sites
cnicklin

cnicklin

Posted
  • Author
Posted

Here are the log files as requested.

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Carl (administrator) on 07-08-2013 at 22:05:16
Running from "C:\Users\Carl\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

 

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Home-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Dell Wireless 1505 Draft 802.11n WLAN Mini-Card
   Physical Address. . . . . . . . . : 0C-60-76-61-CA-00
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::9d30:c7b3:1e33:3981%11(Preferred)
   Autoconfiguration IPv4 Address. . : 169.254.57.129(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8102E/8103E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
   Physical Address. . . . . . . . . : 00-25-64-D3-5D-71
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{33585A1F-6F5D-48E9-A812-384736288978}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.0.1

Ping request could not find host google.com. Please check the name and try again.
Server:  UnKnown
Address:  192.168.0.1

Ping request could not find host yahoo.com. Please check the name and try again.
Unable to contact IP driver. General failure.
===========================================================================
Interface List
 11...0c 60 76 61 ca 00 ......Dell Wireless 1505 Draft 802.11n WLAN Mini-Card
 10...00 25 64 d3 5d 71 ......Realtek RTL8102E/8103E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link    169.254.57.129    281
   169.254.57.129  255.255.255.255         On-link    169.254.57.129    281
  169.254.255.255  255.255.255.255         On-link    169.254.57.129    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    169.254.57.129    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    169.254.57.129    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    281 fe80::/64                On-link
 11    281 fe80::9d30:c7b3:1e33:3981/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/07/2013 09:46:52 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (08/07/2013 09:46:52 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.

Operation:
   Instantiating VSS server

Error: (08/07/2013 09:46:52 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]

Operation:
   Instantiating VSS server

Error: (08/07/2013 09:46:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2013 10:25:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2013 08:55:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2013 08:32:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2013 08:28:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2013 09:28:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2013 09:25:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (08/07/2013 10:04:17 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/07/2013 10:04:11 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/07/2013 10:04:04 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/07/2013 10:04:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/07/2013 10:04:00 PM) (Source: Service Control Manager) (User: )
Description: The Workstation service depends the following service: NSI. This service might not be installed.

Error: (08/07/2013 10:04:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/07/2013 10:04:00 PM) (Source: Service Control Manager) (User: )
Description: The Workstation service depends the following service: NSI. This service might not be installed.

Error: (08/07/2013 10:04:00 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service depends the following service: NSI. This service might not be installed.

Error: (08/07/2013 10:04:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/07/2013 10:04:00 PM) (Source: Service Control Manager) (User: )
Description: The Workstation service depends the following service: NSI. This service might not be installed.

Microsoft Office Sessions:
=========================
Error: (08/07/2013 09:46:52 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

Error: (08/07/2013 09:46:52 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode

Operation:
   Instantiating VSS server

Error: (08/07/2013 09:46:52 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode

Operation:
   Instantiating VSS server

Error: (08/07/2013 09:46:16 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2013 10:25:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2013 08:55:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2013 08:32:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2013 08:28:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2013 09:28:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2013 09:25:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
  Date: 2013-07-17 20:23:57.854
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-17 20:23:57.839
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-17 20:23:57.839
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2010-06-01 22:15:59.399
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-06-01 22:14:39.974
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-06-01 22:07:02.360
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-06-01 22:03:17.288
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-06-01 22:01:58.653
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-06-01 21:58:59.749
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-06-01 21:54:42.378
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Additional ActiveTeach (Version: 1.00.0000)
Additional TTPP (Version: 1.00.0000)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader 9.5.3 (Version: 9.5.3)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
AS+A2 Biology for AQA (Version: 1.0.0.0)
Bonjour (Version: 3.0.0.10)
BUFFALO BuffaloTools Launcher
BUFFALO TurboCopy
BUFFALO TurboPC for FLASH/HDD
Bullzip PDF Printer 7.1.0.1218 (Version: 7.1.0.1218)
CameraHelperMsi (Version: 13.25.1010.0)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.4.0.9)
Canon Camera Window MC 6 for ZoomBrowser EX (Version: 6.3.0.8)
Canon G.726 WMP-Decoder (Version: 1.1.0.4)
CANON iMAGE GATEWAY Registration Guide (Version: 1.0.0.2)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.3.1.5)
Canon Internet Library for ZoomBrowser EX (Version: 1.5.1.4)
Canon MovieEdit Task for ZoomBrowser EX (Version: 2.4.0.14)
Canon RAW Image Task for ZoomBrowser EX (Version: 0.9.3.9)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.7.0.8)
Canon Utilities ZoomBrowser EX (Version: 5.8.0.74)
CCleaner (Version: 3.25)
Championship Manager 2007 (Version: 7.0.0)
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
CM 03-04 (Version: 4.1.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Copy+
Corel GuideMenu (Version: 1.00.0000)
D3DX10 (Version: 15.4.2368.0902)
Dell Dock (Version: 2.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.2.09085)
Dell Wireless WLAN Card Utility (Version: 5.10.38.30)
Driver Mender (Version: 8.0.1)
erLT (Version: 1.20.138.34)
ERUNT 1.1j
Extension ActiveTeach (Version: 1.00.0000)
Extension TTPP (Version: 1.00.0000)
Google Chrome (Version: 28.0.1500.72)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.153)
GoToAssist 8.0.0.514
GPL Ghostscript Lite 8.70
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel® TV Wizard
InterVideo WinDVD SE (Version: 8.0-B6.196)
iPod for Windows 2005-09-06 (Version: 3.8.0)
iTunes (Version: 11.0.4.4)
Java 6 Update 13 (Version: 6.0.130)
Junk Mail filter update (Version: 15.4.3502.0922)
LeapFrog Connect (Version: 4.2.9.15649)
LeapFrog Tag Plugin (Version: 4.2.9.15649)
Logitech Vid HD (Version: 7.2 (7248))
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.20.1166.0)
LWS Gallery (Version: 13.20.1166.0)
LWS Help_main (Version: 13.25.1016.0)
LWS Launcher (Version: 13.20.1166.0)
LWS Motion Detection (Version: 13.20.1176.0)
LWS Pictures And Video (Version: 13.25.1010.0)
LWS Twitter (Version: 13.20.1166.0)
LWS Video Mask Maker (Version: 13.10.1216.0)
LWS VideoEffects (Version: 13.25.1005.0)
LWS Webcam Software (Version: 13.20.1168.0)
LWS WLM Plugin (Version: 1.20.1166.0)
LWS YouTube Plugin (Version: 13.20.1166.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.0.318.3)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Default Manager (Version: 2.1.54.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.58299)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft XML Parser (Version: 8.20.8730.4)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nikon Message Center 2 (Version: 2.1.0)
Nikon Movie Editor (Version: 2.3.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Onzo Uploader (Version: 1.14.675)
PC Connectivity Solution (Version: 8.47.7.0)
PDFCreator (Version: 1.1.0)
PeerGuardian 2.0 (Version: 2.1.0.2)
Picture Control Utility (Version: 1.4.2)
Planning and Personalisation Tool (Version: 1.0.8)
Planning and Personalisation Tool (Version: 1.0.9)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver
Roxio Burn (Version: 1.0)
Roxio Burn (Version: 1.0.0)
Roxio Update Manager (Version: 6.0.0)
SAMSUNG SYMBIAN USB Download Driver (Version: 1.1.808.7165)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.650.0)
SamsungConnectivityCableDriver (Version: 6.83.6.2.1)
Science ActiveTeach (Version: 1.00.0000)
Science AP (Version: 1.00.0000)
Science TTPP (Version: 1.00.0000)
Segoe UI (Version: 15.4.2271.0615)
Shared C Run-time for x86 (Version: 10.0.0)
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.10 (Version: 5.10.116)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
swMSM (Version: 12.0.0.1)
TomTom HOME 2.7.3.1894 (Version: 2.7.3.1894)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Twenty First Century Additional Applied Science iPack (Version: 1.00.0000)
Twenty First Century Additional Science iPack (Version: 1.00.0000)
Twenty First Century Science iPack (Version: 1.00.0000)
Ulead DVD MovieFactory SE (Version: 5.6)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (Version: 4.2.9.15649)
ViewNX 2 (Version: 2.3.0)
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (Version: 11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
WinZip (Version:  8.1  (4331))
Yahoo! Install Manager
Year 7 ActiveTeach (Version: 1.0.0)
Year 7 Activity Pack (Version: 1.0.0)
Year 7 Assessment Pack (Version: 1.0.0)
Year 7 Planning Guide (Version: 1.0.0)
Year 8 ActiveTeach (Version: 1.0.0)
Year 8 Activity Pack (Version: 1.0.0)
Year 8 Assessment Pack (Version: 1.0.0)
Year 8 Planning Guide (Version: 1.0.0)
Year 9 ActiveTeach (Version: 1.0.0)
Year 9 Activity Pack (Version: 1.0.0)
Year 9 Assessment Pack (Version: 1.0.0)
Year 9 Planning Guide (Version: 1.0.0)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 11%
Total physical RAM: 3317.18 MB
Available physical RAM: 2946.54 MB
Total Pagefile: 6632.64 MB
Available Pagefile: 6279.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.86 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:581.11 GB) (Free:190.93 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.29 GB) NTFS
3 Drive e: (130717_1726) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
8 Drive l: (FULLARTON) (Removable) (Total:1.89 GB) (Free:0.45 GB) FAT

========================= Users: ========================================

User accounts for \\

Administrator            Carl                     Carl-Jill               
Guest                    Jill-Carl               

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

 

Farbar Service Scanner Version: 04-08-2013
Ran by Carl (administrator) on 07-08-2013 at 22:08:31
Running from "C:\Users\Carl\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Nsi Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

PlugPlay Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist.

Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-11 19:47] - [2013-05-27 05:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

combo fix log.txt

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

There we go, that shows why the network is not working.   Please download MBAR and extract the files and in there you'll find in the plugin folder a file named FIXDAMAGE.EXE please copy that to the affected computer, then right click over it and choose "Run as administrator and reboot the computer.

 

Then let me know if that fixed the network or not.

 

Please download Malwarebytes Anti-Rootkit from HERE
If needed there is a self help tutorial here: MBAR tutorial
 

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

 

Link to post
Share on other sites
cnicklin

cnicklin

Posted
  • Author
Posted

No it has not fixed my internet connection still the same.  I ran the fix it item and it ran and rebotted but did not seem to fix it.  I then ran MBAR but it culd not update but here are the logs.

 

Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org

Database version: v2013.08.07.08

Windows 7 Service Pack 1 x86 FAT (Safe Mode/Networking)
Internet Explorer 10.0.9200.16635
Carl :: HOME-PC [administrator]

11/08/2013 14:53:34
mbar-log-2013-08-11 (14-53-34).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 272742
Time elapsed: 10 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

----------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 10.0.9200.16635

Java version: 1.6.0_13

File system is: FAT
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.926000 GHz
Memory total: 3478310912, free: 3079573504

=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 10.0.9200.16635

Java version: 1.6.0_13

File system is: FAT
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.926000 GHz
Memory total: 3478310912, free: 3085901824

Initializing...
------------ Kernel report ------------
     08/11/2013 14:51:58
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\bftpdskc.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl6.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\drivers\iviaspi.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\system32\drivers\USBSTOR.SYS
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\framebuf.dll
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\normaliz.dll
\Windows\System32\shlwapi.dll
\Windows\System32\shell32.dll
\Windows\System32\msctf.dll
\Windows\System32\iertutil.dll
\Windows\System32\kernel32.dll
\Windows\System32\setupapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\psapi.dll
\Windows\System32\user32.dll
\Windows\System32\lpk.dll
\Windows\System32\ole32.dll
\Windows\System32\usp10.dll
\Windows\System32\gdi32.dll
\Windows\System32\imm32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\Wldap32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\sechost.dll
\Windows\System32\ws2_32.dll
\Windows\System32\advapi32.dll
\Windows\System32\urlmon.dll
\Windows\System32\imagehlp.dll
\Windows\System32\wininet.dll
\Windows\System32\difxapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\nsi.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xffffffff8707bac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000069\
Lower Device Object: 0xffffffff87058498
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff87078ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000068\
Lower Device Object: 0xffffffff87056498
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff87075ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000067\
Lower Device Object: 0xffffffff87053498
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff8715a160
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000066\
Lower Device Object: 0xffffffff87047498
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8707cac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000063\
Lower Device Object: 0xffffffff8659b4f8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85ecc030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff85a56908
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85ecc030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85ecc908, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85ecd018, DeviceName: Unknown, DriverName: \Driver\bftpdskc\
DevicePointer: 0xffffffff85ecc030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8515c900, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85a56908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\bftpdskc\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A0000000

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 128457

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 129024  Numsec = 31457280

    Partition 2 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 31586304  Numsec = 1218674688
    Partition file system is NTFS
    Partition is bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1250243728-1250263728)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8707cac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff865b0500, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8707cac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8659b4f8, DeviceName: \Device\00000063\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18

Partition information:

    Partition 0 type is Other (0x6)
    Partition is ACTIVE.
    Partition starts at LBA: 32  Numsec = 3963872
    Partition file system is FAT
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2029518848 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff8715a160, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87052500, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8715a160, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87047498, DeviceName: \Device\00000066\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff87075ac8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87054500, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87075ac8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87053498, DeviceName: \Device\00000067\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff87078ac8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8705b500, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87078ac8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87056498, DeviceName: \Device\00000068\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xffffffff8707bac8, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8705c500, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8707bac8, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87058498, DeviceName: \Device\00000069\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================

Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_2_31586304_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_1_0_32_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removal finished

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept