Jump to content

Multiple Crashes, Freezes, Unable to read Minidumps (settings changed by malware?)

ralphyde

By ralphyde
in Resolved Malware Removal Logs

 Share

Recommended Posts

ralphyde

ralphyde

Posted
Posted

This topic was transferred from the PC General Help forum at

https://forums.malwarebytes.org/index.php?showtopic=133977

 

by request of Ron Lewis.

 

That topic was transferred from this forum to PC General Help where it was originally:

https://forums.malwarebytes.org/index.php?showtopic=133795

 

 

Ron said; "Please go back into the Malware removal forum and start a new topic and link to this one and ask for me and we'll do some deeper scans for malware and I'll automate getting one or more of the dump files for you."

 

The specific problem we got hung up on is that I have been unable to Zip the Minidump dmp files for further debugging, because permission to read has been disabled, possibly due to malware changes.

 

Malwarebytes Pro finds no malware, now, but in the past I had several trojans removed, including Exploit, Open-Candy, and another I can't recall the name of now.  There was also a program called "Smart PC Fix" which I never executed, but which appeared on my desktop for awhile.

 

Thanks for your help,

Link to post
Share on other sites
  • Replies 53
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hello

Before we get started please read the following and post back the requested logs. I would like to scan the system for potential threats myself and then we'll move on from there. Thanks

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Before we proceed further, please read all of the following instructions carefully.

If there is anything that you do not understand kindly ask before proceeding.

If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)
STEP 0

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes

so that your normal security software can then run and clean your computer of infections.

When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies

that stop us from using certain tools. When finished it will display a log file that shows the processes that were

terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot

your computer as any malware processes that are configured to start automatically will just be started again.

Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1

Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
STEP 02

Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.
Link to post
Share on other sites
ralphyde

ralphyde

Posted
  • Author
Posted

Had to run this in Safe Mode with Networking, as normal startup

would only run for a few minutes without freezing up, requiring forced shutdown.

 

Here's the Rkill run:  This was previously run a few weeks ago, but I downloaded a fresh copy.

 

Rkill 2.6.1 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 10/13/2013 11:22:22 AM in x86 mode. (Safe Mode)
Windows Version: Windows Vista Home Premium Service Pack 2
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
  ::1             localhost
 
Program finished at: 10/13/2013 11:29:26 AM
Execution time: 0 hours(s), 7 minute(s), and 3 seconds(s)
 
================================================================================
 
And here's the Rogue Killer report:
 
 
RogueKiller V8.7.2 [Oct  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User : Ralph [Admin rights]
Mode : Scan -- Date : 10/13/2013 11:40:16
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] rkill.exe -- C:\Users\Ralph\Desktop\Deskwork\rkill.exe [7] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 3 ¤¤¤
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0xc000035f] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
::1             localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - FUJITSU MHW2160BH PL +++++
--- User ---
[MBR] 9e2fd599296073dbf6da1665ac9a2b36
[bSP] fc0efc322d8cf965cac6c810b687e040 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 10268 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21029085 | Size: 142357 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_10132013_114016.txt >>
 
============================================================================
 
Thanks for your help.
 
 
 
 
 
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites
ralphyde

ralphyde

Posted
  • Author
Posted

Heres the file from Combofix:

 

Once it started it said it didn't have Administrator privileges.  I didn't know how to do anything at that point

so I let it continue.

 

It had also said MSE was running, but I had unchecked the box.  Also Windows showed it as disabled because 

I was running in Safe Mode with Networking, because my normal startup would freeze after a minute or two.

 

I hope the output is satisfactory.  Thanks

 

=========================================================================

 

ComboFix 13-10-13.02 - Ralph 10/13/2013  15:57:18.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2038.1443 [GMT -7:00]
Running from: c:\users\Ralph\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1361814573.bdinstall.bin
c:\programdata\1373662743.bdinstall.bin
c:\users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
c:\windows\system32\~GLU0000.TMP
c:\windows\system32\~GLU0001.TMP
D:\Autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-13 to 2013-10-13  )))))))))))))))))))))))))))))))
.
.
2013-10-13 23:11 . 2013-10-13 23:11 -------- d-----w- c:\users\Ralph\AppData\Local\temp
2013-10-13 18:37 . 2013-10-13 18:37 26624 ----a-w- c:\windows\system32\TrueSight.sys
2013-10-13 18:29 . 2013-10-13 18:29 -------- d-----w- c:\program files\ERUNT
2013-10-13 17:44 . 2013-10-13 17:44 40392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A9291C32-F371-4B14-A002-BF391FFDAB79}\MpKsl58a0a3eb.sys
2013-10-13 04:04 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A9291C32-F371-4B14-A002-BF391FFDAB79}\mpengine.dll
2013-10-12 17:04 . 2013-10-12 17:05 -------- d-----w- C:\d37cb711f4669170007b7c06
2013-10-12 00:29 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-11 20:17 . 2013-10-11 20:18 -------- d-----w- C:\c0064fe9fba931b6ef
2013-10-11 18:33 . 2013-10-11 18:33 -------- d-----w- C:\cae8e13b0f4073a46ca470
2013-10-11 18:01 . 2013-10-11 18:01 -------- d-----w- C:\2f4fe8f68cccaeb0c81653a992865799
2013-10-10 19:51 . 2013-10-10 20:00 -------- d-----w- c:\program files\Filzip
2013-10-10 17:11 . 2013-10-10 17:11 -------- d-----w- C:\7072a0582fb67f1ce4
2013-10-10 04:37 . 2013-06-29 02:07 197632 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-10 04:37 . 2013-06-29 02:07 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-10 04:37 . 2013-06-29 02:07 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-10 04:37 . 2013-06-29 02:06 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-10 04:37 . 2011-05-05 13:54 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-10 04:37 . 2011-05-05 13:54 23552 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-10 04:37 . 2013-07-12 09:04 73344 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2013-10-10 04:37 . 2013-06-26 23:01 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-10 04:33 . 2013-06-04 04:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-10-10 04:33 . 2013-06-04 01:49 293376 ----a-w- c:\windows\system32\atmfd.dll
2013-10-10 04:32 . 2013-07-04 04:21 532480 ----a-w- c:\windows\system32\comctl32.dll
2013-10-10 04:32 . 2013-07-03 02:33 35328 ----a-w- c:\windows\system32\drivers\usbscan.sys
2013-10-10 04:32 . 2013-07-03 02:10 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-08 23:52 . 2013-10-08 23:52 -------- d-----w- C:\found.010
2013-10-08 09:51 . 2013-10-08 09:51 -------- d-----w- C:\found.009
2013-09-25 21:08 . 2013-09-25 21:08 -------- d-----w- c:\program files\ESET
2013-09-23 18:13 . 2013-09-23 18:13 -------- d-----w- C:\found.008
2013-09-23 08:13 . 2013-09-23 08:13 -------- d-----w- C:\found.007
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 19:17 . 2012-09-20 15:41 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 19:17 . 2011-07-05 19:43 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-06 03:50 . 2013-09-06 03:52 718712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A862CD4-4029-4F66-973D-CE99A48BCE04}\gapaengine.dll
2013-08-23 03:35 . 2013-03-12 23:42 697992 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-15 21:50 . 2013-08-15 21:57 31744 ----a-w- c:\windows\system32\cscapi.dll
2013-08-05 04:49 . 2013-08-05 04:48 481336 ----a-w- c:\windows\system32\cc_20130804_214808.reg
2013-08-02 04:09 . 2013-08-28 17:29 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-17 19:41 . 2013-08-14 16:37 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-16 04:35 . 2013-09-12 03:23 615936 ----a-w- c:\windows\system32\themeui.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2013-07-23 09:46 1451680 ----a-w- c:\program files\Microsoft\BingBar\7.2.241.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 6520 series (NET)"="c:\program files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2013-08-22 1093464]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19875432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 995176]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"SOSUAUI"="c:\program files\Malwarebytes Secure Backup\sosuploadagent.exe" [2013-08-15 55192]
"SMessaging"="c:\program files\Malwarebytes Secure Backup\SMessaging.exe" [2013-08-15 64408]
.
c:\users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Photosmart 6520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2AI3526V05XP;CONNECTION=NW;MONITOR=1; [2006-11-2 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Ralph^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-12 05:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-03-11 01:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-06-30 17:40 133104 ----atw- c:\users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-12 04:13 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-02-12 20:37 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 04:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-12-20 14:50 2656528 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-09 01:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2008-12-16 23:44 479232 ----a-w- c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 04:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 10:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-07-27 16:48 405504 ----a-w- c:\windows\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Singlesnet]
2009-12-10 17:32 2797096 ----a-w- c:\program files\Singlesnet\Singlesnet\Singlesnet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spare Backup]
2007-07-13 23:19 5252936 ----a-w- c:\program files\Spare Backup\SpareBackup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-02-16 04:50 857648 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2013-07-02 18:19 248208 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-05 18:08 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 19:17]
.
2013-10-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-03-27 22:46]
.
2013-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-05 22:19]
.
2013-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-05 22:19]
.
2013-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000Core.job
- c:\users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-02 17:40]
.
2013-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000UA.job
- c:\users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-02 17:40]
.
2013-10-02 c:\windows\Tasks\Malwarebytes Secure Backup - ralphyde@centurytel.net.job
- c:\program files\Malwarebytes Secure Backup\sosuploadagent.exe [2013-08-15 23:40]
.
2013-10-13 c:\windows\Tasks\Online Backup Update Notifier.job
- c:\program files\Malwarebytes Secure Backup\SUpdateNotifier.exe [2013-08-15 23:40]
.
2013-01-28 c:\windows\Tasks\{B9528C56-634A-4606-A03B-F93C07CBEBA2}.job
- c:\users\ralph\appdata\local\google\chrome\application\chrome.exe [2009-10-02 08:07]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: google.com\picasaweb
TCP: DhcpNameServer = 192.168.0.1 64.91.3.46
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-BigFix - c:\program files\Bigfix\bigfix.exe
MSConfigStartUp-Garmin Lifetime Updater - c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Ralph\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-13 16:11
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2013-10-13  16:14:40
ComboFix-quarantined-files.txt  2013-10-13 23:14
.
Pre-Run: 76,102,336,512 bytes free
Post-Run: 76,413,284,352 bytes free
.
- - End Of File - - 936146186D01DF43E7D578AF243BBEFA
5C616939100B85E558DA92B899A0FC36
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Okay, no problem.  Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.



STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites
ralphyde

ralphyde

Posted
  • Author
Posted

On Step 03:

 

The Malwarebytes Anti-rootkit scan finished.

 

The messages at the end said:

"Scan finished.  No Malware found."

 

And Cleanup:

"Congratulations, no cleanup is required."

 

So here's the log:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.0.6002 Windows Vista Service Pack 2 x86
 
System is currently in a safe mode
 
Account is Administrative
 
Internet Explorer version: 9.0.8112.16421
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.463000 GHz
Memory total: 2136670208, free: 1358426112
 
Downloaded database version: v2013.10.14.01
Downloaded database version: v2013.10.11.02
Initializing...
======================
------------ Kernel report ------------
     10/13/2013 20:03:45
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\Drivers\Cdr4_xp.SYS
\SystemRoot\System32\Drivers\Cdralw2k.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx86.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\RTL8187B.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\system32\drivers\RTSTOR.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\framebuf.dll
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff864316f0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff85a23030
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff864316f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86431310, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff864316f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85a1f758, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85a23030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2FF13A2
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 21029022
 
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 21029085  Numsec = 291547620
    Partition is not bootable
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 160041885696 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
Done!
Scan finished
 
 
Now I'll get busy on the other steps.  Thanks
Link to post
Share on other sites
ralphyde

ralphyde

Posted
  • Author
Posted

Step 04:

 

JRT.txt: follows:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows Vista Home Premium x86
Ran by Ralph on Sun 10/13/2013 at 22:00:43.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\speedupmypc
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220222182204}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E26990}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660266186604}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660266186604}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Ralph\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Ralph\appdata\local\coupon companion plugin"
Successfully deleted: [Folder] "C:\Users\Ralph\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Ralph\appdata\local\ilivid player"
Successfully deleted: [Folder] "C:\Users\Ralph\appdata\locallow\conduitengine"
Successfully deleted: [Folder] "C:\Users\Ralph\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files\bigfix"
Successfully deleted: [Folder] "C:\Program Files\conduitengine"
Successfully deleted: [Folder] "C:\Program Files\ilivid"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{000BADEC-75AC-458A-9A76-6F53F499B770}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{000F4981-936C-4983-B7DD-076A78B1EBB3}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0042B3B4-EF0D-47D7-A332-57D55F74470C}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{004E22C6-F701-467A-8224-D99E46EEC60D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0086379A-A6E7-42A8-A0C5-485DC83C4FC6}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{00F2B95B-3966-4A43-AD59-2519A7C1323B}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{01203416-27EB-47DF-9AE5-36AD0CB853F7}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0135FBB8-620D-4F17-AB21-F4432658AD52}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{015C8A29-E6C1-447E-9A18-E794DD9A1745}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{016E31EE-62F1-48B9-8299-1519E35FC0ED}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{01AFC379-1E8E-45F7-9B02-32720B21EA25}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{01EB83F6-A5A5-41F5-963B-8ED2A5112502}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{01F195AE-9E45-4B80-BBBD-137C9A360980}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0209FC72-0BB1-4D64-B504-079BC45AF213}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0241F594-E76A-4118-97F9-C48D8878B549}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0251788F-B46F-4269-9B45-C657D711ECCB}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{02567D12-77BB-4C9C-AD6B-DA622452B623}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{02622A08-B220-4E4F-BE8E-28EE35B4BA0F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{026265EA-49AB-48F3-95F3-BC0ABF0DF820}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{026319B7-705B-4B67-96E3-8D56D67659EA}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{02900D97-11B4-407F-9A75-E1B20F498DFF}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{03305CCA-85A3-4498-A492-1746920CAB62}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{033482DF-CA61-4B22-8427-8E079DF0F8D9}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{034B1673-228B-4743-B98C-B7B0846F8B29}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{038A5C9E-BF70-4BBE-A147-9E4F05498D66}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{03D1927A-1354-4566-88F9-9E240EFAE36F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{03D2087C-A2C9-4EF5-9B0E-72B8FA62829A}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{04011D84-ABD5-4FF4-834E-0DF49FF2A8E7}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{040EFF47-E19B-4C17-B795-A5205D2B7539}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{04227968-6B0F-46D0-817C-DD95FF54A88D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{045D8EB5-1DB5-49A6-B2DE-BC5DD3912612}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{04795228-4DE2-44B3-A579-DCD4692CECAE}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{04AAF814-D0B2-426E-8F74-5B5811D0C41B}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{04C98AB5-9F87-46EE-9FE4-A808B9D96D9B}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{04DC8C53-4ADB-4121-8B59-65D9D25DA807}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{05260B08-29D1-4CA1-BBA4-BCF2D2F34568}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{053109F0-3ED1-4940-9D66-C3808F2FD564}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{054EA874-71B7-4F16-B834-0130B58CB0C4}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0556ED01-EAD8-4F7D-8987-99B3120D3AF3}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{056AE894-278E-4C5F-9CF6-AF949AFEE58E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{056F9565-42DD-4A88-A075-993F42312D16}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{05BE99B3-A422-4546-96CD-7A3C7D0633AD}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{05CC85A4-9A16-4D6C-A56A-861A774FA38C}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{06139BDB-9FA0-4453-A3FE-2A5620EB8445}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{06272BBA-2324-405B-A15A-12D3A4ADA0BB}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{06A0EFA0-0561-4663-905D-AFE6CDCF04B0}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{06B8AA41-6063-4DFD-B350-3E4D7610FFE3}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{06BA5275-F8F2-41A3-988F-F55156FB8997}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{06CD5C25-1A4A-4455-968F-934D9BB9725D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{06E5E69F-33D3-4015-86F9-0EA857631E00}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{06EF7354-E08D-4E15-92A0-A4F23458809E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{071921E3-B7B2-4D9B-95B4-C1E6DC219C99}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{071FE06E-D162-4876-8521-DDDDE80833FD}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0728F8B3-7640-4DA2-8936-9D13B312A557}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{076EF28B-235A-4E54-AA48-3541D6A068BD}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{07828743-F7BF-44EC-B561-590BAD6521CF}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0797C5EB-987A-4E52-B299-421CBD2BD859}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{07A5188F-1928-4D85-B23C-10485AC97946}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{07A85F93-219E-443E-B340-2B0E1FE39ABC}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{07CBD821-3B92-4A64-B408-67E6BFEE32B9}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{07FF6787-C25E-44E6-A301-1E481ACB80A0}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{08280450-7B5E-49F9-A62A-7819C75DFBB5}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{083604D4-3295-47EC-86B4-28D94C361075}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0873B6EE-C5D0-4D12-AFAF-4EF3AAD3EC97}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{089DC126-5876-4B19-90C6-ADA2383FDA3F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{08B8E41B-D4BA-41CB-BE3F-0B083D528255}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{08BB4EAF-50DE-4887-83AA-C5DF90B39C3B}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{08BF369F-D5F6-4EEB-A004-DE145895D225}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{08ED1B8A-982A-4259-8842-3F50D05A5648}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{08FCE1BC-CB7C-4541-9C5E-63AF5B30C969}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{091707A3-42D6-4BCF-A9B6-A68308F35991}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{09569382-E3E4-4996-9656-912BEDD57A92}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{09625F15-A693-4987-84B9-54FC5C0B0033}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{096A6FF2-5875-4B48-BDB3-F07571A4214A}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{09B8E3D9-840D-4D1A-A712-518C52844FF2}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{09DDD1D7-B124-4411-9686-8D83DB14FB0D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0A0C777C-5982-46A7-ADB4-3F09070D020E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0A280958-457C-4B55-ADF7-AAFDA159DDD3}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0A570D27-92DC-47E8-82BD-0E606EBDC83C}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0A6116C8-A69E-453D-A007-B88AC0D0A67B}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0A6C05FC-53DD-4D39-A3B7-4082A717B86B}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0A8BF13A-ACCD-4F40-A921-F6D7F2CB797D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0AFFEC50-89DF-4EB8-A270-C315ABB79FD8}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0B0AD008-1BF2-4E73-990F-B4A9ACDA95DB}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0B1DFD6B-917C-4AB6-A115-C3C7FF3AACEB}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0B23EF61-5488-4286-9ACE-5E870768270A}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0B35383C-B596-458E-8927-C1408C3D3E3D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0B36900F-BEC6-4A90-BC1C-D47E168BB7BB}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0B3CA00C-DCC1-442D-8AC7-55B52307FA8F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0B3E1B93-8422-46B0-9530-5D8158AA8DDC}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0B3F74A2-F456-4F23-9C0F-27E32465735E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0B45E66E-FE82-40B0-BA40-500578D0D060}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0BC159FB-7122-4B25-8CE2-BE772A38F21E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0BF496B7-DA05-47D2-AC10-9BE837427564}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0C3F8821-B87A-4566-81EB-CC8E10652827}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0C60EB50-C9F8-4E70-968D-F32EA7D08CD8}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0C649A23-CAB4-4D59-8FBA-CC90F6ED9557}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0C9F15C8-B2B4-44A2-ABD8-73D7C1382D3E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0CACDB31-FCF7-4999-AF9F-5BFA67849FA5}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0CB35D00-5C4E-4A69-83DF-8D93208347DC}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0CC3F2B4-918F-4FC3-A76F-BFF8A2B6DADD}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0CD641B0-99B7-4707-B91F-257280A72F1B}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0CD88BAD-1F7E-4F67-962D-12D5A4CD6139}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0CE3BF1F-5655-47E2-8BD9-67C553B1FA7F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0CE518B1-9F7A-4200-930B-D7ADEB168A6F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0CE68CE4-7741-484C-A085-5E44DD8AB5C1}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0D3C2E9E-CE81-421C-88CC-12D17323986D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0D421388-7299-48BE-B935-AA0920D38CC6}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0D989F0A-0D6F-462A-963F-CF346A34890F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0DACF086-038F-4B86-BD6F-9661E270AF70}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0DC5A51E-3A59-4AA4-98FF-6C6AC3CD5BB4}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0DE96377-9BCE-4A23-96A7-B76C4EB1A908}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0E0C6F7E-C8CC-41EF-BAB8-1CCAB886742F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0E0DEB8B-BB3F-491A-B0E3-BA487E88BB84}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0E226BDA-6692-4178-853C-4539EF91D513}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0E23F3B6-0F24-4B92-90F7-09D88AB7BE9C}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0E3EC03B-D607-4636-B909-7F5AF687BB95}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0E645063-ABA6-478A-AB39-8069B8701A19}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0E696F2B-0934-4625-A2C9-84074EFCCCBD}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0EBEE9E6-6F67-4034-8387-279F6D6238A2}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0ED67020-8586-4C16-950D-C506DA5EC68A}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0EDC0A8D-6F95-4382-893F-82F61C2CE74C}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0EDD3ED0-B4B8-4749-8DE0-EA96565136CE}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0EFE1179-5BFB-4AA4-82DB-060BF94840BF}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0F1DBB13-8CD4-4289-80BF-E650FD64CA5E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0F46CEFC-CA0D-4186-83B8-0E46EBC96694}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0F78CED6-6BE1-4C15-8C55-75E6E0F42BA3}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0F9754B6-19A5-4E07-BF09-743562A9AEB5}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0FA814B5-E35C-469D-A6B2-BBD05CBC907C}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0FCC1F95-AD13-42D5-90CE-02817255F404}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0FFF6427-8B90-4BBC-BE5F-CC1784D10CE5}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{109C5C16-B203-4246-BC56-52499E6E3203}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{10BD5712-CEAD-404E-8C01-B9B4F0FC0BBB}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{10D1C47B-0E77-46FA-A589-74836BE7B698}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{10DE97A7-71D0-4CE7-9C86-BD4CAA1BDA55}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{10E6A547-27AD-431E-AFED-B5E0E9DF993A}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{10FDB7F2-F7E4-40CD-9000-BE899BDB80D6}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{11B4BDDF-E6A4-42C1-AD55-BF570A150AEB}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{11DFA8B8-BF9D-44A5-A224-F9F21B195C0B}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{12095486-E1D1-42C9-8445-8C9340582BB9}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{12135930-5620-4A08-9E87-595C04A79BD1}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{124A4CC4-59C5-4AC9-BE0E-D1021881D19B}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1268EB70-C93A-4348-B34D-515760FF1921}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1299CCB6-76B3-44A2-9390-A6E00A14272C}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{12D07A0F-62A6-453E-A96D-9FC3A6B9FC7E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{12DACE56-C7BC-40B9-9824-A5420F2231B6}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{12E43C7E-7521-4C23-B90A-B5435741FF28}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{12F7222A-0C67-4EAA-99DB-C1918A3C58C2}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{13314857-7223-45BD-ACF9-FE83BD2E5A98}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{13542DC6-5E02-4B46-A9A6-5FDE57E68498}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{135B56B1-2152-420D-95C2-4985695CFFF0}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{135D2453-24FD-47AC-9A57-73A247DD69B2}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1366B15E-9CA5-45A5-A76F-90AB3F6B4A17}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1372C5A0-E773-4764-B63C-A6F07910BB2F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{138E1DE1-6A3A-41AA-9E5D-FD0E79972E15}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{139A09B7-B973-4BA9-A8DF-12A3320DC60B}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{13B7D7AD-C063-45EB-9E2F-E5585D8EF72B}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{13C972AC-690E-4DEA-ABB8-C0B4F810FC50}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{13E55620-00DC-41B7-BC20-AA8EB7BD3FE3}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{142A8CF2-B903-4096-8F64-A67468989F9B}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{142DE690-C46C-42BD-998D-9D1ACCE20914}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{14434AA2-FB9E-454A-BDBF-D8F973FCACA7}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{147BBD88-7554-4E6F-9E48-5F2DDF9CB4E0}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1490552D-E91A-4098-B2CE-7CF457C83005}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{14986B35-17FD-4F9D-B9AB-B71699C615FD}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{14AE3110-DF5D-4E15-8F7C-364E809769A8}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{14B6A3CB-7956-4D49-A4D0-CC364B446F77}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{14CA523E-A7FA-46D0-B5AF-CA5A7F973082}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{152AADF8-9137-41FD-A393-AB988B878306}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{155FAF8E-02CA-4A1B-A427-EF8F5D1E8C88}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{156D5CA9-EA86-461E-9851-7980E1267242}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{15D33B49-A4BB-4276-A20E-68C693D8071D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{15ECFAE4-D6D8-483C-96EF-406D013E7F13}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1609ABAE-897C-428F-9D3F-7B7AE3D1A163}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1617B89D-5F16-4C4B-B744-E13AA7811815}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{167B6709-74DC-4C27-AA5D-78A3AA4909E4}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{168DF6FA-FF7C-4501-9DC2-494C035C4E8D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{16D21CE1-E72E-4C91-ACBF-2255820614B6}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{16F03A6E-87FF-44F7-B15B-535F99911A44}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{17164EB6-97B4-42B3-A080-8C7DFBAB7ECE}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{171FF5E6-E82A-4E13-889B-ECF49D26AD92}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{17800FBD-C921-49FD-9532-5ABCEB0BB74B}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1786F644-4248-4402-B07C-48564B6B123F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1805BB68-E6AE-450C-B148-FDC5D2267ABD}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{183EB406-F1A1-4051-B475-00F610A6E5BB}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{184869F7-AE10-4356-BF28-43891356D0EB}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{18609B90-61D0-448A-B55A-F5DFB11B0244}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1865D891-5496-4317-BA0A-5F0F827AD8D0}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{187C3EA2-3FCA-455B-845E-824DE390C639}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{18F4157C-01A7-4762-B446-FCF917A96E58}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{19071472-C2C3-4408-9BCC-598158AFC764}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{19143486-830D-45F2-9F8C-F07938BEB607}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1924DB5F-5AB2-40C6-8FB0-D2278E111671}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{192ACAA4-0AD1-4783-B442-42C5CC9F7638}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{194F13FD-8B64-4066-8DC7-3F602F72329F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{196D9F3C-CBDD-4AA9-AED1-4697F7BDB605}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{197DB010-036F-4A2D-8BB7-0D38B098D7C6}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{19889A07-C9F2-413A-88EB-664DA583F69A}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{19ABDF9E-5FBF-4E0C-8878-CC87F9950DE8}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{19B4E4EB-789D-48FD-B703-CA0DEC26918A}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{19EB5C05-0ECF-40C5-9053-49CBA184A8DA}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1A0CE59D-691B-49FC-83F8-9623EF9FBD11}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1A2BC02B-2C2D-432F-B3C9-CE2AC384D8FD}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1A46E9F2-947F-4975-AC78-0C490FB14C2E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1A51C01D-D22F-495C-9A25-6255D3CF2EDE}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1A6968C5-7167-4510-BE97-6AB5BE814727}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1A82333A-E723-47A4-BC0F-3D851823608F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1A82901A-A915-46E9-BE9A-F83C6216A6B5}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1A8613C8-4FEA-48EB-BB62-F50D879E2FA9}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1A885E43-596E-4BDB-928B-52C9C3A6F508}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1A9390CB-2209-43EB-8464-8C678476E433}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1AA173D1-70D9-4E07-8142-C198434F8BC4}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1AEB256A-AC70-4CB3-AEA6-24E92FF24485}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1AEEB93A-5379-4E19-98AC-38AC37C636D8}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1B093828-B1CB-417D-A0D0-202BBA99A7D3}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1B197D76-0D07-4E37-A220-DF8EB3ED9D91}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1B55D253-167C-42F9-8248-322200DF11EB}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1B63E6FE-360A-4878-B5CA-664F8CCB01BC}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1B8E5F3D-E61F-4D24-A6E6-3C86C9EA037A}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1B9357E5-E024-449F-8583-5CABC7163826}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1BA10726-9B32-4B2E-8381-268290608658}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1BC43A40-52EB-43F0-AA44-9BE7AA19EFB4}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1BC488DD-3BB5-4DB9-B288-B99D0CF2B591}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1BD4F183-326C-470F-8134-9A89CA4876AA}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1BDD4680-1146-47F0-A703-0A5EFB260292}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1BECB2A3-B70C-4BAA-A6BC-4E1EC7518861}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1BFFD611-769F-412E-B69C-DECD7BAA6AC5}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1C040B10-F1FD-457E-B877-31D852CABD21}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1C6A02DE-81A5-4CEC-A465-F9F1622F960E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1CBE29D9-5313-425C-B4A3-958BD96E24AE}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1CE3BF4D-480F-4FD7-9AF5-46F65C58D61C}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1D02A29D-1394-439F-AC86-D8AE4C2D14EF}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1D2EB858-4F7B-4FB3-BF9A-B48F9B8AEA1B}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1D809C0A-AEE5-4842-9558-EDADB4FF9526}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1E2AD14A-F9CF-46DF-A593-E57976316EA7}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1E2FE144-4C9C-46E3-8ED4-80F91009D2FB}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1E4D554D-8386-4B5C-AF81-C963B86E5C32}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1E78FF11-81C2-417B-84AB-94D6A2C5950D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1EB2EEFD-ED00-4FC9-B3FF-3C2982693EBF}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1EC28A5D-C16B-49EA-A0D5-2528DA7721D5}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1EDBDAD5-5DAA-42D6-A6F5-6DC170EE0EC3}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1EDE3181-5868-46A5-B0FA-C4929966B1B6}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1EE494A1-8F95-4549-B739-AEA032D99CA2}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1EF5894F-7E5A-45B5-8543-CDAD886C2BEE}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1F320F66-1502-41CF-A296-7439E7941677}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1F321520-E196-4992-A083-DF564F17F40D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1F662AAD-9C08-4F1E-9D28-2B96FA2C592F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1F88941F-091F-4DB2-B80A-D1C59E0FE131}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1FA0B149-F870-4E2D-B0D7-06B37A509D02}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1FBC15FD-F6BE-4422-87F9-BA84044E888F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1FE6D7B0-9D52-4A72-BA4C-44881D4185FA}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1FF03C39-BAB3-4E5B-ABA2-FF4153D1D1DB}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1FF34C57-6B9C-41D1-B60F-ECA91BD1AAC6}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1FF635E2-4C53-4906-AB72-F1A3850F335B}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{1FFB03AC-18A3-4634-B749-38023F9C5C56}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2045B7F2-E32E-43DC-9F1D-4B3872EF0A5D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{207D1E11-DF6D-478F-A60B-5E23C4887D8F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{20AFB3FC-865E-4BCF-B5BD-CCFC60A0333B}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{20B9B18E-72FA-4027-BE50-760C59B8BC45}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{20BE8589-5C22-4421-8D0F-8AFCE0026A8A}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{20FECF02-C006-4C34-8D58-849D29ABA8AF}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2111D7F6-047B-438C-BD0F-4EE663A88A28}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2114D8E6-B6B0-43AB-90B3-25956E8FBE8C}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2134CDCB-D22E-44FA-9500-A287246A0A0D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{213E45AA-6915-46C0-8D2F-4579F144943B}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{21410D3A-7716-4F1A-A415-00AE4A222B62}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2178F598-23A8-4D13-8209-F35A59E8EE82}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{21A57869-D0ED-457A-94C8-3BD85FA11228}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{21CF4C27-78CC-4728-9C6B-7773E53F9077}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{21F3696C-54BC-4ADE-8A37-8170ECA5329F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{225863B4-D7D7-4A4C-AE45-EB0B9CCE79F0}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{226609D4-5537-4BC1-9AB2-B4FF0E3A6D69}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{22B03A69-50A1-4839-AC68-70C074ED8CE8}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2313C2D3-C9A3-4D05-8C4E-2B4D1B90AAE9}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{231BA611-D38B-4EF8-8DF5-DF563455267E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{23630FB9-E886-45D3-803D-F1DC299E7CD3}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2371E01B-8FE5-4C1E-87E9-6728CEA30047}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{23AF48EC-E90F-40DE-B497-03F4FF3E9E2B}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{243F64F3-8453-4549-907B-CB574A6FF48E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{24749AC8-82EC-42A5-998D-70C769BA437D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2488D250-7802-4681-A97C-445D65ED81C5}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{24BB58DC-9997-458E-ADFD-402AC9421FB6}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{24E6EA4C-7ADE-4C7F-824F-102F6E1928AF}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2529904E-E48B-41F1-BD54-836328BF3062}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{25716371-C11F-4EC5-A63D-2CEA513600C0}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{257325E4-1068-4C19-9EA1-D4E3198E7741}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{25E5AE99-7F23-40BD-ADE5-9DA1FBE35D09}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{25FADC01-43AC-4BC9-A36B-DB06A4E67E80}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{262671D7-C5BE-4D91-ABFC-AFAC27BC602E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{26269F9F-B49E-425D-B00F-B01906DFD1BA}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{26379B61-97A1-4D5F-AC71-AD65BD3E4696}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{26629FBE-D5BF-4DF5-A2B1-89208B9A4B0A}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{26DC0254-0F4E-4D39-B4CE-1FFF355DEC26}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{26E0053A-3255-4186-B11E-AF332F359814}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{27174CB7-C0AA-4006-93BF-C321C8CAFB34}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2734BC31-F183-4FBB-A62C-8DFD415534AC}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2758093E-8023-4AF6-87BF-5B1E79115B09}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{27668292-16DA-4DF1-84BF-1629CECC64DD}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{276BE138-0637-4F3C-8FDE-5B8114E2BE30}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{27762216-B8E5-47A6-96AF-D74A3A5C596A}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{27C53FC9-2FE5-41DE-887F-9E21083F9867}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{27E8829E-0F9E-42FF-B3FC-5378AB23D804}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{27FAE621-6EA9-4F12-A6C3-A16E3B3C8609}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{280121B1-D618-4694-BF4C-742B8181B36F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{280FA37E-7501-432F-8EF9-117C96E5AC86}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2825DF06-2732-4297-B6B9-97B78B9C9959}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2828E1E3-4912-4313-BD45-E9FEE7CE1730}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{28C1981E-64B5-4DAF-B035-433F34117393}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{28E4E3C2-0D2D-4848-B565-963A4849EC69}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{28EE2268-8A32-4C66-9C74-D09AFCB0231E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{28FB98CC-F5AC-4FB7-AA05-2884EBFD4B30}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2908C9D2-36FB-410F-96F1-6CF90FD1CDC7}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{296B4E84-8378-448A-994D-5A211B4375CE}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2970232E-B443-400F-BA7C-44CA772A993A}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2983D5C4-AD63-402B-88E2-50D762A8D358}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{29BA1455-5E3F-4751-A005-C29B477E9438}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{29D2DF93-13BE-46BA-A267-9A222600E0A8}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{29DBBEC1-1DE5-42E2-8DE0-7C67B4CC89FD}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{29F96F24-7ACD-4268-84AA-F037B609B54E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{29FDA514-6501-4163-A4B3-C5A77A3A2B4D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2A22EAB4-5BA8-4F0A-AAA9-40C9EC99BB57}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2A36B7A6-D993-4E5A-B2EC-8ECFC97E27BD}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2A60A8BB-C12C-4DFF-A535-BC6D0D504393}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2A668558-4EBF-4D92-94CC-40DBB0F0D11E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2A8E4AFF-EC96-4F12-9704-642ED66F6607}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2A98DA84-9001-4B6A-8611-82A51D4507FC}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2AAB37E0-1581-45A0-9672-A8C981B039BB}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2AB008D9-D7EB-4FF1-82D2-D58A28622945}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2ACB0604-F0B8-429A-BA1E-4C3118A2E0D9}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2B69D9F1-8F22-473D-8CDF-8DDCDA4672C4}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2BFD1B9A-7E3F-4F87-9613-2C864E689E65}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2C04F314-D0D7-48AF-9423-4613CE2B27CD}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2C2BC9AA-C01C-46AC-A4A3-8733907E7654}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2C7AFEF7-96D5-4334-A16B-78C277298771}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2C833DDB-4ED6-4787-9E3B-A0CD4113629C}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2C98E1E7-0D0E-4128-BBA8-F15179C056A4}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2CB1984B-7603-4CF0-BF66-5458BABC8D71}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2CBF4CFC-C0D4-42EE-ACDF-D3EE766C9E3C}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2CC5228C-FBBD-4C40-9AD3-88D3E627DF1A}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2CD48385-F677-432A-9C0C-3903CE91B1D4}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2D2FE800-7C20-47C1-AD36-753E806BD330}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2D38ADA5-6635-4750-B969-8C7FDE0F0F5D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2D50C0F9-1D4F-4E34-86D3-F6DDF5D9D141}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2D6FE8BB-4858-4104-AE5C-C4443268C7D9}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2DD5939B-421D-4877-BC59-0CFCA23CA8C7}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2DDF0198-C1AE-4282-B6D7-A3D90775DC5A}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2DF9786A-F844-46C4-BC39-951AB092BEA9}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2EB6707E-E986-4DD4-8457-3C84C719FDAE}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2ED46B59-02F3-4380-BD6A-4FBFA993E3F5}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2F575C07-39A5-42C8-8666-1CD5079AE678}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2FC73D67-7C39-4929-B96E-E24E896C401D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2FC8FD00-0D77-462A-8D90-1EAE3CF772E3}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2FD39A78-D705-43CA-B357-77308C55EEC5}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2FD7FA11-993B-44AB-8DB1-7250DFD9FEB0}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{2FE3DAFE-0480-4C1A-A309-F798F80ECD21}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3031075A-D744-4ED1-BF7E-E36EE6763F4A}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3033C992-2A40-4E23-95D2-74379637420E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{30354F25-E18E-496B-8FF3-5AE84C7BE71A}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{305C0447-C3BE-4B05-A5CD-B89C19B3E8B9}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3063A2D6-D68B-4B25-8D28-53CF5840B38D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{309602F5-F99B-4901-BF2A-18AADE1BE36D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{30C57CAC-04B5-4C6B-BD23-C2B6F5EA46DB}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{30D9A350-9D2B-4F69-A1F1-DB11DC569656}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{310303BA-57A8-46EC-90DB-FD8D71A34BB0}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3137915B-6FCF-438E-AF69-EE2485A9C10E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3144073F-F07E-4242-BA96-1FC26F846815}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{316909FF-E71A-4092-A716-657C62054F1A}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3178B9BE-A0AB-40B4-B44A-6B23F968AA79}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3181BA33-60AD-468F-8795-8405AC30168D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{31C9F00A-974B-43A4-9851-688C5334A8B8}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{31FBF3DB-D4E7-44D5-AD94-ADD470F10A94}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{31FD2D04-4F71-4751-945D-2BEA34CEA05F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{323AA455-DC14-46A3-86A0-B81D4034C124}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{32567948-4A2E-4735-97AC-9AE3614685A9}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{328C14C7-47A9-438F-8810-4947C4E81E8E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{32ABD846-AEF0-4A35-9F3D-5E3F3E94B718}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{32C7AA54-1498-4B90-AAED-110DD2636AFF}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{32CFDCDE-E034-41C1-8BF2-31A3445EFFE5}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{32D17F11-CA9C-471B-B5EA-1CF1C704E600}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{33429456-92F1-4CB1-B305-6AC276D7D1C9}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3394410D-B766-4815-A5D4-1189D4FD94FC}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{33B66977-B652-469D-8CBA-6F3E646F6013}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{33B981DC-4FC2-4489-A16D-E4A5B4879F13}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{33FE298B-4963-44C2-83E3-9197CA2470E9}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3401C832-5D28-4A18-8364-9433A79C4D98}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{34477AE4-6473-4AA8-A3D3-870BC7FF00CC}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{348A3365-128A-4065-9038-53DC2225CB6B}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{34A26573-D1CF-4EE3-B89D-21084BE6009C}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{34A3F92E-B8F9-403C-8111-7C06456CBACA}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{34C1553F-CD8A-4C1F-8E54-82439A7F072D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{34DA5C0E-79C7-464B-A75A-860291327799}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{34F24E9D-0ECB-400D-BCA4-526844D67C34}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{34F4B943-4CA5-4BCA-85FC-9BDED0D94175}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{34FB05EE-138B-4C53-974C-B07C432D183F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{350F5742-1241-4D82-A2B5-CD699BD1B85C}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{35237317-69FE-40E0-882A-C4E9EB18D05F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3523E6CC-BAA0-49DD-A85F-E8816C5735EF}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3541CCA8-F930-4411-BE4B-E8B5CDC55A7F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{354A7199-6CDA-4DD4-ACE6-824FAC96BC7A}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{35AEDF39-0DE6-478E-A004-D7CE26E16914}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{35D26255-112B-4EEE-A1C1-3A616827D91F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{35D7106F-0CFD-4ABD-8140-4AC747442CCE}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{35E791E4-9C90-48AB-AD1A-FA3621EBDFBF}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{35FBE5AB-4038-45BA-AC4B-E737894E1291}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{35FCC2E1-5748-47B9-B4D3-61448BB91B10}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3618ABAE-59BA-463A-BAAD-D5D82C59D5D4}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{36ADC46E-3EB8-4C25-8BB3-0968819150CE}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{36BA9C0A-0A6B-45BC-9D01-9F56EC12B9FF}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{36D11327-72BA-4F07-B879-D8094A9D827D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{36D6669D-D4E7-4C75-B13B-638F60AC7928}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{36D963CE-07D7-4BF5-AAD2-2EB93167B616}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{36D9D4D0-78CB-4480-B9BD-56B0CF5B01D9}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{370148C0-AAFC-4055-8969-4F3408BFCCAB}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{375341B4-F4AA-4FD0-B6AD-2B5D13FA947A}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{375AD97C-FB11-4293-B5FD-D7EAB1A60F54}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3763D4CD-CA98-443C-A532-AC084828018F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{378077F4-49B6-4598-B1EB-62A526C289BD}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{379E6E1E-DED4-4681-AE58-5DE958D0B83C}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{37C35912-D2E4-43FE-BB84-A6DDEB75130F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{37D90E7D-769D-45C4-8062-7BC6856BE03D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{38148310-A3D0-40DC-886E-BE5B48D0737A}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{38166EB8-92F5-4DCF-B5EA-F3CB9BAC0622}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{385BB3A4-6045-4457-8EFE-FD634996A889}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{38741964-1F34-405E-B5B8-030FAE67E8B9}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{388ECC0F-E1B8-4B50-9774-65BA217BF042}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{38912AC4-F0C3-43D8-BE6A-4DF3301BB073}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{38C358FD-9A5B-417E-86CB-300568A1FF71}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{38C6DD7A-EEDC-4B81-86E6-16C8D4D8E596}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{38D57AAD-3A4A-4AFC-8994-AED33A69179D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3906AA8F-C63F-45EF-9BE7-98962959B0F2}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{39117D06-62E6-4418-9DC2-D5A9B90C3438}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3977AC60-7AC5-4A7A-8F55-5ABBCCCF9283}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{39937A82-8B04-435A-9772-8FF084ACE449}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{39D1677C-6A50-4CAC-BADD-3C2628C0EDCD}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{39E9A099-8499-4B5D-A724-22BE54239EC5}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3A0376ED-FF3B-4524-ADF3-A813B547DA4C}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3A331C7C-5B3F-4AE1-BDE2-7C9F7812A527}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3A39F112-8716-4AD9-A4F3-975B6E376DA5}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3A46182D-B2E7-44A3-B312-3F6672362575}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3A490B3F-8104-45B7-AEBC-D11E722136DF}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3A83785B-0432-4F3A-A791-3BA8690BA1DF}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3A9FA937-441B-4CA1-808A-79F2C5246D8D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3AD1E70D-989C-49C6-9E53-BB72C275E218}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3AE0A07F-F335-4CB7-919B-F8174D88E3A2}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3AEF0877-8854-47BA-925A-0EDF6E0A6A44}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3B01E634-9F6C-4E7E-981E-0EC1FAE98944}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3B11DD22-9F7E-4F23-8E1B-963CA57E927A}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3B2ACDBB-529C-4344-98AF-91B2D6DC31AF}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3B32E886-5F62-4D6B-A371-BAD053213E63}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3B3F820B-A492-47DA-8055-1A250FCFD905}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3B41062D-6179-4337-8468-5A494EED401A}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3B41ECEF-EBEC-49F5-9DA3-8F4285714231}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3B6BDB20-6A4B-4076-B904-732570F4DA8E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3BC325A6-6B84-45DD-9076-4B85658F1C0F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3C429118-AD9F-483A-BFBE-6B37DC5F54E8}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3C4ED07D-FEA6-485B-B0F8-4F143513237E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3C883C36-0B5A-456E-B731-B980A8E77B34}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3CA0B08E-F545-48F6-96AE-C8DFAA348A55}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3CAACF9B-0C7E-49AB-A233-73DAB331745D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3CBA78C9-9923-456A-A27D-AF3362FB223F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3CEBA959-12CE-4D6B-A56B-88A79CAD4FC7}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3D156339-64C4-4A18-A918-B44C81416770}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3D3BA083-BBF7-40BF-9A02-C8C02B72FBFF}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3D45A544-74CC-4471-94F4-B508E0754ED3}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3D78564C-5DAF-4AF5-B854-A0FD0D55EE76}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3D9E7EE6-C42F-4C8E-87E3-35AB6BF11CBF}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3DA5A9F6-D0BE-48C0-A8A0-E1B16F63FA41}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3DCA0EB8-2D29-4933-A2CE-892E848B2911}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3DCB5914-E29D-49BF-BBD3-63748EEE2F2C}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3DF42941-F163-4B71-A8A0-E030A888DCFC}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3E1BDA47-3FC4-41F6-BE27-84367760E718}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3E26FBF4-F746-4C86-A99B-7F61242BBDA5}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3E41189C-1A41-45EE-AE56-37CA92FDF059}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3E413D7A-545E-4F95-9444-3B266BD992BB}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3E4B4308-C6BC-46D4-A585-1BC4D897E89C}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3E6A24A6-21B9-459A-B2A2-6FC43520CD8D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3E6C17E3-ED81-4CB0-8FFC-AD31864FF181}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3E715F6A-C127-404E-B957-F5E441F86C77}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3E77F323-1603-45D3-9023-545878904821}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3E8AF0D2-D644-43AA-BE48-E6DC0CE69760}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3E95FE0E-1661-4895-BCAE-7D3FBFD0CA3A}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3EDC12A5-939C-4066-92C8-7D605C297F60}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3EEA0163-63F4-41FA-92F1-FCAF78AB0448}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3EFBDA82-86E0-451C-BD9E-1F0F9C1A3576}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3F0C85FB-B217-46B9-85A1-0176780EB4F8}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3F102CE0-7FC1-4E65-B831-E72EF332BDF7}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3F46ABB4-3E08-4E4C-89C3-27FB2EC49FDF}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3F65196E-B41F-4A3A-A820-4335E678491E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3F6BE117-B982-4023-8F9E-53A37A2DD74A}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3F6D7339-DE52-4AF7-A184-8006A79640B9}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3FC622B2-703A-4D3F-86CF-48D924CA08C3}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3FCEF69B-E25B-42BE-9B33-27D0A1BBD928}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3FD859C5-D6A9-47E5-8ACF-19BEE11D6ED7}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3FE1CF72-739D-4AF6-8102-9B5BF7844135}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3FE34226-4BA1-4CAC-8912-550CF4CD9657}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{400DAAF6-2D1A-4FCA-8A7D-C835F47A87C8}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{40332FD0-20C6-402C-93CA-63595590B109}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{4069C31B-95BA-46B8-92C1-801313609FF8}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{4098E93A-8EEB-4C01-8849-F3761706AE70}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{40BCFA11-3F13-4238-B1B4-3FF35972A50D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{40DCE6A9-AC62-4D93-9D9E-C8BA0328F467}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{40F9F60D-96D4-4093-AA75-0C3BCF5D7543}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{4105CAD3-4DC5-4CCF-B7EE-106BF01354C7}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{4107230F-1DB0-4A2B-B54B-970C403E91AB}
========================
 
Got a message when posting that JRT.txt was too long to post, so I cut out a bunch of
these empty folders that were removed.
 
============================
 
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E3B2C0AA-E6D3-4399-9731-7287D3E32F04}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E3B35287-E6F7-4480-B2F8-9E10EEC76268}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E3EDA558-3E1B-480F-91F1-42C054498ABB}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E3F6EE22-A21A-4BC1-942C-933D7CDD9BDB}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E3FCAC95-CF04-4C39-9906-1DDC6163D840}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E46D73B8-92F0-4A9A-9D68-0ACCD139847E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E491A665-5CFB-4FBD-8FC1-1B903E04189F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E49FB7DE-4130-4880-BCF0-AA24C7544330}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E4F04A2C-9688-4028-9768-7BF2568F5C9C}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E5167E89-4D06-4A40-BB33-45F153776C4E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E52C8404-9195-42F7-B314-79805E64B9BD}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E53AF56A-8E59-4CA1-8FE8-821E9AE66F77}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E57660AF-CFCA-4753-9C9D-D2F1DE7F395B}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E57CEF12-8560-4D14-BF78-D2DF41A024D4}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E5ABCF0D-3DC6-4111-A90A-DC2369663D9F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E5C9B687-7289-4564-BFD0-01DB8C42824E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E5CF94CA-8897-4EE2-875C-9C16B3FC3E2A}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E609721F-2CF5-46C7-AB54-D91B1C19FFF2}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E61BF64A-29E5-4E12-869D-7593E6A56365}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E6244ADF-A1A1-483E-B4B5-7CF710CED651}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E6306CEE-5D81-4062-A259-E4C2C0F6970F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E635AF21-B20B-4103-82A4-DAA8ADD80FC5}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E677D083-F060-4E21-9EDE-2AE41076C399}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E6800B62-54D1-454F-B0FD-AB0F776A3DD1}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E680A4C2-D836-4DB6-874A-4E8431184D0C}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E6AD611B-9EFD-4630-8E8E-A6CFDF1DD4AF}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E6D1DC9A-2F8F-47D4-93E2-78C24F0FEC4F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E6EA1AC9-8E1A-4DBC-86D3-4511C2CF036F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E7087CB2-B3F5-4825-A5F7-89FE6097A9C5}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E77B9BC6-5011-44A4-9A02-BBFD9DD94926}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E786E97C-4DAE-4B80-9F0B-D6471B1519EA}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E7CD77CB-3B9C-4804-8875-1EBC5BC01526}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E7CECF88-381C-4783-B883-2312B87A1850}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E7ECA1D6-B53D-46AE-98D6-16C4FCEE43AB}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E7FFFD2C-78F4-452C-A528-31389B4ECFEA}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E81CCDF5-2A99-4E85-BC14-422BEA41C847}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E8633DBE-C9DF-47F0-9E37-E23C07C63C7D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E8B070C7-BEE3-4D67-BE0C-016152152015}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E9286822-B8A6-4CF4-95F3-B824C6F759D1}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E9667950-B472-46C7-8BDA-7FC619B83212}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E96D77D4-0FD9-45FB-952C-75B754D1B296}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E98CFBC0-D6A0-4BD5-A06D-74B7D5E3220E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E99D45FB-F3DB-4EA6-AC31-5E6EB9B90676}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{E9BA98DA-EFAA-4421-A240-B756DCA27280}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EA07E9EB-967F-458D-BC1E-DF5F9C7FC2C7}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EA08647B-E488-488A-AE8E-42B043F96C38}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EA6E2A8A-3987-4FDA-8CD3-BEE9ED7276C3}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EA965DD6-EBF2-4E34-9D3B-28A94D1D7295}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EB019CCC-454A-4E8D-A318-C4B9D9B0AF15}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EB1181EF-BE2D-4FF7-80AF-4E7E5CA70E05}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EB3F1F4A-7E0E-451D-B0C0-5C68592AC393}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EB4D64DE-839A-490C-B1FE-472AA754453E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EB57C2E5-F975-4FF6-AD41-D8CA9608EAC3}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EB6751A6-4D51-4B6F-BD1B-BE129E91429F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EB825FA5-2B60-4DC6-810A-C20BBFF85367}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EB9AA31F-701F-48AA-988F-2245000E82CF}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EBB03111-A381-4605-B1AF-1E6CEE419613}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EBB143B7-9761-4DBC-B713-457393C5F833}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EBC247D9-9ABB-4CB0-90B1-D9726A407D9E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EBC3A22C-87A0-48C0-8D8F-2CBFF53FD108}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EC2E7F0F-B29E-4D93-AD13-8846EBF97CC2}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EC4C8C3C-17E5-408C-8F98-DFC16DE902FF}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EC7DAE42-2672-4143-94E0-C7CBE99F7AF7}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{ECBE873C-4706-4221-AD30-38D911518AAC}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{ECEC1205-17D5-432C-BA5D-713CA934C989}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{ECF35C2A-E16E-4EE2-9EA6-F7679B35D2E9}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{ECF97FE3-0D09-4505-AB5A-D87949DA8C10}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{ED06C2DA-9899-4EF5-A7D6-6F67383CD2FF}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{ED2D48C2-F5A1-4B38-99C2-19CE2D02C49B}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{ED492913-4882-4231-89B7-B909AC14CB13}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{ED6CE4DE-33ED-419F-A2E5-C9A00AB285C0}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{ED71BFE1-AF59-420E-820A-08E17B776D14}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EDB9C6A8-F9C3-4F80-AE35-515D61AD4093}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EDE30927-A8F2-4E67-91DC-C7D990CA3260}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EE1CDBE5-8F4D-4117-8612-E4ACEF1C3888}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EE2A58F7-8FB3-4E48-A21F-2277DA0214C2}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EE535ACE-E4B3-4AC5-83AC-430896316046}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EE5FC916-F0DD-4A11-BD71-068A463D8587}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EE6AE5D8-1EE2-4BDA-8BAB-F7339C40D35B}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EE6B192A-56C2-4C98-9DEE-24BA0F79DB36}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EE6C48EB-95BF-4B4C-AC4E-2EC832C1DD17}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EE6EDB2E-36AF-4F40-BDF2-ABD3E0AE0716}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EEB07ACD-D789-4CD2-96CD-9F661870AD4D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EEC1DFA5-73B4-4B8C-A9C0-87DB9A4BBBE2}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EEE3C70B-7D98-4F3F-8FA8-DFD7C8B76EAB}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EF155FF6-2E80-452C-A64C-A4D73971B321}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EF2133F1-B9F0-4CA3-A1F6-6A06BA2EE7BC}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EFB7436D-8C85-4DE9-B60E-D19D3D4C7C2C}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EFBAE74B-BE90-4B0B-8E13-64949444A7AC}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EFD60696-5740-437E-B7BB-EC936A1AE125}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EFD7309A-8A62-4B5D-82C3-5A1C28DF9EFC}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F03E201B-6001-443E-AC54-00443B7BB1CF}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F08AE743-6F01-4B08-9C1D-C421570FA79F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F0A43646-27B5-4152-B53C-185C7DE6BC01}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F0B9E3FD-FDEE-4E94-BA81-AFF4963D5E4C}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F0ECCECB-07BE-4D69-B116-2BD6283F38B8}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F10A2DC1-130C-4E41-88A6-A02FD0351FDB}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F1359E76-00D6-4172-8DB9-DF040B290261}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F1A3E850-9FB7-434E-BC37-195DB3A79C05}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F1C81F0B-30BA-4A1A-8F0A-8931381E5FF5}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F1E5D7C9-4290-4320-AA6A-E93343AEB801}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F2377504-1F7B-4D3C-A535-F2BDC525A0EF}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F242A784-D681-4DD8-93E8-B2DAFF7CD60C}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F25E5BE5-E5EE-4BA9-8C3E-1365C61ADBD0}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F27B2439-37DB-457E-9161-7158DDBF17B6}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F2982402-EDA7-420A-BBC4-9B0C5E591E6C}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F29D5B99-3DCA-4BB7-BFE5-E9EB403BCC15}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F2A13B29-0E24-4F44-9135-CD9395D39670}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F2F1B5DE-F997-40E3-9DB5-E38E0EF8D344}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F304C073-E792-41CF-8F35-B170FE81B134}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F31466BC-74A6-49C8-830A-3A740758F457}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F325B552-2645-4644-BCE4-60DCD8552A13}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F34D7C06-1811-49F5-8387-545946305A66}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F36986BC-DC0B-4606-BB24-A84C8B84955D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F3B95495-4CB6-4918-8E59-D72A2E7A56A7}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F3E709A2-19CB-4725-8371-5030AD382B41}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F3EA13B9-AE3D-4AF3-A3F4-A5F1D853E687}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F3EF1E72-ABAE-4AE2-B02C-AF85C91D07C5}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F408D640-15CB-446C-9B40-BC34FF3E0706}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F4402119-A15A-4256-B728-571FF69A4486}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F454655E-36E6-4B65-95F7-0F56EA192819}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F4861AC1-0B0B-421D-BC75-1AEA3A9A2743}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F50DFC82-A562-457D-958A-C88458C559B2}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F51C59E9-C10B-4668-BA79-753D5BB8AE89}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F52035BA-E5DF-4334-9023-ED08D66CBD8C}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F525B3A9-A1A7-4848-A3E7-1D603C4629BD}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F53F9242-CD94-4E79-950D-435854E6DE66}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F543A2BB-0349-4DFE-9345-8BC9B34384AB}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F5544486-CAAF-4173-85BF-664339112C2F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F55DC4A1-064B-409C-9BF8-88BAC7C1F389}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F5752FC5-502B-48B5-A517-E9661D5853ED}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F596AD45-16EE-4D62-8E15-9B50FD7A1A49}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F5C87DDD-6418-4B62-A95F-1D361E627F21}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F5F543BC-DEB0-4F3A-ACA1-777A3A93B4DD}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F5F78231-52BB-4D58-9054-0487E1C94BC3}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F61C089F-494F-4F86-8B38-355B580CD096}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F67A18CC-80CB-4369-9712-6961D42FC62D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F6C4ADDD-CBA0-45F7-8380-E5C78BB623BB}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F6D25A8E-5773-45A9-90A0-3C480C581FD3}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F6E42F0F-BC46-4FD3-839A-808BD6353BA9}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F7031388-9A98-4BAE-BC1E-E83D648C45CF}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F71ACFDB-A24A-4324-AEDA-25554C3B65A8}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F71DDDE2-23E7-4D13-8D11-FFEE448B68E7}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F734CBD1-93BE-41BE-8701-0D694F1DCFBF}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F756A741-E67B-45A8-9F44-75B162B35380}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F76894D1-F811-4947-87F8-1FBA8DB6BABC}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F796175E-1D9E-4D40-B116-ACBDA088C745}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F7A2C9B6-1389-41CA-9E1D-BE2F85DFAC12}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F7CD3C66-47EA-4980-AAB0-0533488A2F80}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F7E013D1-6177-4A09-901A-F2580AA3662C}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F8230A19-E1B1-439F-A8E2-7465F946D904}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F86704EB-BC18-490C-81FE-D3317588C5AF}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F872103C-B994-4C08-A33E-2337F7AE0341}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F8736609-0C2D-4896-87EC-1840F449BA56}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F8B5E0B5-6348-4888-8C25-BCB9F8DDEF62}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F8B70C7A-91FE-40F7-8AB4-ACEFAF23F75D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F8C79A13-09F1-450B-B30B-AB1A328D61E4}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F8D90B50-A33D-492F-93C1-DF094FAB4B4F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F91849E1-2476-4752-AFD9-D4498727A67D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F94952EE-598F-48D6-A521-EE1BA1C3A213}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F98FDAED-043B-4300-8BC3-B71F5CCE9720}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F99C063F-85F3-4B3F-BCE5-0FA773751E72}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F9D6C6A4-F1A5-4B84-8E08-A23686E4BCE8}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F9E110E7-AFAB-4736-A351-4D5EFA10103E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F9FDEA0C-A9A9-4FEB-B5C8-E6448D049BC4}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{F9FEC437-EA99-4F67-B3D5-A49370BB6E86}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FA14324B-F390-428A-BBCF-82AEE0C27106}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FA89378D-2171-4F30-917D-ECB4EB1B0686}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FA976EF6-B3CA-4FAF-85BE-AEBB5E20D93E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FA97AA41-5F2A-4A62-85BE-CEB3B6887A87}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FAAB35CB-68CA-4FD0-9D2A-5187C0B3DED0}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FAE7995D-5CAC-496F-BE97-2111632ADD83}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FAFBABE3-7B6F-4177-928E-D7BB112EABA4}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FB2E945C-D7CD-4CCD-988F-1D03EEFEC673}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FB550A0B-433C-4364-A656-A61FCAC39303}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FBACE47D-37F3-4AFB-946A-E0749B8A6227}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FBEB660A-A6B7-4541-B797-50553175EB83}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FC4B84CA-174A-4B62-9031-DF1A12A47034}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FC5FCBBF-BC52-4924-9C13-F6FB7078ED1F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FC605468-DC0B-4212-A8B0-4366634EDD93}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FC77E65A-C1DA-436A-8A51-7220512681A6}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FC8DD600-E399-4099-AE9A-613CF58427E4}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FC8FBC5B-D411-493B-8B1C-7DCAAAA52FF4}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FCE997AF-BF6A-4A2E-ACDA-D90E44D08FC9}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FCECB274-585C-42D6-903C-0943EB2A59A5}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FD097EC0-D5C6-4626-B8C1-4AAE59814B19}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FD11324C-2463-4332-9F62-CF218A79BEA1}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FD128EB0-0986-4A3B-9456-10E7C93055C5}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FD2A58F2-166A-4222-89BF-DD208BB33363}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FD41A95F-F011-4C9B-9E4E-B7C3E59504B4}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FD86B3F6-5387-4ED1-92B7-6CA1038EEB72}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FDC9FDB0-4CEA-408B-8B18-6EC23D068C55}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FDCE719C-3123-4E2B-8E2B-5A3143345778}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FDD15F9E-F018-40DE-933D-394C75E58991}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FE25683B-69C8-4614-BB7B-523C3DAA5A4C}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FE26F9E4-BCAC-415E-9BA2-02A4FAFCA6EA}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FE4CDB70-4E4B-4686-9220-68C309DBE2BE}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FE765AF2-B1E4-4163-9100-93F9EE05FA6D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FE836FF9-045D-408E-AF21-47F5A86A13BE}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FE9B0D29-412A-488E-BF4A-80DE13DAF5E7}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FEA11C22-D836-4B8A-9E55-51FD6BEDECEE}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FEC09005-D57C-4BAF-BD2C-20A44E51DC97}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FEC34C14-150F-41D3-ACB4-424F013595CB}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FEEB63BF-C3AA-4447-A61D-C4910C6C3076}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FF2C8040-1986-4241-908B-28EF54EAAEA8}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FF440300-D2FF-4F18-B3B3-62B76DBCC88E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FF64B25A-113A-4A69-AB71-0632DAB660E2}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FF99B48C-98A9-4658-BC31-173BE19E28B0}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FFC38673-3A1D-42E0-82EB-C960048B23F3}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FFD70DC3-7EF9-4314-BCC6-2C53A4CC02E7}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FFD9F4BF-E3B3-4A07-886C-FB3C73A87D4F}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FFE513F3-73D2-4E83-A7A7-12D8EA5C186A}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FFE63140-4E11-4BB7-B5B4-7065F4E8429E}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FFEBFE23-FA12-400B-AD36-87B3925C8519}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 10/13/2013 at 22:04:34.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
=============================================================================================
 
When I tried to post JRT.txt, I got an error message that it was too long,
so I cut out a bunch of these empty folders.
 
Step 05 will be next.
Link to post
Share on other sites
ralphyde

ralphyde

Posted
  • Author
Posted

Step 05:  AdwCleaner.   Log to follow:

 

# AdwCleaner v3.007 - Report created 14/10/2013 at 11:05:14
# Updated 09/10/2013 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)
# Username : Ralph - RALPH-PC
# Running from : C:\Users\Ralph\Desktop\Deskwork\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found C:\ProgramData\AVG Security Toolbar
Folder Found C:\Users\Ralph\AppData\Local\PackageAware
Folder Found C:\Users\Ralph\AppData\LocalLow\AVG Security Toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Uniblue\DriverScanner
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\Software\TENCENT
Key Found : HKLM\Software\Uniblue\DriverScanner
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16514
 
 
-\\ Google Chrome v30.0.1599.69
 
[ File : C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [2986 octets] - [14/10/2013 11:05:14]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3046 octets] ##########
 
 
======================================================================================
 
 
I didn't see anything I wanted to keep.  So I will press Clean now, as directed.
Link to post
Share on other sites
ralphyde

ralphyde

Posted
  • Author
Posted

Task 05 - continued:

 

Here's the report from AdwCleaner:

 

# AdwCleaner v3.007 - Report created 14/10/2013 at 11:23:15
# Updated 09/10/2013 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)
# Username : Ralph - RALPH-PC
# Running from : C:\Users\Ralph\Desktop\Deskwork\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Users\Ralph\AppData\Local\PackageAware
Folder Deleted : C:\Users\Ralph\AppData\LocalLow\AVG Security Toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Uniblue\DriverScanner
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\Software\Uniblue\DriverScanner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16514
 
 
-\\ Google Chrome v30.0.1599.69
 
[ File : C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [3126 octets] - [14/10/2013 11:05:14]
AdwCleaner[s0].txt - [3105 octets] - [14/10/2013 11:23:15]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3165 octets] ##########
 
==============================================================================
 
Moving on to Task 06.
 
But first:
 
I'm still not able to run with a normal startup.  The desktop comes up, looking okay.  But attempting
any job soon causes a freeze up of the desktop, and a continuous revolving circle.  Finally I have
to force a shutdown.  Letting it run for awhile last time finally came up with a message:
"wmpnscfg.exe has stopped working"
 
When I googled 'wmpnscfg.exe' in safe mode, I get referred to the "wmpnscfg.exe virus"
as described here:
 
 
This relates in my mind to the fact that every time recently where my system has done a CHKDSK run,
after a crash or attempted startup, the two files that are always screwed up, and the indexes that have
to be deleted then restored as orphans, are wmplayer.exe and taskmgr.exe (among occasional others).
 
Does this ring any bells with you?  And do you think I may have this virus?
 
Thanks,
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

That is probably related to the Windows Media Player configuration.  Microsoft seems to think like Google and Facebook that you want to share your media so it tries to run and setup sharing and other configuration options.

 

Create an Autoruns Log:

  • Please download Sysinternals Autoruns from here.
  • Save Autoruns.exe to your desktop and double-click it to run it.
  • Once it starts, please press the Esc key on your keyboard.
  • Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures
  • Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
  • When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
  • Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the Autoruns.zip folder you just created to your next reply

Link to post
Share on other sites
ralphyde

ralphyde

Posted
  • Author
Posted

Made some good progress yesterday, and today I seem to be able to run with normal startup, and without signs of freezing up so far (knock wood).  I can't recall much of the frustrating day, with several crashes.

 

But the breakthrough came when I got a message related to my HP printer.

"HP Update:  The application failed due to missing software library. You may need to reinstall the application again."

 

I spent hours looking for the CD for my HP Photosmart 6520 all-in-one printer, to make sure I could reinstall it once uninstalled, finally called HP Support, and talked to a very savvy tech (in the Philipines), who assisted me remotely, downloaded updated install software, but we couldn't uninstall in Safe Mode, but I was reassured that I'd be able to reinstall after uninstalling.

 

So, after that, I was able to come up in normal mode, and quickly (before freezing up) was able to uninstall the HP Printer and HP Update.  After another crash or two, and a startup repair (successful), I was able to come up in normal mode, and run for hours.  Shut down normally last night, and came up normally today (though with an abnormally long "welcome" phase).  But I am up clean, and running normally so far.

 

So I will proceed with Step 06 and Step 07, and then create the Autoruns log, as instructed in your last post.

Link to post
Share on other sites
ralphyde

ralphyde

Posted
  • Author
Posted

I was wrong in previous message.  After about two hours, thinking it was running normally, the system

froze up again, and after awhile, I did a forced shutdown.

 

I was in Twitter, and clicked on a recent trend.  After some 'waiting for cache' at the bottom, the trey at the bottom and the start button disappeared, showing no signs of recovery.

 

Now, back to Step 06.

Link to post
Share on other sites
ralphyde

ralphyde

Posted
  • Author
Posted

On Step 06, ESET hung up at the same place it did before, when I ran it for Marius on Sept 25th. At C:\Boot\bootstat.dat 

See the post about the previous run here:

 

https://forums.malwarebytes.org/index.php?showtopic=133795&p=734659

 

Went on to Step 07, Farbar Recovery Scan

 

Here is First.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Ralph (administrator) on RALPH-PC on 15-10-2013 12:54:59
Running from C:\Users\Ralph\Desktop\Deskwork
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(Malwarebytes Secure Backup) C:\Program Files\Malwarebytes Secure Backup\SMessaging.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Nitro PDF Software) C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
(Malwarebytes Secure Backup) C:\Program Files\Malwarebytes Secure Backup\SAgent.Service.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [sOSUAUI] - C:\Program Files\Malwarebytes Secure Backup\sosuploadagent.exe [55192 2013-08-15] (Malwarebytes Secure Backup)
HKLM\...\Run: [sMessaging] - C:\Program Files\Malwarebytes Secure Backup\SMessaging.exe [64408 2013-08-15] (Malwarebytes Secure Backup)
HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1093464 2013-08-22] (Garmin Ltd or its subsidiaries)
HKCU\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Guest\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Guest\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Guest\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKU\Guest\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-06-21] (Skype Technologies S.A.)
HKU\Guest\...\Run: [Picasa Media Detector] - C:\Program Files\Picasa2\PicasaMediaDetector.exe
HKU\Guest\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\HOMERunner.exe [ 2008-05-06] (TomTom)
HKU\Guest\...\Run: [sandboxieControl] - "C:\Program Files\Sandboxie\SbieCtrl.exe"
HKU\Guest\...\Run: [MsnMsgr] - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [ 2012-03-08] (Microsoft Corporation)
HKU\Guest\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [ 2009-01-08] (Yahoo! Inc.)
HKU\Guest\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-19] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL [ 2008-01-19] ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {18CCE993-B9CC-4922-881F-F5EE68634486} URL = http://windowssecrets.com/search/?q={searchTerms}&advSAN=1
SearchScopes: HKCU - {54B22D32-7CA4-4CC1-8B88-BBAFBA652252} URL = http://windowssecrets.com/search/?q={searchTerms}&advWS=1
SearchScopes: HKCU - {E81BEE72-CE53-4C96-BD0A-A95BD4404BFC} URL = http://windowssecrets.com/sitesearch/?cx=017937947691920082874%3A_ilcm6kdy_y&cof=FORID%3A11&q={searchTerms}
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {AA58ED58-01DD-4d91-8333-CF10577473F7} -  No File
BHO: No Name - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -  No File
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 64.91.3.46
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1
CHR Extension: (Google Drive) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1
CHR Extension: (Screenshot) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk\0.2.4_0
CHR Extension: (YouTube) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Webpage Screenshot Bar) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\13.6_0
CHR Extension: (Google Search) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (Search by Image (by Google)) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.5.0_0
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0
CHR Extension: (PDFescape Free PDF Editor) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdefoklganepljiopdnglodohlgfikkl\0.21_0
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.3_0
CHR Extension: (RevEye Reverse Image Search) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\keaaclcjhehbbapnphnmpiklalfhelgf\1.4.2_0
CHR Extension: (Skype Click to Call) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.12.0.13601_1
CHR Extension: (Explain and Send Screenshots) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdddabjhelpilpnpgondfmehhcplpiin\6.7.6_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
CHR Extension: (Hover Zoom) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.21_0
CHR Extension: (Gmail) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
 
========================== Services (Whitelisted) =================
 
S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504 2013-08-22] (Garmin Ltd or its subsidiaries)
S2 gupdate1c90e025ce8c3d3; C:\Program Files\Google\Update\GoogleUpdate.exe [116648 2013-02-05] (Google Inc.)
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool; C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [196912 2011-01-28] (Nitro PDF Software)
R2 sagentservice; C:\Program Files\Malwarebytes Secure Backup\SAgent.Service.exe [39832 2013-08-15] (Malwarebytes Secure Backup)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [993848 2011-01-10] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-01-10] (Secunia)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3273088 2013-09-16] (Skype Technologies S.A.)
S2 AdobeARMservice; "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" [x]
 
==================== Drivers (Whitelisted) ====================
 
S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2006-11-02] (Intel Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [31576 2013-01-22] (AVG Technologies)
R1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [2432 2006-10-04] (Sonic Solutions)
R1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [2560 2006-10-04] (Sonic Solutions)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] (Microsoft Corporation)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1302492 2006-11-02] (Intel Corporation)
R3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25624 2008-12-16] ()
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-12-16] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [350720 2010-03-31] (Realtek Semiconductor Corporation                           )
U3 TrueSight; C:\Windows\system32\TrueSight.sys [26624 2013-10-13] ()
S3 U2SP; C:\Windows\System32\DRIVERS\u2s2kxp.sys [23296 2004-05-05] (Magic Control Technology Corp.)
S3 USA19H; C:\Windows\System32\DRIVERS\USA19H2k.sys [704000 2007-10-30] (Keyspan)
S3 USA19H2KP; C:\Windows\System32\DRIVERS\USA19H2kp.SYS [24192 2007-05-29] (Keyspan)
S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv.sys [13824 2012-08-27] (Scott)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\Users\Ralph\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S1 MpKslbfa56867; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F98F3FE3-F826-4ADA-B044-C0F0486CA9C4}\MpKslbfa56867.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-15 12:54 - 2013-10-15 12:54 - 00000000 ____D C:\FRST
2013-10-15 12:48 - 2013-10-15 12:48 - 01087213 _____ (Farbar) C:\Users\Ralph\Downloads\FRST.exe
2013-10-14 15:57 - 2013-10-14 15:57 - 00000000 __SHD C:\found.011
2013-10-14 11:04 - 2013-10-14 11:23 - 00000000 ____D C:\AdwCleaner
2013-10-14 11:00 - 2013-10-14 11:01 - 01048960 _____ C:\Users\Ralph\Downloads\AdwCleaner.exe
2013-10-13 22:00 - 2013-10-13 22:00 - 00000000 ____D C:\Windows\ERUNT
2013-10-13 21:50 - 2013-10-13 21:50 - 01032220 _____ (Thisisu) C:\Users\Ralph\Downloads\JRT.exe
2013-10-13 20:03 - 2013-10-13 20:52 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-13 20:01 - 2013-10-13 20:01 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-13 19:58 - 2013-10-13 20:52 - 00000000 ____D C:\Users\Ralph\Desktop\mbar
2013-10-13 19:49 - 2013-10-13 19:50 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Ralph\Downloads\mbar-1.07.0.1007.exe
2013-10-13 17:00 - 2013-10-13 17:00 - 00000000 ____D C:\32a037ba1f0a3e5ea168f2
2013-10-13 16:14 - 2013-10-13 16:14 - 00015529 _____ C:\ComboFix.txt
2013-10-13 15:54 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-13 15:54 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-13 15:54 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-13 15:54 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-13 15:54 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-13 15:54 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-13 15:54 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-13 15:54 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-13 15:46 - 2013-10-13 16:14 - 00000000 ____D C:\Qoobox
2013-10-13 15:30 - 2013-10-13 15:27 - 05132614 ____R (Swearware) C:\Users\Ralph\Desktop\ComboFix.exe
2013-10-13 15:26 - 2013-10-13 15:27 - 05132614 _____ (Swearware) C:\Users\Ralph\Downloads\ComboFix.exe
2013-10-13 11:37 - 2013-10-13 11:37 - 00026624 _____ C:\Windows\system32\TrueSight.sys
2013-10-13 11:32 - 2013-10-13 16:13 - 00000000 ____D C:\Windows\ERDNT
2013-10-13 11:29 - 2013-10-13 11:29 - 00000693 _____ C:\Users\Ralph\Desktop\NTREGOPT.lnk
2013-10-13 11:29 - 2013-10-13 11:29 - 00000000 ____D C:\Program Files\ERUNT
2013-10-13 11:19 - 2013-10-13 11:18 - 00951296 _____ C:\Users\Ralph\Desktop\RogueKiller.exe
2013-10-13 11:18 - 2013-10-13 11:18 - 00951296 _____ C:\Users\Ralph\Downloads\RogueKiller.exe
2013-10-13 11:16 - 2013-10-13 11:15 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Ralph\Desktop\erunt-setup.exe
2013-10-13 11:14 - 2013-10-13 11:15 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Ralph\Downloads\erunt-setup.exe
2013-10-13 11:09 - 2013-10-14 16:15 - 00000041 _____ C:\Windows\Filzip.ini
2013-10-13 11:08 - 2013-10-13 11:08 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Ralph\Downloads\rkill.exe
2013-10-12 22:39 - 2013-10-12 22:39 - 00143360 _____ C:\Windows\Minidump\Mini101213-01.dmp
2013-10-12 10:04 - 2013-10-12 10:05 - 00000000 ____D C:\d37cb711f4669170007b7c06
2013-10-11 13:24 - 2013-10-11 13:24 - 00143360 _____ C:\Windows\Minidump\Mini101113-03.dmp
2013-10-11 13:17 - 2013-10-11 13:18 - 00000000 ____D C:\c0064fe9fba931b6ef
2013-10-11 12:17 - 2013-10-11 12:17 - 00143360 _____ C:\Windows\Minidump\Mini101113-02.dmp
2013-10-11 11:33 - 2013-10-11 11:33 - 00000000 ____D C:\cae8e13b0f4073a46ca470
2013-10-11 11:01 - 2013-10-11 11:01 - 00000000 ____D C:\2f4fe8f68cccaeb0c81653a992865799
2013-10-11 10:50 - 2013-09-22 03:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 10:50 - 2013-09-22 03:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 10:50 - 2013-09-22 03:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 10:50 - 2013-09-22 03:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-11 10:50 - 2013-09-22 03:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 10:50 - 2013-09-22 03:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 10:50 - 2013-09-22 03:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-11 10:50 - 2013-09-22 03:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 10:50 - 2013-09-22 03:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-11 10:50 - 2013-09-22 03:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 10:50 - 2013-09-22 03:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-11 10:50 - 2013-09-22 03:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 10:50 - 2013-09-22 03:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 10:50 - 2013-09-22 03:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 10:50 - 2013-09-22 03:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-11 10:50 - 2013-09-22 02:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 10:27 - 2013-10-11 10:27 - 00143360 _____ C:\Windows\Minidump\Mini101113-01.dmp
2013-10-10 13:14 - 2013-10-10 13:14 - 00000022 _____ C:\Users\Ralph\DumpFiles.ZIP
2013-10-10 12:51 - 2013-10-10 13:00 - 00000000 ____D C:\Program Files\Filzip
2013-10-10 12:51 - 2013-10-10 12:51 - 00001546 _____ C:\Users\Public\Desktop\Filzip.lnk
2013-10-10 12:51 - 2013-10-10 12:51 - 00001546 _____ C:\Users\Guest\Desktop\Filzip.lnk
2013-10-10 12:47 - 2013-10-10 12:47 - 01325557 _____ (Philipp Engel                                               ) C:\Users\Ralph\Downloads\fz306.exe
2013-10-10 10:11 - 2013-10-10 10:11 - 00000000 ____D C:\7072a0582fb67f1ce4
2013-10-09 21:38 - 2013-08-29 00:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 21:38 - 2013-08-26 19:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-09 21:38 - 2013-08-26 19:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-09 21:38 - 2013-08-26 19:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-09 21:38 - 2013-08-26 19:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-09 21:38 - 2013-08-26 18:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-09 21:38 - 2013-08-26 18:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-09 21:38 - 2013-08-26 18:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-09 21:38 - 2013-08-26 18:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-09 21:38 - 2013-08-26 18:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-09 21:38 - 2013-07-31 20:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 21:38 - 2013-07-31 19:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-09 21:38 - 2013-07-20 03:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 21:37 - 2013-07-12 02:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 21:37 - 2013-06-28 19:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 21:37 - 2013-06-28 19:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 21:37 - 2013-06-28 19:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 21:37 - 2013-06-28 19:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 21:37 - 2013-06-26 16:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 21:37 - 2011-05-05 06:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 21:37 - 2011-05-05 06:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 21:33 - 2013-06-03 21:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 21:33 - 2013-06-03 18:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 21:32 - 2013-07-03 21:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 21:32 - 2013-07-02 19:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 21:32 - 2013-07-02 19:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 15:58 - 2013-10-09 15:58 - 00289780 _____ C:\Users\Ralph\Downloads\1261771686-19849-207.118.64.47 (16).kml
2013-10-09 11:36 - 2013-10-09 11:36 - 00760937 _____ (Farbar) C:\Users\Ralph\Downloads\MiniToolBox.exe
2013-10-08 16:52 - 2013-10-08 16:52 - 00000000 ____D C:\found.010
2013-10-08 02:51 - 2013-10-08 02:51 - 00000000 ____D C:\found.009
2013-10-06 09:58 - 2013-10-06 09:58 - 00143360 _____ C:\Windows\Minidump\Mini100613-01.dmp
2013-10-03 11:44 - 2013-10-03 11:45 - 00143360 _____ C:\Windows\Minidump\Mini100313-01.dmp
2013-10-02 16:23 - 2013-10-02 16:26 - 36773799 _____ C:\Users\Ralph\Downloads\charmedsamp.wmv
2013-10-02 16:13 - 2013-10-02 16:13 - 01425123 _____ C:\Users\Ralph\Downloads\18022011 caddie_bruyant1.wmv
2013-10-02 12:40 - 2013-10-02 12:40 - 00118149 _____ C:\Users\Ralph\Downloads\wmpChrome (1).crx
2013-09-29 14:25 - 2013-09-29 14:25 - 00000075 _____ C:\Users\Ralph\Desktop\#9842 Alena 24, 170cm, 55kg.url
2013-09-27 21:43 - 2013-09-27 21:43 - 00143360 _____ C:\Windows\Minidump\Mini092713-01.dmp
2013-09-26 12:43 - 2013-09-26 12:43 - 00143360 _____ C:\Windows\Minidump\Mini092613-01.dmp
2013-09-25 14:08 - 2013-09-25 14:08 - 00000000 ____D C:\Program Files\ESET
2013-09-25 14:04 - 2013-09-25 14:04 - 02347384 _____ (ESET) C:\Users\Ralph\Downloads\esetsmartinstaller_enu.exe
2013-09-24 15:26 - 2013-09-24 15:26 - 00018160 _____ C:\Users\Ralph\Downloads\attach.txt
2013-09-24 13:58 - 2013-09-24 13:58 - 00001084 _____ C:\Users\Ralph\Documents\ark.txt
2013-09-24 12:09 - 2013-09-24 12:09 - 00377856 _____ C:\Users\Ralph\Downloads\6d4nnzwk.exe
2013-09-24 10:59 - 2013-10-15 12:52 - 00000000 ____D C:\Users\Ralph\Desktop\Deskwork
2013-09-24 10:47 - 2013-09-24 10:47 - 00688992 _____ (Swearware) C:\Users\Ralph\Downloads\dds (1).com
2013-09-24 10:26 - 2013-09-24 10:26 - 00143360 _____ C:\Windows\Minidump\Mini092413-01.dmp
2013-09-23 11:13 - 2013-09-23 11:13 - 00000000 ____D C:\found.008
2013-09-23 01:13 - 2013-09-23 01:13 - 00000000 ____D C:\found.007
2013-09-21 10:05 - 2013-09-21 10:05 - 00143360 _____ C:\Windows\Minidump\Mini092113-01.dmp
2013-09-20 21:53 - 2013-09-20 21:53 - 00143360 _____ C:\Windows\Minidump\Mini092013-03.dmp
2013-09-20 13:27 - 2013-09-20 13:27 - 00143360 _____ C:\Windows\Minidump\Mini092013-02.dmp
2013-09-20 10:27 - 2013-09-20 10:27 - 00143360 _____ C:\Windows\Minidump\Mini092013-01.dmp
2013-09-19 16:56 - 2013-09-19 16:56 - 00143360 _____ C:\Windows\Minidump\Mini091913-01.dmp
2013-09-17 18:37 - 2013-09-17 18:37 - 00143360 _____ C:\Windows\Minidump\Mini091713-01.dmp
2013-09-16 09:58 - 2013-09-16 10:00 - 15380128 _____ (Malwarebytes Corporation                                     ) C:\Users\Ralph\Downloads\mbsb-setup-1.2.0.0010.exe
 
==================== One Month Modified Files and Folders =======
 
2013-10-15 12:54 - 2013-10-15 12:54 - 00000000 ____D C:\FRST
2013-10-15 12:53 - 2013-02-05 15:20 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-15 12:52 - 2013-09-24 10:59 - 00000000 ____D C:\Users\Ralph\Desktop\Deskwork
2013-10-15 12:48 - 2013-10-15 12:48 - 01087213 _____ (Farbar) C:\Users\Ralph\Downloads\FRST.exe
2013-10-15 12:48 - 2013-08-01 09:10 - 00000466 _____ C:\Windows\Tasks\Online Backup Update Notifier.job
2013-10-15 12:45 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-15 12:42 - 2008-05-09 12:19 - 01371181 _____ C:\Windows\WindowsUpdate.log
2013-10-15 12:39 - 2010-11-20 19:02 - 00000438 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-10-15 12:37 - 2013-02-05 15:20 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-15 12:37 - 2013-01-30 11:44 - 00174002 _____ C:\Windows\PFRO.log
2013-10-15 12:37 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-15 12:37 - 2006-11-02 05:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-15 12:37 - 2006-11-02 05:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-15 12:26 - 2009-10-02 13:14 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000UA.job
2013-10-15 12:15 - 2013-02-14 02:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-15 10:15 - 2009-03-25 20:05 - 00000868 _____ C:\Windows\Tasks\Google Software Updater.job
2013-10-14 23:57 - 2006-11-02 06:01 - 00032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-14 20:23 - 2013-02-27 23:56 - 00000000 ____D C:\ProgramData\HP
2013-10-14 20:23 - 2006-11-02 05:37 - 00000000 ____D C:\Windows\twain_32
2013-10-14 20:17 - 2013-01-28 12:26 - 00000000 ____D C:\Users\Ralph\AppData\Local\LogMeIn Rescue Applet
2013-10-14 16:15 - 2013-10-13 11:09 - 00000041 _____ C:\Windows\Filzip.ini
2013-10-14 15:57 - 2013-10-14 15:57 - 00000000 __SHD C:\found.011
2013-10-14 11:23 - 2013-10-14 11:04 - 00000000 ____D C:\AdwCleaner
2013-10-14 11:01 - 2013-10-14 11:00 - 01048960 _____ C:\Users\Ralph\Downloads\AdwCleaner.exe
2013-10-13 22:00 - 2013-10-13 22:00 - 00000000 ____D C:\Windows\ERUNT
2013-10-13 21:50 - 2013-10-13 21:50 - 01032220 _____ (Thisisu) C:\Users\Ralph\Downloads\JRT.exe
2013-10-13 20:52 - 2013-10-13 20:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-13 20:52 - 2013-10-13 19:58 - 00000000 ____D C:\Users\Ralph\Desktop\mbar
2013-10-13 20:01 - 2013-10-13 20:01 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-13 19:50 - 2013-10-13 19:49 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Ralph\Downloads\mbar-1.07.0.1007.exe
2013-10-13 18:36 - 2008-05-09 12:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-13 17:52 - 2008-08-25 13:50 - 00073408 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-13 17:51 - 2009-05-22 16:45 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Skype
2013-10-13 17:49 - 2008-08-25 13:49 - 00000909 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-13 17:11 - 2006-11-02 03:33 - 00719076 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-13 17:00 - 2013-10-13 17:00 - 00000000 ____D C:\32a037ba1f0a3e5ea168f2
2013-10-13 16:14 - 2013-10-13 16:14 - 00015529 _____ C:\ComboFix.txt
2013-10-13 16:14 - 2013-10-13 15:46 - 00000000 ____D C:\Qoobox
2013-10-13 16:14 - 2006-11-02 04:18 - 00000000 ___RD C:\Users\Public
2013-10-13 16:13 - 2013-10-13 11:32 - 00000000 ____D C:\Windows\ERDNT
2013-10-13 16:11 - 2006-11-02 03:23 - 00000215 _____ C:\Windows\system.ini
2013-10-13 15:27 - 2013-10-13 15:30 - 05132614 ____R (Swearware) C:\Users\Ralph\Desktop\ComboFix.exe
2013-10-13 15:27 - 2013-10-13 15:26 - 05132614 _____ (Swearware) C:\Users\Ralph\Downloads\ComboFix.exe
2013-10-13 11:37 - 2013-10-13 11:37 - 00026624 _____ C:\Windows\system32\TrueSight.sys
2013-10-13 11:29 - 2013-10-13 11:29 - 00000693 _____ C:\Users\Ralph\Desktop\NTREGOPT.lnk
2013-10-13 11:29 - 2013-10-13 11:29 - 00000000 ____D C:\Program Files\ERUNT
2013-10-13 11:18 - 2013-10-13 11:19 - 00951296 _____ C:\Users\Ralph\Desktop\RogueKiller.exe
2013-10-13 11:18 - 2013-10-13 11:18 - 00951296 _____ C:\Users\Ralph\Downloads\RogueKiller.exe
2013-10-13 11:15 - 2013-10-13 11:16 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Ralph\Desktop\erunt-setup.exe
2013-10-13 11:15 - 2013-10-13 11:14 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Ralph\Downloads\erunt-setup.exe
2013-10-13 11:08 - 2013-10-13 11:08 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Ralph\Downloads\rkill.exe
2013-10-12 22:39 - 2013-10-12 22:39 - 00143360 _____ C:\Windows\Minidump\Mini101213-01.dmp
2013-10-12 22:39 - 2013-01-31 01:02 - 194652536 _____ C:\Windows\MEMORY.DMP
2013-10-12 22:39 - 2011-11-24 09:32 - 00000000 ____D C:\Windows\Minidump
2013-10-12 10:06 - 2013-07-14 12:21 - 00000000 ____D C:\Windows\system32\MRT
2013-10-12 10:05 - 2013-10-12 10:04 - 00000000 ____D C:\d37cb711f4669170007b7c06
2013-10-12 10:05 - 2006-11-02 03:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-10-11 13:24 - 2013-10-11 13:24 - 00143360 _____ C:\Windows\Minidump\Mini101113-03.dmp
2013-10-11 13:18 - 2013-10-11 13:17 - 00000000 ____D C:\c0064fe9fba931b6ef
2013-10-11 13:06 - 2006-11-02 05:47 - 00301032 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 12:17 - 2013-10-11 12:17 - 00143360 _____ C:\Windows\Minidump\Mini101113-02.dmp
2013-10-11 11:33 - 2013-10-11 11:33 - 00000000 ____D C:\cae8e13b0f4073a46ca470
2013-10-11 11:19 - 2008-09-11 13:49 - 00027412 _____ C:\Windows\system32\lvcoinst.log
2013-10-11 11:18 - 2008-09-11 13:28 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2013-10-11 11:14 - 2009-06-12 10:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 11:01 - 2013-10-11 11:01 - 00000000 ____D C:\2f4fe8f68cccaeb0c81653a992865799
2013-10-11 10:27 - 2013-10-11 10:27 - 00143360 _____ C:\Windows\Minidump\Mini101113-01.dmp
2013-10-10 13:14 - 2013-10-10 13:14 - 00000022 _____ C:\Users\Ralph\DumpFiles.ZIP
2013-10-10 13:14 - 2008-07-31 14:52 - 00000000 ____D C:\Users\Ralph
2013-10-10 13:00 - 2013-10-10 12:51 - 00000000 ____D C:\Program Files\Filzip
2013-10-10 12:51 - 2013-10-10 12:51 - 00001546 _____ C:\Users\Public\Desktop\Filzip.lnk
2013-10-10 12:51 - 2013-10-10 12:51 - 00001546 _____ C:\Users\Guest\Desktop\Filzip.lnk
2013-10-10 12:47 - 2013-10-10 12:47 - 01325557 _____ (Philipp Engel                                               ) C:\Users\Ralph\Downloads\fz306.exe
2013-10-10 10:11 - 2013-10-10 10:11 - 00000000 ____D C:\7072a0582fb67f1ce4
2013-10-09 15:58 - 2013-10-09 15:58 - 00289780 _____ C:\Users\Ralph\Downloads\1261771686-19849-207.118.64.47 (16).kml
2013-10-09 14:26 - 2009-10-02 13:14 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000Core.job
2013-10-09 12:46 - 2013-01-31 11:15 - 00000000 ____D C:\Program Files\WhoCrashed
2013-10-09 12:17 - 2012-09-20 08:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-09 12:17 - 2011-07-05 12:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 11:36 - 2013-10-09 11:36 - 00760937 _____ (Farbar) C:\Users\Ralph\Downloads\MiniToolBox.exe
2013-10-08 16:52 - 2013-10-08 16:52 - 00000000 ____D C:\found.010
2013-10-08 13:04 - 2006-11-02 04:18 - 00000000 ____D C:\Program Files\Common Files\System
2013-10-08 10:42 - 2008-09-03 10:51 - 00006648 _____ C:\Users\Ralph\AppData\Local\d3d9caps.dat
2013-10-08 02:51 - 2013-10-08 02:51 - 00000000 ____D C:\found.009
2013-10-07 11:57 - 2011-03-17 15:16 - 00000000 ____D C:\Users\Ralph\AppData\Roaming\Nitro PDF
2013-10-06 09:58 - 2013-10-06 09:58 - 00143360 _____ C:\Windows\Minidump\Mini100613-01.dmp
2013-10-05 11:10 - 2013-02-05 15:23 - 00001931 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-03 15:36 - 2008-08-07 12:00 - 00000000 ____D C:\Users\Ralph\AppData\Roaming\Skype
2013-10-03 11:45 - 2013-10-03 11:44 - 00143360 _____ C:\Windows\Minidump\Mini100313-01.dmp
2013-10-02 16:26 - 2013-10-02 16:23 - 36773799 _____ C:\Users\Ralph\Downloads\charmedsamp.wmv
2013-10-02 16:13 - 2013-10-02 16:13 - 01425123 _____ C:\Users\Ralph\Downloads\18022011 caddie_bruyant1.wmv
2013-10-02 12:40 - 2013-10-02 12:40 - 00118149 _____ C:\Users\Ralph\Downloads\wmpChrome (1).crx
2013-10-01 22:06 - 2013-08-01 09:46 - 00000506 _____ C:\Windows\Tasks\Malwarebytes Secure Backup - ralphyde@centurytel.net.job
2013-10-01 19:45 - 2013-08-01 09:08 - 00001880 _____ C:\Users\Public\Desktop\Malwarebytes Secure Backup.lnk
2013-09-29 19:12 - 2010-10-26 13:01 - 00000000 ____D C:\Users\Ralph\Documents\My Kindle Content
2013-09-29 14:25 - 2013-09-29 14:25 - 00000075 _____ C:\Users\Ralph\Desktop\#9842 Alena 24, 170cm, 55kg.url
2013-09-27 21:43 - 2013-09-27 21:43 - 00143360 _____ C:\Windows\Minidump\Mini092713-01.dmp
2013-09-27 12:04 - 2009-02-01 21:28 - 00000020 ____H C:\ProgramData\PKP_DLdu.DAT
2013-09-27 10:18 - 2009-10-01 13:15 - 00000000 ___RD C:\Program Files\Skype
2013-09-26 17:25 - 2012-06-04 22:27 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-09-26 12:43 - 2013-09-26 12:43 - 00143360 _____ C:\Windows\Minidump\Mini092613-01.dmp
2013-09-25 14:08 - 2013-09-25 14:08 - 00000000 ____D C:\Program Files\ESET
2013-09-25 14:04 - 2013-09-25 14:04 - 02347384 _____ (ESET) C:\Users\Ralph\Downloads\esetsmartinstaller_enu.exe
2013-09-24 15:26 - 2013-09-24 15:26 - 00018160 _____ C:\Users\Ralph\Downloads\attach.txt
2013-09-24 13:58 - 2013-09-24 13:58 - 00001084 _____ C:\Users\Ralph\Documents\ark.txt
2013-09-24 12:09 - 2013-09-24 12:09 - 00377856 _____ C:\Users\Ralph\Downloads\6d4nnzwk.exe
2013-09-24 10:47 - 2013-09-24 10:47 - 00688992 _____ (Swearware) C:\Users\Ralph\Downloads\dds (1).com
2013-09-24 10:26 - 2013-09-24 10:26 - 00143360 _____ C:\Windows\Minidump\Mini092413-01.dmp
2013-09-23 11:13 - 2013-09-23 11:13 - 00000000 ____D C:\found.008
2013-09-23 01:13 - 2013-09-23 01:13 - 00000000 ____D C:\found.007
2013-09-22 03:29 - 2013-10-11 10:50 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-22 03:22 - 2013-10-11 10:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-22 03:22 - 2013-10-11 10:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-22 03:14 - 2013-10-11 10:50 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-22 03:13 - 2013-10-11 10:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-22 03:13 - 2013-10-11 10:50 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-22 03:12 - 2013-10-11 10:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-22 03:09 - 2013-10-11 10:50 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-22 03:08 - 2013-10-11 10:50 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-22 03:07 - 2013-10-11 10:50 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-22 03:06 - 2013-10-11 10:50 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-22 03:05 - 2013-10-11 10:50 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-22 03:03 - 2013-10-11 10:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-22 03:03 - 2013-10-11 10:50 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-22 03:03 - 2013-10-11 10:50 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-22 02:59 - 2013-10-11 10:50 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-21 10:05 - 2013-09-21 10:05 - 00143360 _____ C:\Windows\Minidump\Mini092113-01.dmp
2013-09-20 21:53 - 2013-09-20 21:53 - 00143360 _____ C:\Windows\Minidump\Mini092013-03.dmp
2013-09-20 13:27 - 2013-09-20 13:27 - 00143360 _____ C:\Windows\Minidump\Mini092013-02.dmp
2013-09-20 10:27 - 2013-09-20 10:27 - 00143360 _____ C:\Windows\Minidump\Mini092013-01.dmp
2013-09-19 16:56 - 2013-09-19 16:56 - 00143360 _____ C:\Windows\Minidump\Mini091913-01.dmp
2013-09-18 15:50 - 2008-08-01 17:00 - 00000000 ____D C:\AmiPro
2013-09-17 20:24 - 2013-08-01 09:08 - 00000000 ____D C:\Program Files\Malwarebytes Secure Backup
2013-09-17 18:37 - 2013-09-17 18:37 - 00143360 _____ C:\Windows\Minidump\Mini091713-01.dmp
2013-09-16 10:04 - 2009-10-07 18:45 - 00000000 ____D C:\Windows\Downloaded Installations
2013-09-16 10:00 - 2013-09-16 09:58 - 15380128 _____ (Malwarebytes Corporation                                     ) C:\Users\Ralph\Downloads\mbsb-setup-1.2.0.0010.exe
 
Files to move or delete:
====================
C:\ProgramData\PKP_DLdu.DAT
C:\Windows\Tasks\{B9528C56-634A-4606-A03B-F93C07CBEBA2}.job
 
 
Some content of TEMP:
====================
C:\Users\Ralph\AppData\Local\temp\Quarantine.exe
C:\Users\Ralph\AppData\Local\temp\yx6c2qfn.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-15 12:45
 
==================== End Of Log ============================
 
 
And here is Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Ralph at 2013-10-15 12:58:25
Running from C:\Users\Ralph\Desktop\Deskwork
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe AIR (Version: 3.8.0.1430)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
Advertising Center (Version: 0.0.0.1)
AFPL Ghostscript 7.03
AFPL Ghostscript Fonts
Agere Systems HDA Modem
Amazon Kindle
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
Amazon MP3 Uploader (Version: 1.0.8)
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Panorama Maker 4
ArcSoft PhotoStudio 5.5
CAM UnZip 4.42
Canon CanoScan LiDE 100 User Registration
Canon G.726 WMP-Decoder (Version: 1.1.0.4)
Canon Inkjet Printer Driver Add-On Module
Canon MovieEdit Task for ZoomBrowser EX (Version: 2.6.0.4)
Canon MP Navigator EX 2.0
Canon PIXMA iP3000
Canon RAW Image Task for ZoomBrowser EX (Version: 3.3.0.5)
Canon Utilities CameraWindow (Version: 7.1.0.2)
Canon Utilities CameraWindow DC (Version: 7.1.0.7)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)
Canon Utilities Easy-PhotoPrint
Canon Utilities MyCamera (Version: 6.4.0.5)
Canon Utilities MyCamera DC (Version: 7.0.1.8)
Canon Utilities RemoteCapture DC (Version: 3.0.1.8)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX (Version: 6.1.1.21)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)
CanoScan LiDE 100 Scanner Driver
CCleaner (Version: 4.04)
CDBurnerXP (Version: 4.3.7.2423)
D3DX10 (Version: 15.4.2368.0902)
Defraggler (Version: 2.15)
DolbyFiles (Version: 0.1)
EasyCleaner (Version: 2.0.6.380)
Elevated Installer (Version: 2.2.21)
ERUNT 1.1j
ESET Online Scanner v3
Family Tree Maker
File Uploader (Version: 1.2.0)
Filzip 3.06 (Version: 3.0.6)
Garmin Communicator Plugin (Version: 4.0.3)
Garmin Express (Version: 2.2.21)
Garmin Express Tray (Version: 2.2.21)
Garmin Update Service (Version: 2.2.21)
Garmin USB Drivers (Version: 2.3.0.0)
Gateway Connect (Version: 1.1.0)
Gateway Recovery Center Installer (Version: 1.01.031)
Google Chrome (Version: 30.0.1599.69)
Google Earth (Version: 6.2.2.6613)
GSview 4.1
HP FWUpdateEDO2 (Version: 1.2.0.0)
HP Photosmart 6520 series Help (Version: 28.0.0)
HP Photosmart 6520 series Product Improvement Study (Version: 28.0.1315.0)
HPDiagnosticAlert (Version: 1.00.0000)
IDT Audio (Version: 5.10.5303.0)
ImagXpress (Version: 7.0.74.0)
IMM4 VCM Codec 1.0.0.10
Inkjet Printer/Scanner Extended Survey Program
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
IrfanView (remove only) (Version: 4.36)
Java 7 Update 25 (Version: 7.0.250)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 15.4.3502.0922)
Keyspan USB Serial Adapter (Version: 3.7s)
LabelPrint (Version: 2.0.1826)
Logitech Legacy USB Camera Driver Package
Logitech QuickCam (Version: 11.90.1263)
Logitech QuickCam Driver Package
Magnifier (Version: 2.4)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Malwarebytes Secure Backup (Version: 5.9.1.4720)
Menu Templates - Starter Kit (Version: 9.4.2.0)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft Money Essentials (Version: 16)
Microsoft Money Shared Libraries (Version: 16.0.0.705)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.05.0818)
Microsoft WSE 2.0 SP3 Runtime (Version: 2.0.5050.0)
Move Media Player
Movie Templates - Starter Kit (Version: 9.4.2.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nero 9 Essentials
Nero BurnRights (Version: 3.4.11.100)
Nero BurnRights Help (Version: 3.4.4.100)
Nero ControlCenter (Version: 9.0.0.1)
Nero CoverDesigner (Version: 4.4.9.100)
Nero CoverDesigner Help (Version: 4.4.9.100)
Nero DiscSpeed (Version: 5.4.11.100)
Nero DiscSpeed Help (Version: 5.4.4.100)
Nero DriveSpeed (Version: 4.4.11.100)
Nero DriveSpeed Help (Version: 4.4.4.100)
Nero Express Help (Version: 9.6.2.101)
Nero InfoTool (Version: 6.4.11.100)
Nero InfoTool Help (Version: 6.4.4.100)
Nero Installer (Version: 4.4.9.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero ShowTime (Version: 5.4.0.100)
Nero ShowTime (Version: 5.4.13.100)
Nero StartSmart (Version: 9.4.12.100)
Nero StartSmart Help (Version: 9.4.12.100)
Nero Vision (Version: 6.4.12.100)
Nero Vision Help (Version: 6.4.8.100)
NeroExpress (Version: 9.4.17.100)
neroxml (Version: 1.0.0)
Nikon Message Center (Version: 0.92.000)
Nikon Transfer (Version: 1.4.0)
Nitro PDF Reader (Version: 1.4.0.11)
Notepad++ (Version: 5.7)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Omron Health Management Software (Version: 1.21.0001)
PA095 / PA075 USB2.0 DOCK
Part 2 of 2
PDF reDirect (remove only) (Version: v2.2.8)
Picasa 3 (Version: 3.9)
Picasa Uploader (Version: 0.6)
Power2Go 5.0
Quicken Deluxe 98
Quicken WillMaker Plus 2013 (Version: 1.0.0.0)
QuickTime (Version: 7.74.80.86)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)
Realtek USB 2.0 Card Reader (Version: )
REALTEK USB Wireless LAN Driver (Version: 1.00.0000)
Secunia PSI (2.0.0.3001)
Segoe UI (Version: 15.4.2271.0615)
Singlesnet (Version: 0.9.2901.0)
Skype Click to Call (Version: 6.12.13601)
Skype™ 6.6 (Version: 6.6.106)
Spare Backup (Version: 3.2)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 9.1.17.0)
TaxACT 2010
TaxACT 2011 - 1040 Edition
TaxACT 2011 Oregon
TaxACT 2012 - 1040 Edition
TaxACT 2012 Oregon
TomTom HOME (Version: 2.9.6)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
TreeSize
Uniblue DriverScanner 2009 (Version: 2.0.0.1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebCopier
WhoCrashed 4.01
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Yahoo! Messenger
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2006-11-02 03:23 - 2013-10-13 16:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1F2D1D54-32EB-42A4-8B5F-A3914EABE69A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2FA3FE75-88E8-47DF-98C1-E645EC950EFB} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe
Task: {32B77094-D224-4F3E-A9F8-728D40CB4126} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-05] (Google Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {486B0270-4E58-4485-92A6-47D89531603C} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09] (Google)
Task: {4AAC8F7F-9C8F-4FAC-9964-D08B19B87FB9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000Core => C:\Users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-30] (Google Inc.)
Task: {7FDC9C7F-9363-48C7-9752-037CDE5E2496} - System32\Tasks\Malwarebytes Secure Backup - ralphyde@centurytel.net => C:\Program Files\Malwarebytes Secure Backup\sosuploadagent.exe [2013-08-15] (Malwarebytes Secure Backup)
Task: {81503994-5FEE-4A4B-9C05-3570613B7B80} - System32\Tasks\Online Backup Update Notifier => C:\Program Files\Malwarebytes Secure Backup\SUpdateNotifier.exe [2013-08-15] (Malwarebytes Secure Backup)
Task: {9731D136-1A55-4F17-868D-6EC853C83902} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {B57F7104-ED4A-4F13-923C-70788EDC08DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-05] (Google Inc.)
Task: {BE97025E-02DA-4C65-8871-BF0BB8B77502} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {C662C99A-7146-4713-80EB-A1758CEFE53C} - System32\Tasks\HPCustParticipation HP Photosmart 6520 series => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {DB490431-69F5-4E1F-9D03-C57377D9FBFA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000UA => C:\Users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-30] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {F9DA845F-DFE8-4849-98FB-AD2F6317DF5C} - System32\Tasks\{2AF0F2B9-1A00-46C8-8428-30E7C4215F9A} => C:\Program Files\Skype\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {F9F8FA80-A9CB-46F2-B7C9-ECC579CF5798} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000Core.job => C:\Users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000UA.job => C:\Users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Malwarebytes Secure Backup - ralphyde@centurytel.net.job => C:\Program Files\Malwarebytes Secure Backup\sosuploadagent.exe
Task: C:\Windows\Tasks\Online Backup Update Notifier.job => C:\Program Files\Malwarebytes Secure Backup\SUpdateNotifier.exe
Task: C:\Windows\Tasks\{B9528C56-634A-4606-A03B-F93C07CBEBA2}.job => c:\users\ralph\appdata\local\google\chrome\application\chrome.exe
 
==================== Loaded Modules (whitelisted) =============
 
2007-05-18 21:59 - 2007-05-18 21:59 - 00356928 _____ () C:\Program Files\Spare Backup\sqlite3.dll
2009-11-03 17:14 - 2009-11-03 17:14 - 00054272 _____ () C:\Program Files\Notepad++\NppShell_01.dll
2013-10-10 12:51 - 2004-09-08 13:45 - 00368128 _____ () C:\Program Files\Filzip\fzshext.dll
2013-08-15 16:40 - 2013-08-15 16:40 - 00023448 _____ () C:\Program Files\Malwarebytes Secure Backup\SOS.SharedEverywhere.dll
2013-08-15 16:40 - 2013-08-15 16:40 - 00030104 _____ () C:\Program Files\Malwarebytes Secure Backup\SOS.Contracts.CentralManagement.dll
2013-10-05 11:10 - 2013-10-02 23:03 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll
2013-10-05 11:10 - 2013-10-02 23:03 - 00415184 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
2013-10-05 11:09 - 2013-10-02 23:02 - 01604560 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: USB Device(VID_1f3a_PID_efe8)
Description: USB Device(VID_1f3a_PID_efe8)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: USB Devices
Service: usbUDisc
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/14/2013 08:20:50 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index metadata cannot be read.   (0xc0041801)
 
Error: (10/14/2013 08:20:50 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index metadata cannot be read.   (0xc0041801)
 
Error: (10/14/2013 08:20:50 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.   (0x80070490)
 
Error: (10/14/2013 08:20:47 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index metadata cannot be read.   (0xc0041801)
 
Error: (10/14/2013 08:20:47 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
0x%08x (0xc0041800 - The content index cannot be read.  )
 
Error: (10/14/2013 08:20:47 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index.
 
 
Details:
The content index metadata cannot be read.   (0xc0041801)
 
Error: (10/14/2013 08:20:47 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.
 
 
Details:
The content index cannot be read.   (0xc0041800)
 
Error: (10/14/2013 08:20:47 PM) (Source: ESENT) (User: )
Description: Windows (3396) Windows: Database recovery/restore failed with unexpected error -543.
 
Error: (10/14/2013 08:20:34 PM) (Source: ESENT) (User: )
Description: Windows (3396) Windows: Database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb requires logfiles 14820-14823 in order to recover successfully. Recovery could only locate logfiles up to 14819.
 
Error: (10/14/2013 06:42:49 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
 
System errors:
=============
Error: (10/15/2013 00:39:36 PM) (Source: ipnathlp) (User: )
Description: The DHCP allocator has disabled itself on IP address 169.254.204.34, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
 
Error: (10/15/2013 00:37:36 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:34:54 PM on 10/15/2013 was unexpected.
 
Error: (10/15/2013 00:16:48 PM) (Source: ipnathlp) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.
 
Error: (10/15/2013 00:14:41 PM) (Source: ipnathlp) (User: )
Description: The DHCP allocator has disabled itself on IP address 169.254.204.34, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
 
Error: (10/15/2013 00:09:33 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:59:33 AM on 10/15/2013 was unexpected.
 
Error: (10/15/2013 00:09:01 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.
 
Error: (10/15/2013 00:08:57 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.
 
Error: (10/15/2013 00:08:54 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
 
Error: (10/15/2013 00:07:24 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (10/15/2013 11:54:06 AM) (Source: ipnathlp) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-10-15 12:57:31.845
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 12:57:31.104
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 12:57:30.356
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 12:57:29.565
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 12:57:28.820
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 12:57:28.044
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 12:57:27.279
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 12:57:26.488
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-13 20:18:55.202
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-13 20:18:54.553
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 66%
Total physical RAM: 2037.69 MB
Available physical RAM: 691.52 MB
Total Pagefile: 4978.93 MB
Available Pagefile: 3396.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.34 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:139.02 GB) (Free:71.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.03 GB) (Free:4.46 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 02FF13A2)
Partition 1: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=139 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Next to create the AutoRuns log.
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

STEP 1
Please uninstall ALL versions of JAVA from your Control Panel, Add/Remove

STEP 2
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.
  • Restart the computer.

STEP 3
Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • right click over TFC.EXE and choose "Run as administrator" and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

 

STEP 4
Please run a Full Disk Check on your system drive.  If needed here are some links on how to run a Disk Check.

How to Run Check Disk at Startup in Vista or Windows 7

How to Read the Event Viewer Log for Check Disk (chkdsk) in Vista, Windows 7, and Windows 8


STEP 5
Please run the following fixit from Microsoft.
Fix Windows Desktop Search when it crashes or not showing results

STEP 6
Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

 

fixlist.txt

Link to post
Share on other sites
ralphyde

ralphyde

Posted
  • Author
Posted

Steps 1 and 2   Java Removal

 

JavaRa 1.16 Removal Log.
 
Report follows after line.
 
------------------------------------
 
The JavaRa removal process was started on Tue Oct 15 23:54:24 2013
 
Found and removed: C:\Users\Ralph\AppData\LocalLow\Sun\Java\jre1.6.0_13
 
Found and removed: C:\Users\Ralph\AppData\LocalLow\Sun\Java\jre1.6.0_15
 
Found and removed: C:\Users\Ralph\AppData\LocalLow\Sun\Java\jre1.6.0_16
 
Found and removed: C:\Users\Ralph\AppData\LocalLow\Sun\Java\jre1.6.0_17
 
Found and removed: C:\Users\Ralph\AppData\LocalLow\Sun\Java\jre1.6.0_20
 
Found and removed: C:\Users\Ralph\AppData\LocalLow\Sun\Java\jre1.6.0_21
 
Found and removed: C:\Users\Ralph\AppData\LocalLow\Sun\Java\jre1.6.0_22
 
Found and removed: C:\Users\Ralph\AppData\LocalLow\Sun\Java\jre1.6.0_23
 
Found and removed: C:\Users\Ralph\AppData\LocalLow\Sun\Java\jre1.6.0_24
 
Found and removed: C:\Users\Ralph\AppData\LocalLow\Sun\Java\jre1.6.0_26
 
Found and removed: C:\Users\Ralph\AppData\LocalLow\Sun\Java\jre1.6.0_29
 
Found and removed: C:\Users\Ralph\AppData\LocalLow\Sun\Java\jre1.6.0_31
 
Found and removed: C:\Users\Ralph\AppData\LocalLow\Sun\Java\jre1.7.0_05
 
Found and removed: C:\Users\Ralph\AppData\LocalLow\Sun\Java\jre1.7.0_09
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.
 
Found and removed: JavaPlugin.FamilyVersionSupport
 
Found and removed: Software\Classes\JavaPlugin.160_01
 
Found and removed: SOFTWARE\Classes\JavaPlugin
 
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.6.0.0
 
Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
 
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B02
 
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B03
 
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B04
 
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B06
 
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B02
 
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B03
 
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B04
 
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B06
 
Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
 
Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
 
Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}
 
Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit
 
Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}
 
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
 
Found and removed: SOFTWARE\JavaSoft
 
Found and removed: SOFTWARE\JreMetrics
 
Found and removed: SOFTWARE\MozillaPlugins
Link to post
Share on other sites
ralphyde

ralphyde

Posted
  • Author
Posted

Completed Steps 2 and 3.   Old Javas removed and Temp files cleaned up.

 

Regarding Step 4, I've had many Chkdsk runs recently, the most recent on Oct 14, and as I said,

they all involve the indexes for wmplayer.exe and Taskmgr.exe, which get repaired each time along

with various others.

 

So, question?  Do you want me to run a new Chkdsk? or just show the several recent ones?

I see that the event log information is more complete than what I was able to see as they were

happening.

 

I've got to leave in a few minutes, so won't have time right now.

 

My computer is seeming more stable today than in recent days.  But we'll see, as I had to do a

startup repair (successful) on starting up today, after a clean shutdown last night.

 

Thanks for sticking with me.

Link to post
Share on other sites
ralphyde

ralphyde

Posted
  • Author
Posted

Step 4:

 

Here's the output from the Event Log from the latest Chkdsk run on 10/14/2013:

 

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          10/14/2013 8:17:30 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Ralph-PC
Description:
 
 
Checking file system on C:
The type of the file system is NTFS.
 
One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                         
  318912 file records processed.                                  
 
  1522 large file records processed.                            
 
  0 bad file records processed.                              
 
  0 EA records processed.                                    
 
  68 reparse records processed.                               
 
Unable to locate the file name attribute of index entry wmplayer.exe
of index $I30 with parent 0xcb in file 0x3688f.
Deleting index entry wmplayer.exe in index $I30 of file 203.
Unable to locate the file name attribute of index entry inetpp.dll
of index $I30 with parent 0x5b3 in file 0x30fc9.
Deleting index entry inetpp.dll in index $I30 of file 1459.
Unable to locate the file name attribute of index entry taskeng.exe
of index $I30 with parent 0x5b3 in file 0x36e5b.
Deleting index entry taskeng.exe in index $I30 of file 1459.
Unable to locate the file name attribute of index entry taskmgr.exe
of index $I30 with parent 0x5b3 in file 0x200cc.
Deleting index entry taskmgr.exe in index $I30 of file 1459.
Unable to locate the file name attribute of index entry wer.dll
of index $I30 with parent 0x5b3 in file 0x30de1.
Deleting index entry wer.dll in index $I30 of file 1459.
  391012 index entries processed.                                 
 
CHKDSK is recovering lost files.
Recovering orphaned file taskmgr.exe (131276) into directory file 1459.
Recovering orphaned file MSS039CF.log (157781) into directory file 11512.
Recovering orphaned file wer.dll (200161) into directory file 1459.
Recovering orphaned file inetpp.dll (200649) into directory file 1459.
Recovering orphaned file wmplayer.exe (223375) into directory file 203.
  6 unindexed files processed.                               
 
Recovering orphaned file taskeng.exe (224859) into directory file 1459.
  318912 security descriptors processed.                          
 
Cleaning up 197 unused index entries from index $SII of file 0x9.
Cleaning up 197 unused index entries from index $SDH of file 0x9.
Cleaning up 197 unused security descriptors.
  36051 data files processed.                                    
 
CHKDSK is verifying Usn Journal...
  34009176 USN bytes processed.                                     
 
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
 
 145773809 KB total disk space.
  70600140 KB in 263367 files.
    145892 KB in 36052 indexes.
        60 KB in bad sectors.
    436765 KB in use by the system.
     65536 KB occupied by the log file.
  74590952 KB available on disk.
 
      4096 bytes in each allocation unit.
  36443452 total allocation units on disk.
  18647738 allocation units available on disk.
 
Internal Info:
c0 dd 04 00 a7 91 04 00 af d8 07 00 00 00 00 00  ................
ea 7c 00 00 44 00 00 00 00 00 00 00 00 00 00 00  .|..D...........
48 01 2d 00 48 01 2d 00 02 00 00 02 58 7a 2e 00  H.-.H.-.....Xz..
 
Windows has finished checking your disk.
Please wait while your computer restarts.
 
 
Checking file system on C:
The type of the file system is NTFS.
 
One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                         
  318912 file records processed.                                  
 
  1524 large file records processed.                            
 
  0 bad file records processed.                              
 
  0 EA records processed.                                    
 
  68 reparse records processed.                               
 
Unable to locate the file name attribute of index entry wmplayer.exe
of index $I30 with parent 0xcb in file 0x3688f.
Deleting index entry wmplayer.exe in index $I30 of file 203.
Unable to locate the file name attribute of index entry inetpp.dll
of index $I30 with parent 0x5b3 in file 0x30fc9.
Deleting index entry inetpp.dll in index $I30 of file 1459.
Unable to locate the file name attribute of index entry taskeng.exe
of index $I30 with parent 0x5b3 in file 0x36e5b.
Deleting index entry taskeng.exe in index $I30 of file 1459.
Unable to locate the file name attribute of index entry taskmgr.exe
of index $I30 with parent 0x5b3 in file 0x200cc.
Deleting index entry taskmgr.exe in index $I30 of file 1459.
Unable to locate the file name attribute of index entry wer.dll
of index $I30 with parent 0x5b3 in file 0x30de1.
Deleting index entry wer.dll in index $I30 of file 1459.
Unable to locate the file name attribute of index entry SECURITY
of index $I30 with parent 0x5c8 in file 0x1a4.
Deleting index entry SECURITY in index $I30 of file 1480.
Unable to locate the file name attribute of index entry MSS.log
of index $I30 with parent 0x2cf8 in file 0x2c56.
Deleting index entry MSS.log in index $I30 of file 11512.
Unable to locate the file name attribute of index entry MSS039E3.log
of index $I30 with parent 0x2cf8 in file 0x10f86.
Deleting index entry MSS039E3.log in index $I30 of file 11512.
Unable to locate the file name attribute of index entry MSS039E4.log
of index $I30 with parent 0x2cf8 in file 0x109e3.
Deleting index entry MSS039E4.log in index $I30 of file 11512.
Index entry MSStmp.log of index $I30 in file 0x2cf8 points to unused file 0x9c6c.
Deleting index entry MSStmp.log in index $I30 of file 11512.
Index entry SystemIndex.Ntfy78.gthr of index $I30 in file 0x3a03 points to unused file 0x9dca.
Deleting index entry SystemIndex.Ntfy78.gthr in index $I30 of file 14851.
Index entry SYSTEM~2.GT~ of index $I30 in file 0x3a03 points to unused file 0x9dca.
Deleting index entry SYSTEM~2.GT~ in index $I30 of file 14851.
The file reference 0x4c000000009715 of index entry tmp.edb of index $I30
with parent 0x8d9e is not the same as 0x49000000009715.
Deleting index entry tmp.edb in index $I30 of file 36254.
  391014 index entries processed.                                 
 
CHKDSK is recovering lost files.
Recovering orphaned file MSS039E5.log (11350) into directory file 11512.
Recovering orphaned file TMP000~2 (38677) into directory file 30146.
Recovering orphaned file TMP00000012E015BD0DB4A6549B (38677) into directory file 30146.
Recovering orphaned file tmp.edb (66676) into directory file 36254.
Recovering orphaned file MSS039E1.log (67333) into directory file 11512.
Recovering orphaned file MSS039DF.log (68067) into directory file 11512.
Recovering orphaned file MSS039E2.log (69321) into directory file 11512.
Recovering orphaned file MSS.log (69510) into directory file 11512.
Recovering orphaned file taskmgr.exe (131276) into directory file 1459.
Recovering orphaned file wer.dll (200161) into directory file 1459.
Recovering orphaned file inetpp.dll (200649) into directory file 1459.
Recovering orphaned file wmplayer.exe (223375) into directory file 203.
  13 unindexed files processed.                               
 
Recovering orphaned file taskeng.exe (224859) into directory file 1459.
  318912 security descriptors processed.                          
 
Cleaning up 8 unused index entries from index $SII of file 0x9.
Cleaning up 8 unused index entries from index $SDH of file 0x9.
Cleaning up 8 unused security descriptors.
  36052 data files processed.                                    
 
CHKDSK is verifying Usn Journal...
The remaining of an USN page at offset 0xa71e9fc78 in file 0x8d70
should be filled with zeros.
The USN Journal entry at offset 0xa71ea0000 and length 0x9c452ba4 crosses
the page boundary.
The USN Journal entry at offset 0xa71ea1000 and length 0xa8b6 crosses
the page boundary.
The USN Journal entry at offset 0xa71ea2000 and length 0x8b01087d crosses
the page boundary.
Repairing Usn Journal file record segment.
  35083048 USN bytes processed.                                     
 
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
 
 145773809 KB total disk space.
  70573116 KB in 263098 files.
    145836 KB in 36054 indexes.
        60 KB in bad sectors.
    437793 KB in use by the system.
     65536 KB occupied by the log file.
  74617004 KB available on disk.
 
      4096 bytes in each allocation unit.
  36443452 total allocation units on disk.
  18654251 allocation units available on disk.
 
Internal Info:
c0 dd 04 00 9b 90 04 00 b3 d7 07 00 00 00 00 00  ................
ea 7c 00 00 44 00 00 00 00 00 00 00 00 00 00 00  .|..D...........
48 01 2f 00 48 01 2f 00 02 00 00 02 58 7a 30 00  H./.H./.....Xz0.
 
Windows has finished checking your disk.
Please wait while your computer restarts.
 
Event Xml:
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-10-15T03:17:30.000Z" />
    <EventRecordID>141231</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Ralph-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
 
Checking file system on C:
The type of the file system is NTFS.
 
One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                         
  318912 file records processed.                                  
 
  1522 large file records processed.                            
 
  0 bad file records processed.                              
 
  0 EA records processed.                                    
 
  68 reparse records processed.                               
 
Unable to locate the file name attribute of index entry wmplayer.exe
of index $I30 with parent 0xcb in file 0x3688f.
Deleting index entry wmplayer.exe in index $I30 of file 203.
Unable to locate the file name attribute of index entry inetpp.dll
of index $I30 with parent 0x5b3 in file 0x30fc9.
Deleting index entry inetpp.dll in index $I30 of file 1459.
Unable to locate the file name attribute of index entry taskeng.exe
of index $I30 with parent 0x5b3 in file 0x36e5b.
Deleting index entry taskeng.exe in index $I30 of file 1459.
Unable to locate the file name attribute of index entry taskmgr.exe
of index $I30 with parent 0x5b3 in file 0x200cc.
Deleting index entry taskmgr.exe in index $I30 of file 1459.
Unable to locate the file name attribute of index entry wer.dll
of index $I30 with parent 0x5b3 in file 0x30de1.
Deleting index entry wer.dll in index $I30 of file 1459.
  391012 index entries processed.                                 
 
CHKDSK is recovering lost files.
Recovering orphaned file taskmgr.exe (131276) into directory file 1459.
Recovering orphaned file MSS039CF.log (157781) into directory file 11512.
Recovering orphaned file wer.dll (200161) into directory file 1459.
Recovering orphaned file inetpp.dll (200649) into directory file 1459.
Recovering orphaned file wmplayer.exe (223375) into directory file 203.
  6 unindexed files processed.                               
 
Recovering orphaned file taskeng.exe (224859) into directory file 1459.
  318912 security descriptors processed.                          
 
Cleaning up 197 unused index entries from index $SII of file 0x9.
Cleaning up 197 unused index entries from index $SDH of file 0x9.
Cleaning up 197 unused security descriptors.
  36051 data files processed.                                    
 
CHKDSK is verifying Usn Journal...
  34009176 USN bytes processed.                                     
 
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
 
 145773809 KB total disk space.
  70600140 KB in 263367 files.
    145892 KB in 36052 indexes.
        60 KB in bad sectors.
    436765 KB in use by the system.
     65536 KB occupied by the log file.
  74590952 KB available on disk.
 
      4096 bytes in each allocation unit.
  36443452 total allocation units on disk.
  18647738 allocation units available on disk.
 
Internal Info:
c0 dd 04 00 a7 91 04 00 af d8 07 00 00 00 00 00  ................
ea 7c 00 00 44 00 00 00 00 00 00 00 00 00 00 00  .|..D...........
48 01 2d 00 48 01 2d 00 02 00 00 02 58 7a 2e 00  H.-.H.-.....Xz..
 
Windows has finished checking your disk.
Please wait while your computer restarts.
 
 
Checking file system on C:
The type of the file system is NTFS.
 
One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                         
  318912 file records processed.                                  
 
  1524 large file records processed.                            
 
  0 bad file records processed.                              
 
  0 EA records processed.                                    
 
  68 reparse records processed.                               
 
Unable to locate the file name attribute of index entry wmplayer.exe
of index $I30 with parent 0xcb in file 0x3688f.
Deleting index entry wmplayer.exe in index $I30 of file 203.
Unable to locate the file name attribute of index entry inetpp.dll
of index $I30 with parent 0x5b3 in file 0x30fc9.
Deleting index entry inetpp.dll in index $I30 of file 1459.
Unable to locate the file name attribute of index entry taskeng.exe
of index $I30 with parent 0x5b3 in file 0x36e5b.
Deleting index entry taskeng.exe in index $I30 of file 1459.
Unable to locate the file name attribute of index entry taskmgr.exe
of index $I30 with parent 0x5b3 in file 0x200cc.
Deleting index entry taskmgr.exe in index $I30 of file 1459.
Unable to locate the file name attribute of index entry wer.dll
of index $I30 with parent 0x5b3 in file 0x30de1.
Deleting index entry wer.dll in index $I30 of file 1459.
Unable to locate the file name attribute of index entry SECURITY
of index $I30 with parent 0x5c8 in file 0x1a4.
Deleting index entry SECURITY in index $I30 of file 1480.
Unable to locate the file name attribute of index entry MSS.log
of index $I30 with parent 0x2cf8 in file 0x2c56.
Deleting index entry MSS.log in index $I30 of file 11512.
Unable to locate the file name attribute of index entry MSS039E3.log
of index $I30 with parent 0x2cf8 in file 0x10f86.
Deleting index entry MSS039E3.log in index $I30 of file 11512.
Unable to locate the file name attribute of index entry MSS039E4.log
of index $I30 with parent 0x2cf8 in file 0x109e3.
Deleting index entry MSS039E4.log in index $I30 of file 11512.
Index entry MSStmp.log of index $I30 in file 0x2cf8 points to unused file 0x9c6c.
Deleting index entry MSStmp.log in index $I30 of file 11512.
Index entry SystemIndex.Ntfy78.gthr of index $I30 in file 0x3a03 points to unused file 0x9dca.
Deleting index entry SystemIndex.Ntfy78.gthr in index $I30 of file 14851.
Index entry SYSTEM~2.GT~ of index $I30 in file 0x3a03 points to unused file 0x9dca.
Deleting index entry SYSTEM~2.GT~ in index $I30 of file 14851.
The file reference 0x4c000000009715 of index entry tmp.edb of index $I30
with parent 0x8d9e is not the same as 0x49000000009715.
Deleting index entry tmp.edb in index $I30 of file 36254.
  391014 index entries processed.                                 
 
CHKDSK is recovering lost files.
Recovering orphaned file MSS039E5.log (11350) into directory file 11512.
Recovering orphaned file TMP000~2 (38677) into directory file 30146.
Recovering orphaned file TMP00000012E015BD0DB4A6549B (38677) into directory file 30146.
Recovering orphaned file tmp.edb (66676) into directory file 36254.
Recovering orphaned file MSS039E1.log (67333) into directory file 11512.
Recovering orphaned file MSS039DF.log (68067) into directory file 11512.
Recovering orphaned file MSS039E2.log (69321) into directory file 11512.
Recovering orphaned file MSS.log (69510) into directory file 11512.
Recovering orphaned file taskmgr.exe (131276) into directory file 1459.
Recovering orphaned file wer.dll (200161) into directory file 1459.
Recovering orphaned file inetpp.dll (200649) into directory file 1459.
Recovering orphaned file wmplayer.exe (223375) into directory file 203.
  13 unindexed files processed.                               
 
Recovering orphaned file taskeng.exe (224859) into directory file 1459.
  318912 security descriptors processed.                          
 
Cleaning up 8 unused index entries from index $SII of file 0x9.
Cleaning up 8 unused index entries from index $SDH of file 0x9.
Cleaning up 8 unused security descriptors.
  36052 data files processed.                                    
 
CHKDSK is verifying Usn Journal...
The remaining of an USN page at offset 0xa71e9fc78 in file 0x8d70
should be filled with zeros.
The USN Journal entry at offset 0xa71ea0000 and length 0x9c452ba4 crosses
the page boundary.
The USN Journal entry at offset 0xa71ea1000 and length 0xa8b6 crosses
the page boundary.
The USN Journal entry at offset 0xa71ea2000 and length 0x8b01087d crosses
the page boundary.
Repairing Usn Journal file record segment.
  35083048 USN bytes processed.                                     
 
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
 
 145773809 KB total disk space.
  70573116 KB in 263098 files.
    145836 KB in 36054 indexes.
        60 KB in bad sectors.
    437793 KB in use by the system.
     65536 KB occupied by the log file.
  74617004 KB available on disk.
 
      4096 bytes in each allocation unit.
  36443452 total allocation units on disk.
  18654251 allocation units available on disk.
 
Internal Info:
c0 dd 04 00 9b 90 04 00 b3 d7 07 00 00 00 00 00  ................
ea 7c 00 00 44 00 00 00 00 00 00 00 00 00 00 00  .|..D...........
48 01 2f 00 48 01 2f 00 02 00 00 02 58 7a 30 00  H./.H./.....Xz0.
 
Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>
Link to post
Share on other sites
ralphyde

ralphyde

Posted
  • Author
Posted

Step 5:

 

Ran 

 

Results:

 

Windows Search Troubleshooter Publisher details
Issues found Fixed
Reset Windows Search
Succeeded
Issues checked Checked
Checked
Issues found Detection details
6
Windows Search does not show any results Fixed
Windows Search does not show any results. Additioanlly, an event ID 7040 is logged in the Windows event log, or Windows Search service is not running.
 
Issues checked Detection details
6
Windows Search is crashing or failing Checked
Windows Search crashes or fails after it has started. Additionally, an event ID 7042, 100, or 1000 is logged in the Windows event log, or the Windows Search service is not running.
 
6
Windows Search does not start and gives an error message Checked
Windows Search does not show any search results and there is an error message on startup. An Event ID 1006 or 3024 is logged in the Windows event log, or Windows Search service is not running.
 
Detection details
Publisher details
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.