Jump to content

IE won't allow anything (incl. Malwarebytes) to download saying it has a virus


Recommended Posts

Hello,

 

A coworker of mine got a virus on his computer and his IE is saying anything he downloads has a virus and was deleted.  I knew something was up when I tried to download firefox and malwarebytes on his computer and it wouldn't let me.  It also prompted ads and videos which slowed his internet down.  When I went to malwarebytes it wouldn't allow me to enter the hijackthis log.  I did an eset scan and here are the results:

 

C:\Users\All Users\5E2B77091982DABF00005E2B18E3E09F\5E2B77091982DABF00005E2B18E3E09F.exe    a variant of Win32/Kryptik.BIBR trojan    
C:\Users\All Users\Microsoft\Windows\DRM\5CC6.tmp    a variant of Win64/Kryptik.FA trojan    
C:\Users\All Users\Microsoft\Windows\DRM\5CC6.tmp.dat    Win32/Olmarik.AYY trojan    
C:\Users\All Users\Microsoft\Windows\DRM\5CE6.tmp    a variant of Win64/Kryptik.FA trojan    
C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll    a variant of Win32/Adware.Yontoo.B application    
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll    a variant of Win32/Adware.Yontoo.B application    
C:\Program Files (x86)\Yontoo\YontooIEClient.dll    a variant of Win32/Adware.Yontoo.A application    cleaned by deleting (after the next restart) - quarantined
C:\ProgramData\5E2B77091982DABF00005E2B18E3E09F\5E2B77091982DABF00005E2B18E3E09F.exe    a variant of Win32/Kryptik.BIBR trojan    cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\5CC6.tmp    a variant of Win64/Kryptik.FA trojan    cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\5CC6.tmp.dat    Win32/Olmarik.AYY trojan    cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\5CE6.tmp    a variant of Win64/Kryptik.FA trojan    cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll    a variant of Win32/Adware.Yontoo.B application    cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll    a variant of Win32/Adware.Yontoo.B application    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Local\Strongvault\StrongVaultApp.exe    a variant of MSIL/Adware.StrongVault.A application    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Local\Temp\8BCA.tmp    a variant of Win32/Kryptik.BNEY trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Local\Temp\8E0B.tmp    a variant of Win32/Kryptik.BNEY trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Local\Temp\90F8.tmp    a variant of Win32/Kryptik.BNEY trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Local\Temp\91D4.tmp    a variant of Win32/Kryptik.BNEY trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Local\Temp\9221.tmp    a variant of Win32/Kryptik.BNEY trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Local\Temp\9685.tmp    a variant of Win32/Kryptik.BNEY trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Local\Temp\A3FB.tmp    a variant of Win32/Kryptik.BNCR trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Local\Temp\A66B.tmp    a variant of Win32/Kryptik.BNCR trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Local\Temp\A736.tmp    a variant of Win32/Kryptik.BNCR trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Local\Temp\AA05.tmp    a variant of Win32/Kryptik.BNCR trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Local\Temp\ABD9.tmp    a variant of Win32/Kryptik.BNCR trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Local\Temp\DBD6.exe    Win32/Agent.PQF trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Local\Temp\fix.exe    a variant of Win32/Kryptik.BHLR trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Local\Temp\Java_Update_857ca846.exe    a variant of Win32/Injector.ATMD trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Local\Temp\msimg32.dll    a variant of Win32/Kryptik.BLBD trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Local\Temp\~tmf102779369704409386.tmp    a variant of Win32/Kryptik.BNEY trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Local\Temp\~tmf2163839119212247272.tmp    a variant of Win32/Kryptik.BNEY trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Local\Temp\~tmf3388435809903168329.tmp    a variant of Win32/TrojanProxy.Agent.NSQ trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Local\Temp\~tmf5096122635182808089.tmp    a variant of Win32/TrojanProxy.Agent.NSQ trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Local\Temp\~tmf5858020332921630495.tmp    a variant of Win32/Kryptik.BNCR trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Local\Temp\is202948896\yontoo-c4.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\Sample\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\18d6be0e-6c2c02d3    Java/Exploit.Agent.PQY trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\40842cf-40f795c0    a variant of Win32/Kryptik.BONA trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\1f695dd4-33986dc3    a variant of Win32/Kryptik.BONA trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\64753d59-5a0043d0    Java/Exploit.Agent.PMU trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\469ec160-4dbde8a9    a variant of Win32/Kryptik.BHQF trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\497a8c79-22acc7eb    Java/Exploit.Agent.PTZ trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\192f7d7b-23b31263    Java/Exploit.Agent.PMU trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Roaming\8E88.tmp    a variant of Win32/Kryptik.BNEY trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Roaming\9175.tmp    a variant of Win32/Kryptik.BNEY trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Roaming\928E.tmp    a variant of Win32/Kryptik.BNEY trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Roaming\A6D9.tmp    a variant of Win32/Kryptik.BNCR trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Roaming\A794.tmp    a variant of Win32/Kryptik.BNCR trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Roaming\Abxerev\oviswu.exe    a variant of Win32/Kryptik.BONX trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Roaming\Aruhmizu\uhzafu.exe    a variant of Win32/Kryptik.BONX trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Roaming\Asmila\uwriepz.exe    a variant of Win32/Kryptik.BONX trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Roaming\Azydca\ofmyih.exe    a variant of Win32/Kryptik.BONX trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Roaming\Ekgynyi\ropiyp.exe    a variant of Win32/Kryptik.BONX trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Roaming\Enzyuhif\aryvam.exe    a variant of Win32/Kryptik.BONX trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Roaming\Kigauhm\oknamui.exe    a variant of Win32/Kryptik.BONX trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Roaming\Nuzuebb\cooxly.exe    a variant of Win32/Kryptik.BONX trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Roaming\Oxlaetib\mavau.exe    a variant of Win32/Kryptik.BONX trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Roaming\Pubedu\nukaboi.exe    a variant of Win32/Kryptik.BONX trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Roaming\Qeryokgi\wiasum.exe    a variant of Win32/Kryptik.BONX trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Roaming\Qogadeu\yxocd.exe    a variant of Win32/Kryptik.BONX trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Roaming\Sakeroxe\evozci.exe    a variant of Win32/Kryptik.BONX trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Roaming\Temp\WINE5BE.exe    a variant of Win32/Injector.AOPM trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Roaming\Tobaoza\ipacl.exe    a variant of Win32/Kryptik.BONX trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Roaming\Uwirpiy\yrikmyo.exe    a variant of Win32/Kryptik.BONX trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Roaming\Yfcievha\ywaze.exe    a variant of Win32/Kryptik.BONX trojan    cleaned by deleting - quarantined
C:\Users\Sample\AppData\Roaming\Ysxawaef\uwavopg.exe    a variant of Win32/Kryptik.BONX trojan    cleaned by deleting - quarantined
C:\Users\Sample\Downloads\Google_Earth_Setup.exe    a variant of Win32/Adware.iBryte.D application    cleaned by deleting - quarantined
Operating memory    multiple threats    contained infected files
 

60+ viruses...we deleted the viruses but they're still there.  Also to note, I tried to load malwarebytes on his computer from a disk but it wouldn't let me scan.  Any ideas?  Thanks.

Link to post
Share on other sites
  • Replies 99
  • Created
  • Last Reply

Top Posters In This Topic

Hello! Welcome to Malwarebytes Forums! welcome.gif
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Note: If you are not able to download FRST please use a clean pc and transfer the file to the affected computer via USB flash drive.

Note2: It's a good idea to disable the Autorun function on both computers (see here how) and also to immunize the USB flash drive with USBFix (download & run the tool and click on the Vaccination button) before you proceed with file transfer to prevent malware infections from spreading automatically through these devices.

 

 

Regards,

Georgi

Link to post
Share on other sites

Hello,

Sorry for not responding but I won't be at work until Monday morning. When I get in ill install the program on my coworker's computer. I probably won't be able to install it on his computer directly so I'll have to do it from a flash drive. Thanks for responding and ill let you know Monday.

Link to post
Share on other sites

Ok here's the FRST.txt first:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01
Ran by Sample (administrator) on SAMPLE-PC on 02-06-2014 11:29:25
Running from E:\
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(PCRx.com, LLC) C:\Program Files (x86)\24x7Help\App24x7Svc.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\FilmFanatic\bar\1.bin\pabarsvc.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\29barsvc.exe
() C:\Program Files\IB Updater\ExtensionUpdaterService.exe
() C:\Windows\System32\dmwu.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57barsvc.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe
() C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49barsvc.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebarsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
() C:\Windows\SysWOW64\jmdp\stij.exe
(Exent Technologies Ltd.) C:\Program Files (x86)\FantastiGames\GPlayer.exe
(Stronghold LLC) C:\Program Files (x86)\Strongvault Online Backup\ClientMessenger.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\ib\olycamdetect.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\FilmFanatic\bar\1.bin\pabrmon.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\29brmon.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57brmon.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49brmon.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebrmon.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Stronghold Online Backup) C:\Users\Sample\AppData\Local\Strongvault Online Backup\SMessaging.exe
(Crawler, LLC) C:\Program Files (x86)\24x7Help\App24x7Help.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2011-05-21] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1119392 2011-05-21] (Trend Micro Inc.)
HKLM\...\Run: [EKAIO2StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe [3240448 2011-12-10] (Eastman Kodak Company)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [Olympus ib] => C:\Program Files (x86)\Olympus\ib\olycamdetect.exe [96128 2012-02-02] (OLYMPUS IMAGING CORP.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe [223104 2011-08-30] (CyberLink Corp.)
HKLM-x32\...\Run: [TelevisionFanatic Search Scope Monitor] => C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrchMn.exe [42536 2012-04-10] (MindSpark)
HKLM-x32\...\Run: [TelevisionFanatic Browser Plugin Loader] => C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe [30096 2012-04-10] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [FilmFanatic Search Scope Monitor] => C:\Program Files (x86)\FilmFanatic\bar\1.bin\paSrchMn.exe [42536 2012-07-02] (MindSpark)
HKLM-x32\...\Run: [FilmFanatic Browser Plugin Loader] => C:\Program Files (x86)\FilmFanatic\bar\1.bin\pabrmon.exe [30096 2012-07-02] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [HeadlineAlley Search Scope Monitor] => C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\29SrchMn.exe [42536 2012-07-03] (MindSpark)
HKLM-x32\...\Run: [HeadlineAlley_29 Browser Plugin Loader] => C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\29brmon.exe [30096 2012-07-03] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [Marine Aquarium Lite Search Scope Monitor] => C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57SrchMn.exe [42536 2012-07-09] (MindSpark)
HKLM-x32\...\Run: [MarineAquarium3Free_57 Browser Plugin Loader] => C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57brmon.exe [30096 2012-07-09] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [utility Chest Search Scope Monitor] => C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrchMn.exe [42536 2012-08-15] (MindSpark)
HKLM-x32\...\Run: [utilityChest_49 Browser Plugin Loader] => C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49brmon.exe [30096 2012-08-15] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1561768 2012-05-04] (Ask)
HKLM-x32\...\Run: [VideoScavenger Search Scope Monitor] => C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eSrchMn.exe [42536 2012-08-28] (MindSpark)
HKLM-x32\...\Run: [VideoScavenger_1e Browser Plugin Loader] => C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebrmon.exe [30096 2012-08-28] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [MapsGalaxy Search Scope Monitor] => C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrchMn.exe [42536 2012-09-04] (MindSpark)
HKLM-x32\...\Run: [MapsGalaxy_39 Browser Plugin Loader] => C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe [30096 2012-09-04] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [24x7HELP] => C:\Program Files (x86)\24x7Help\App24x7Help.exe [1773648 2013-03-12] (Crawler, LLC)
HKLM-x32\...\Run: [sMessaging] => C:\Users\Sample\AppData\Local\Strongvault Online Backup\SMessaging.exe [31664 2012-04-04] (Stronghold Online Backup)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1483912 2013-02-15] (APN)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [Exetender] => C:\Program Files (x86)\FantastiGames\GPlayer.exe [4932056 2012-11-28] (Exent Technologies Ltd.)
HKU\S-1-5-19\...\Run: [Exetender] => C:\Program Files (x86)\FantastiGames\GPlayer.exe [4932056 2012-11-28] (Exent Technologies Ltd.)
HKU\S-1-5-20\...\Run: [Exetender] => C:\Program Files (x86)\FantastiGames\GPlayer.exe [4932056 2012-11-28] (Exent Technologies Ltd.)
HKU\S-1-5-21-1455662546-804498140-2904831263-1000\...\Run: [ddodated] => rundll32 "C:\ProgramData\convures64.dll",CreateProcessNotify
HKU\S-1-5-21-1455662546-804498140-2904831263-1000\...\Run: [Exetender] => C:\Program Files (x86)\FantastiGames\GPlayer.exe [4932056 2012-11-28] (Exent Technologies Ltd.)
HKU\S-1-5-21-1455662546-804498140-2904831263-1000\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
HKU\S-1-5-21-1455662546-804498140-2904831263-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-1455662546-804498140-2904831263-1000\...\Run: [Messenger] => C:\Program Files (x86)\Strongvault Online Backup\ClientMessenger.exe [209192 2013-01-15] (Stronghold LLC)
HKU\S-1-5-21-1455662546-804498140-2904831263-1000\...\Run: [Google Update*] => [X] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKU\S-1-5-21-1455662546-804498140-2904831263-1000\...\Run: [backgroundContainerV2] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Sample\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
HKU\S-1-5-21-1455662546-804498140-2904831263-1000\...\MountPoints2: {b43858aa-ad29-11e2-99df-d067e5281020} - G:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll => C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll File Not Found
AppInit_DLLs:  C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll => C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll [1528760 2012-07-25] (Bandoo Media, inc)
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll => "C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll" File Not Found
AppInit_DLLs-x32:  C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll => C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll [1185208 2012-07-25] (Bandoo Media, inc)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe.lnk
ShortcutTarget: StrongVaultApp.exe.lnk -> C:\Users\Sample\AppData\Local\Strongvault\StrongVaultApp.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=APN10484&gct=hp&apn_ptnrs=^ALL&apn_dtid=^YYYYYY^YY^US&p2=^ALL^YYYYYY^YY^US&tpid=FAS-V6&apn_dbr=ie_9.0.8112.16464
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
URLSearchHook: HKLM-x32 - Produtools Manuals 2.1 Toolbar - {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - C:\Users\Sample\AppData\LocalLow\Produtools_Manuals_2.1\prxtbPro1.dll (ClientConnect Ltd.)
URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
URLSearchHook: HKCU - (No Name) - {7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrcAs.dll (MindSpark)
URLSearchHook: HKCU - (No Name) - {327f75ed-061b-4339-8cc6-5dd45ad1396d} - C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57SrcAs.dll (MindSpark)
URLSearchHook: HKCU - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (MindSpark)
URLSearchHook: HKCU - (No Name) - {57dc49cc-5a9f-446c-bcf8-65c52b7060a6} - C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eSrcAs.dll (MindSpark)
URLSearchHook: HKCU - (No Name) - {08f9937e-0a4f-48cf-94e7-827223daec1d} - C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\29SrcAs.dll (MindSpark)
URLSearchHook: HKCU - (No Name) - {796b75f6-6187-47e2-8f1f-c16e059e6e19} - C:\Program Files (x86)\FilmFanatic\bar\1.bin\paSrcAs.dll (MindSpark)
URLSearchHook: HKCU - (No Name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark)
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm003^S00828^us&si=CJKU-Kvzqq8CFe4DQAod8g0fXQ&ptb=33AC2DCF-365E-427A-8888-A6AC13490592&psa=&ind=2012041014&st=sb&n=77ed4f36&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {68FED835-C52D-4A2A-B925-C8A1916C4F67} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3209604
SearchScopes: HKCU - {14511195-910F-4B23-956D-510AF2A2CF5B} URL = http://asksearch.ask.com/redirect?client=ie&src=kw&tb=FAS-V6&itbv=11.7.1.1160&o=APN10484&locale=en_US&apn_uid=0D3A4198-925C-4963-8648-F4D0B1192BF7&apn_ptnrs=^ALL&apn_dtid=^YYYYYY^YY^US&apn_dbr=ie_9.0.8112.16464&doi=2013-03-06&q={searchTerms}&
SearchScopes: HKCU - {23785786-4742-4B30-832F-0DEA254DE9C4} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {68FED835-C52D-4A2A-B925-C8A1916C4F67} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3209604
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm003^S00828^us&si=CJKU-Kvzqq8CFe4DQAod8g0fXQ&ptb=33AC2DCF-365E-427A-8888-A6AC13490592&psa=&ind=2012041014&st=sb&n=77ed4f36&searchfor={searchTerms}
SearchScopes: HKCU - {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = http://www.amazon.com/websearch/ref=bit_bds-p13_serp_ie_us_display?ie=UTF8&tagbase=bds-p13&tbrId=v1_abb-channel-13_5ebbf1825f4d4bb09fb70ead6a7fd7ec_30_39_20130214_US_ie_ds_&query={searchTerms}
SearchScopes: HKCU - {B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} URL = http://www.ask.com/web?l=dis&o=APN10022&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^US&apn_ptnrs=^A4D&apn_uid=4661514065704645&p2=^A4D^YYYYYY^YY^US&q={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6R8NVOw50v&i=26
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
SearchScopes: HKCU - {EFD0B20D-0D6E-4C25-9733-D2174B9288B8} URL = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
BHO: IB Updater - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll ()
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
BHO-x32: Search Assistant BHO - {06e05b40-77fa-40b6-9077-ed1a7577b1ef} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrcAs.dll (MindSpark)
BHO-x32: Toolbar BHO - {074d3229-0a22-491b-b9dd-ff3171d75f25} - C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57bar.dll (MindSpark)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Search Assistant BHO - {0eeaa2c3-0cd7-4364-b82e-f9257081c860} - C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57SrcAs.dll (MindSpark)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Toolbar BHO - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (MindSpark)
BHO-x32: IB Updater - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
BHO-x32: Search Results Toolbar - {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll (Ask.com)
BHO-x32: Toolbar BHO - {433ae6bf-a1fd-4a51-858e-6c26c7cd64db} - C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\29bar.dll (MindSpark)
BHO-x32: Ask Toolbar - {4641532D-5636-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\FAS-V6\Passport.dll (APN LLC.)
BHO-x32: Toolbar BHO - {58f7b5ca-1162-42e8-8bbc-d543b4edd780} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll (MindSpark)
BHO-x32: Search Assistant BHO - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark)
BHO-x32: Toolbar BHO - {631acb68-57c3-48af-9cc5-fcec0837ffd3} - C:\Program Files (x86)\FilmFanatic\bar\1.bin\pabar.dll (MindSpark)
BHO-x32: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
BHO-x32: Search Assistant BHO - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (MindSpark)
BHO-x32: PlayFizz Platinum Content Add-on - {757FAD76-20D9-4973-BD64-9208ED0A0624} - C:\Users\Sample\AppData\Local\FizzPlatinum\FizzPlatinumBHO.dll (PlayFizz)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
BHO-x32: Search Assistant BHO - {9c8de6c1-88f6-4515-9e81-6a280bb35349} - C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\29SrcAs.dll (MindSpark)
BHO-x32: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL No File
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: ArcadeCandy Games - {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - C:\Users\Sample\AppData\Local\ArcadeCandy\candyEX.dll (ArcadeCandy LLC)
BHO-x32: Produtools Manuals 2.1 Toolbar - {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - C:\Users\Sample\AppData\LocalLow\Produtools_Manuals_2.1\prxtbPro1.dll (ClientConnect Ltd.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Dogpile Bundle Toolbar BHO - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
BHO-x32: Toolbar BHO - {c6549209-1ff1-4a5c-a815-981f64f34b19} - C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebar.dll (MindSpark)
BHO-x32: Toolbar BHO - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
BHO-x32: Search Assistant BHO - {d047fe10-dfe2-45cf-9fbf-966b9e64920f} - C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eSrcAs.dll (MindSpark)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Search Assistant BHO - {d5e9b421-c309-41de-9014-800a2adcdeb0} - C:\Program Files (x86)\FilmFanatic\bar\1.bin\paSrcAs.dll (MindSpark)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: AlxHelper Class - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - TelevisionFanatic - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
Toolbar: HKLM-x32 - Produtools Manuals 2.1 Toolbar - {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - C:\Users\Sample\AppData\LocalLow\Produtools_Manuals_2.1\prxtbPro1.dll (ClientConnect Ltd.)
Toolbar: HKLM-x32 - FilmFanatic - {0b84b4b4-8af8-4f1f-91fe-074a666f6425} - C:\Program Files (x86)\FilmFanatic\bar\1.bin\pabar.dll (MindSpark)
Toolbar: HKLM-x32 - HeadlineAlley - {8f61e414-ea79-4559-8bb6-61d956f70306} - C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\29bar.dll (MindSpark)
Toolbar: HKLM-x32 - Marine Aquarium Lite - {07189b84-b33b-4a1e-9b32-ad203c983c20} - C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57bar.dll (MindSpark)
Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
Toolbar: HKLM-x32 - Utility Chest - {cf67755f-9265-449c-87cf-b945519e073b} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll (MindSpark)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - VideoScavenger - {acf7da4c-eeb2-484a-a3a1-303d4054d50c} - C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebar.dll (MindSpark)
Toolbar: HKLM-x32 - MapsGalaxy - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (MindSpark)
Toolbar: HKLM-x32 - Search Results Toolbar - {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll (Ask.com)
Toolbar: HKLM-x32 - Dogpile Bundle Toolbar - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
Toolbar: HKLM-x32 - Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Amazon Browser Bar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
Toolbar: HKLM-x32 - Ask Toolbar - {4641532D-5636-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\FAS-V6\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} -  No File
Toolbar: HKCU - No Name - {C98D5B61-B0EA-4D48-9839-1079D352D880} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @ei.FestiveBar_3g.com/Plugin - C:\Program Files (x86)\FestiveBar_3gEI\Installr\1.bin\NP3gEISB.dll (FestiveBar)
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 - C:\Program Files (x86)\FantastiGames\npExentCtl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @FilmFanatic.com/Plugin - C:\Program Files (x86)\FilmFanatic\bar\1.bin\NPpaStub.dll (MindSpark)
FF Plugin-x32: @HeadlineAlley_29.com/Plugin - C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\NP29Stub.dll (MindSpark)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @MapsGalaxy_39.com/Plugin - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll (MindSpark)
FF Plugin-x32: @MarineAquarium3Free_57.com/Plugin - C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\NP57Stub.dll (MindSpark)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @TelevisionFanatic.com/Plugin - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @UtilityChest_49.com/Plugin - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll (MindSpark)
FF Plugin-x32: @VideoScavenger_1e.com/Plugin - C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\NP1eStub.dll (MindSpark)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: www.exent.com/GameTreatWidget - C:\Program Files (x86)\FantastiGames\NPGameTreatPlugin.dll No File
FF Plugin HKCU: www.exent.com/GameTreatWidget - C:\Program Files (x86)\FantastiGames\npGameTreatWidget.dll (Exent Technologies Ltd.)
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox [2012-12-11]
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox [2012-12-11]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension\ []
FF HKLM-x32\...\Firefox\Extensions: [64ffxtbr@TelevisionFanatic.com] - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin
FF Extension: TelevisionFanatic - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin [2012-04-10]
FF HKLM-x32\...\Firefox\Extensions: [paffxtbr@FilmFanatic.com] - C:\Program Files (x86)\FilmFanatic\bar\1.bin
FF Extension: FilmFanatic - C:\Program Files (x86)\FilmFanatic\bar\1.bin [2012-07-02]
FF HKLM-x32\...\Firefox\Extensions: [29ffxtbr@HeadlineAlley_29.com] - C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin
FF Extension: HeadlineAlley - C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin [2012-07-03]
FF HKLM-x32\...\Firefox\Extensions: [57ffxtbr@MarineAquarium3Free_57.com] - C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin
FF Extension: Marine Aquarium Lite - C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin [2012-07-09]
FF HKLM-x32\...\Firefox\Extensions: [49ffxtbr@UtilityChest_49.com] - C:\Program Files (x86)\UtilityChest_49\bar\1.bin
FF Extension: Utility Chest - C:\Program Files (x86)\UtilityChest_49\bar\1.bin [2012-08-15]
FF HKLM-x32\...\Firefox\Extensions: [1effxtbr@VideoScavenger_1e.com] - C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin
FF Extension: VideoScavenger - C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin [2012-08-28]
FF HKLM-x32\...\Firefox\Extensions: [39ffxtbr@MapsGalaxy_39.com] - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin
FF Extension: MapsGalaxy - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin [2012-09-04]
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox [2012-12-11]
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox [2012-12-11]
FF HKCU\...\Firefox\Extensions: [games@acandy.com] - C:\Users\Sample\AppData\Local\ArcadeCandy\games@acandy.com
FF Extension: ArcadeCandy - C:\Users\Sample\AppData\Local\ArcadeCandy\games@acandy.com [2013-07-09]
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF Extension: No Name - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013-02-08]
FF HKCU\...\Firefox\Extensions: [{6013E7AC-CCA6-4207-90E0-97EDA12F2359}] - C:\Users\Sample\AppData\Local\FizzPlatinum\{6013E7AC-CCA6-4207-90E0-97EDA12F2359}\
FF Extension: PlayFizz Platinum Content Add-on - C:\Users\Sample\AppData\Local\FizzPlatinum\{6013E7AC-CCA6-4207-90E0-97EDA12F2359}\ []

==================== Services (Whitelisted) =================

R2 24x7HelpSvc; C:\Program Files (x86)\24x7Help\App24x7Svc.exe [342168 2012-11-30] (PCRx.com, LLC)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [169096 2013-02-15] (APN LLC.)
R2 FilmFanaticService; C:\Program Files (x86)\FilmFanatic\bar\1.bin\pabarsvc.exe [42504 2012-07-02] (COMPANYVERS_NAME)
R2 HeadlineAlley_29Service; C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\29barsvc.exe [42504 2012-07-03] (COMPANYVERS_NAME)
R2 IB Updater; C:\Program Files\IB Updater\ExtensionUpdaterService.exe [188760 2013-01-29] ()
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1455408 2013-04-07] ()
R2 MapsGalaxy_39Service; C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe [42504 2012-09-04] (COMPANYVERS_NAME)
R2 MarineAquarium3Free_57Service; C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57barsvc.exe [42504 2012-07-09] (COMPANYVERS_NAME)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 TelevisionFanaticService; C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe [42504 2012-04-10] (COMPANYVERS_NAME)
R2 Updater Service for AMZN; C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [222368 2012-05-22] ()
R2 UtilityChest_49Service; C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49barsvc.exe [42504 2012-08-15] (COMPANYVERS_NAME)
R2 VideoScavenger_1eService; C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebarsvc.exe [42504 2012-08-28] (COMPANYVERS_NAME)
S3 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2013-01-09] (Wajam)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{8a768225-5e1d-ab58-6104-6a1e73a35887}\   \...\???\{8a768225-5e1d-ab58-6104-6a1e73a35887}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE1200w764.sys [1254464 2011-03-29] (Broadcom Corporation)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90896 2011-05-21] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144656 2011-05-21] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [69392 2011-05-21] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2011-05-21] (Trend Micro Inc.)
R2 X5XSEx_Pr143; C:\Program Files (x86)\FantastiGames\X5XSEx_Pr143.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
S2 X5XSEx; \??\C:\Program Files (x86)\FantastiGames\X5XSEx.Sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-02 11:29 - 2014-06-02 11:29 - 00000000 ____D () C:\FRST
2014-05-28 16:08 - 2014-05-28 16:09 - 00000000 ____D () C:\Users\Sample\Desktop\Removable Disk
2014-05-28 15:21 - 2014-05-28 15:21 - 00008472 _____ () C:\Users\Sample\Documents\eset scan results.txt
2014-05-28 14:22 - 2014-05-28 14:22 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-27 07:44 - 2014-05-27 07:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-05-27 07:44 - 2014-05-27 07:44 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-05-22 08:12 - 2014-05-27 13:52 - 00013660 _____ () C:\Users\Sample\Documents\Internal Audit Schedule (2)1.xlsx
2014-05-15 07:53 - 2014-05-15 07:53 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Oracle
2014-05-15 07:49 - 2014-05-15 07:49 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-15 07:48 - 2014-05-15 07:48 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-15 07:48 - 2014-05-15 07:48 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-15 07:48 - 2014-05-15 07:48 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-15 07:48 - 2014-05-15 07:48 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-15 07:48 - 2014-05-15 07:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-15 07:48 - 2014-05-15 07:48 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-05-15 07:48 - 2014-05-15 07:48 - 00000000 ____D () C:\Program Files (x86)\Java

==================== One Month Modified Files and Folders =======

2014-06-02 11:29 - 2014-06-02 11:29 - 00000000 ____D () C:\FRST
2014-06-02 11:29 - 2012-02-03 10:31 - 00000000 ____D () C:\Users\Sample\AppData\Local\Temp
2014-06-02 11:24 - 2009-07-14 00:13 - 00794278 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-02 11:23 - 2012-04-12 09:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-02 11:15 - 2009-07-13 23:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-02 11:15 - 2009-07-13 23:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-02 10:47 - 2012-04-05 15:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-02 10:20 - 2013-02-14 08:27 - 00000000 ____D () C:\Users\Sample\AppData\Local\Strongvault Online Backup
2014-06-02 10:09 - 2013-03-06 13:33 - 00000266 _____ () C:\Windows\Tasks\PlayFizz.job
2014-06-02 09:22 - 2012-09-14 14:34 - 00000274 _____ () C:\Windows\Tasks\CandyUpdater.job
2014-06-02 08:30 - 2012-02-03 10:34 - 00000000 ____D () C:\ProgramData\Kodak
2014-06-02 08:20 - 2012-04-02 15:23 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{227FD765-263C-480D-80E1-CD61222B9105}
2014-05-30 07:47 - 2012-04-05 15:24 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-30 07:41 - 2012-01-06 11:21 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-05-30 07:41 - 2012-01-06 11:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-05-30 07:41 - 2012-01-06 10:57 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-05-30 07:41 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-30 07:41 - 2009-07-13 23:51 - 00070642 _____ () C:\Windows\setupact.log
2014-05-28 16:09 - 2014-05-28 16:08 - 00000000 ____D () C:\Users\Sample\Desktop\Removable Disk
2014-05-28 15:21 - 2014-05-28 15:21 - 00008472 _____ () C:\Users\Sample\Documents\eset scan results.txt
2014-05-28 15:17 - 2013-11-08 15:14 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Ysxawaef
2014-05-28 15:17 - 2013-11-08 14:54 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Yfcievha
2014-05-28 15:16 - 2013-11-08 15:43 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Sakeroxe
2014-05-28 15:16 - 2013-11-08 15:39 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Azydca
2014-05-28 15:16 - 2013-11-08 15:38 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Qogadeu
2014-05-28 15:16 - 2013-11-08 15:26 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Pubedu
2014-05-28 15:16 - 2013-11-08 15:24 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Kigauhm
2014-05-28 15:16 - 2013-11-08 15:22 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Asmila
2014-05-28 15:16 - 2013-11-08 15:18 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Qeryokgi
2014-05-28 15:16 - 2013-11-08 15:09 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Uwirpiy
2014-05-28 15:16 - 2013-11-08 15:08 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Aruhmizu
2014-05-28 15:16 - 2013-11-08 15:07 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Tobaoza
2014-05-28 15:16 - 2013-11-08 14:58 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Enzyuhif
2014-05-28 15:16 - 2013-11-08 14:53 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Abxerev
2014-05-28 15:16 - 2013-11-08 14:49 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Oxlaetib
2014-05-28 15:16 - 2013-11-08 14:49 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Nuzuebb
2014-05-28 15:16 - 2013-11-08 14:48 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Ekgynyi
2014-05-28 15:16 - 2012-02-06 11:25 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Temp
2014-05-28 15:14 - 2013-02-14 08:27 - 00000000 ____D () C:\Users\Sample\AppData\Local\Strongvault
2014-05-28 15:13 - 2013-02-14 08:27 - 00000000 ____D () C:\Program Files (x86)\Yontoo
2014-05-28 14:22 - 2014-05-28 14:22 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-27 14:05 - 2013-09-23 08:22 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
2014-05-27 13:52 - 2014-05-22 08:12 - 00013660 _____ () C:\Users\Sample\Documents\Internal Audit Schedule (2)1.xlsx
2014-05-27 13:51 - 2013-07-02 13:06 - 00030208 _____ () C:\Users\Sample\Documents\NCRLOG.xls
2014-05-27 07:44 - 2014-05-27 07:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-05-27 07:44 - 2014-05-27 07:44 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-05-27 07:44 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 13:58 - 2012-02-03 10:33 - 00000000 ____D () C:\Users\Sample\AppData\Local\VirtualStore
2014-05-15 07:53 - 2014-05-15 07:53 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Oracle
2014-05-15 07:49 - 2014-05-15 07:49 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-15 07:48 - 2014-05-15 07:48 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-15 07:48 - 2014-05-15 07:48 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-15 07:48 - 2014-05-15 07:48 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-15 07:48 - 2014-05-15 07:48 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-15 07:48 - 2014-05-15 07:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-15 07:48 - 2014-05-15 07:48 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-05-15 07:48 - 2014-05-15 07:48 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-14 10:26 - 2012-04-12 09:23 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 10:26 - 2012-04-12 09:23 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 10:26 - 2012-01-06 10:44 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-08 08:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-08 07:42 - 2012-04-05 15:24 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 07:42 - 2012-04-05 15:24 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 09:32 - 2013-07-25 07:27 - 00034816 _____ () C:\Users\Sample\Downloads\Internal Audit Schedule (2).xls
ZeroAccess:
C:\Users\Sample\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.6188.dll


Some content of TEMP:
====================
C:\Users\Sample\AppData\Local\Temp\1c6yhu8k.dll
C:\Users\Sample\AppData\Local\Temp\1icmkyw1.dll
C:\Users\Sample\AppData\Local\Temp\APNSetup.exe
C:\Users\Sample\AppData\Local\Temp\aro.exe
C:\Users\Sample\AppData\Local\Temp\atstpip.exe
C:\Users\Sample\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Sample\AppData\Local\Temp\installhelper.dll
C:\Users\Sample\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe
C:\Users\Sample\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Sample\AppData\Local\Temp\MSNE698.exe
C:\Users\Sample\AppData\Local\Temp\mssinstaller.exe
C:\Users\Sample\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
C:\Users\Sample\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Sample\AppData\Local\Temp\TB_AF22.exe
C:\Users\Sample\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\Sample\AppData\Local\Temp\wajam_install.exe
C:\Users\Sample\AppData\Local\Temp\wcdinst.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2014-05-29 09:02

==================== End Of Log ============================

 

 

The Addition.txt file is attached below.  I work Monday-Friday until 5pm CT in America so i'll be able to work on the computer sometime during this time frame.

Link to post
Share on other sites

Lol my appologies I thought I did. Here you go:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2014 01
Ran by Sample at 2014-06-02 11:30:22
Running from E:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Trend Micro Titanium Internet Security (Disabled - Out of date) {68F968AC-2AA0-091D-848C-803E83E35902}
AS: Trend Micro Titanium Internet Security (Disabled - Out of date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

24x7 Help (HKLM-x32\...\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1) (Version: 2.1.0.22 - Crawler, LLC)
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
aioscnnr (x32 Version: 7.3.4.0 - Your Company Name) Hidden
Amazon Browser Bar (HKLM-x32\...\Amazon Browser Bar) (Version: 3.0 - Amazon.com, Inc.)
Antique Shop (HKLM-x32\...\exent_645050) (Version:  - )
ArcadeCandy (HKCU\...\{6A2EF989-A524-48bf-985F-9D076B334980}) (Version: ac 1.24.366 - ArcadeCandy LLC)
Ask Toolbar (HKLM-x32\...\{4641532D-5636-006A-76A7-A758B70B0701}) (Version: 11.7.1.1160 - Ask Partner Network) <==== ATTENTION
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.2.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.23037 - Ask.com) <==== ATTENTION
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Birds on a Wire (HKLM-x32\...\exent_451050) (Version:  - )
bSaving (HKLM-x32\...\bSaving) (Version: 1 - bSaving)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
Cabos (HKLM-x32\...\{D27928E5-C1A2-47B1-9834-6191D3AC34CE}) (Version: 0.8.2 - heavy_baby)
center (x32 Version: 6.2.5.0 - Eastman Kodak Company) Hidden
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.4.0 - Conexant)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2433A103-9EC3-49EA-9AD1-58A35F27EE56}) (Version:  - Microsoft)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Digital Delivery (HKLM-x32\...\{B96348BD-6B0D-42E3-80B1-FA6718067BFE}) (Version: 2.8.1000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dogpile Bundle Toolbar (HKLM-x32\...\Dogpile Bundle Toolbar) (Version: 1.514 - )
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
essentials (x32 Version: 6.0.14.0 - Eastman Kodak Company) Hidden
FilmFanatic Toolbar (HKLM-x32\...\FilmFanaticbar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Free Ride Games Player (HKLM-x32\...\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}) (Version:  - Exent Technologies Ltd)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4413.1752 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Graboid Video 3.11 (HKLM-x32\...\Graboid Video) (Version: 3.11 - Graboid Inc.)
HeadlineAlley Toolbar (HKLM-x32\...\HeadlineAlley_29bar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
IB Updater 2.0.0.575 (HKLM\...\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1) (Version: 2.0.0.575 - IncrediBar) <==== ATTENTION
IB Updater Service (HKLM-x32\...\WNLT) (Version: 3.0.4.6 - ) <==== ATTENTION
iLivid (HKLM-x32\...\iLivid) (Version: 1.92 - Bandoo Media Inc) <==== ATTENTION
Incredibar Toolbar  on IE (HKLM-x32\...\incredibar) (Version:  - ) <==== ATTENTION
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodak AIO Printer (Version: 7.3.4.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.3.8.20 - Eastman Kodak Company)
LUXOR - 5th Passage (HKLM-x32\...\exent_710650) (Version:  - )
MapsGalaxy Toolbar (HKLM-x32\...\MapsGalaxy_39bar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Marine Aquarium Lite Toolbar (HKLM-x32\...\MarineAquarium3Free_57bar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 8.0 Support DLLs (HKLM-x32\...\{342F5437-C87D-4BB5-89B9-B23E16C6A395}) (Version: 1.0.0 - McNeel & Associates)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6308.28 - PC-Doctor, Inc.)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OLYMPUS Digital Camera Updater (HKLM-x32\...\{A68C62E8-B243-4777-89BB-12173DFA1D45}) (Version: 1.0.1 - OLYMPUS IMAGING CORP.)
Olympus ib (HKLM-x32\...\InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}) (Version: 1.3.2207 - OLYMPUS IMAGING CORP.)
Olympus ib (x32 Version: 1.3.2207 - OLYMPUS IMAGING CORP.) Hidden
OLYMPUS Viewer 2 (HKLM-x32\...\{7177EE4E-3D1D-4F45-85B5-B93DC758BA0B}) (Version: 1.1.1 - OLYMPUS IMAGING CORP.)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PlayFizz (HKCU\...\{AA01668E-5FA3-4B8D-9AB4-0D3480513000}) (Version: 1.0 - PlayFizz)
PreReq (x32 Version: 6.2.3.0 - Eastman Kodak Company) Hidden
Produtools Manuals 2.1 Toolbar (HKLM-x32\...\Produtools_Manuals_2.1 Toolbar) (Version: 6.8.9.0 - Produtools Manuals 2.1)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Rhinoceros 4.0 SR6 (HKLM-x32\...\{6B9DD988-5ECB-4623-BBFF-8A8F2DA3ED16}) (Version: 4.0.40709 - Robert McNeel & Associates)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Search Results Toolbar (HKLM-x32\...\toolbar2) (Version: 1.0.0.12 - )
Searchqu Toolbar (HKLM-x32\...\Searchqu Toolbar) (Version: 4.1.0.2998 - Bandoo Media Inc) <==== ATTENTION
SereneScreen Marine Aquarium Lite (HKLM-x32\...\SereneScreen Marine Aquarium Lite_is1) (Version: 3.0 - Prolific Publishing, Inc.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Strongvault Online Backup (HKLM-x32\...\{692EF506-1E15-4473-A829-ED951D6C49DB}) (Version: 2.0.0 - Strongvault)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.12541 - TeamViewer)
TelevisionFanatic Toolbar (HKLM-x32\...\TelevisionFanaticbar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )
Trend Micro Titanium Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 3.1 - Trend Micro Inc.)
Trend Micro Titanium Internet Security (Version: 3.00 - Trend Micro Inc.) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{97C39B81-3054-4AB4-B11D-A656DE619982}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{150A0FF0-AF69-4132-BD93-1E34F63FC8A3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{24BD08F8-FF6E-4DD8-BE49-3659AE78A819}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{47894754-0FEC-4920-9A65-6C1E732587AC}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{190EC86F-5867-4D7A-B9F3-D14D82C26F3D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Utility Chest Toolbar (HKLM-x32\...\UtilityChest_49bar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Video Converter (HKCU\...\Video Converter) (Version:  - )
VideoScavenger Toolbar (HKLM-x32\...\VideoScavenger_1ebar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
Wajam (HKLM-x32\...\Wajam) (Version: 1.53 - Wajam) <==== ATTENTION
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Yontoo 1.10.03 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.03 - Yontoo LLC) <==== ATTENTION

==================== Restore Points  =========================

09-04-2014 13:37:37 Scheduled Checkpoint
17-04-2014 15:01:47 Scheduled Checkpoint
25-04-2014 14:30:57 Scheduled Checkpoint
05-05-2014 16:50:23 Scheduled Checkpoint
13-05-2014 19:36:04 Scheduled Checkpoint
15-05-2014 12:47:30 Removed Java 6 Update 34
15-05-2014 12:48:03 Installed Java 7 Update 55
22-05-2014 16:21:14 Scheduled Checkpoint
30-05-2014 13:25:47 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1F203423-4DD1-47D0-BE6D-FF4D1C8572D4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {260A96DA-D720-4A59-97C8-AC62784F3260} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-05-04] () <==== ATTENTION
Task: {4A4A7ED1-B62A-472E-8135-FB44FB7DBF77} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-05] (Google Inc.)
Task: {53101298-9B51-4264-8746-A8A664EA8BD2} - System32\Tasks\PlayFizz => C:\Users\Sample\AppData\Local\FizzPlatinum\Updater.exe [2013-02-15] ()
Task: {65775FDD-3E21-43AF-9207-72B0B5F681AD} - System32\Tasks\CandyUpdater => C:\Users\Sample\AppData\Local\ArcadeCandy\candyUpdater.exe [2013-09-26] ()
Task: {801972BA-0CA3-4971-94D7-D3007BC09680} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-05] (Google Inc.)
Task: {B0101EAA-3149-44DC-85BF-C750923FA248} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-09-05] (PC-Doctor, Inc.)
Task: {E7572864-D131-4A26-8E2C-C56B6DBFB198} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {EF70A479-8F6C-4293-B5B3-34654C045E38} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-05] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CandyUpdater.job => C:\Users\Sample\AppData\Local\ArcadeCandy\candyUpdater.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PlayFizz.job => C:\Users\Sample\AppData\Local\FizzPlatinum\Updater.exe
Task: C:\Windows\Tasks\Security Center Update - 2854487534.job => C:\Users\Sample\AppData\Roaming\Koaqolq\ablyzo.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 3393306516.job => C:\Users\Sample\AppData\Roaming\Udceyvwa\yryqwu.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 4232005664.job => C:\Users\Sample\AppData\Roaming\Exynuz\ruwya.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 775831282.job => C:\Users\Sample\AppData\Roaming\Zepayv\igreen.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2010-11-20 22:24 - 2010-11-20 22:24 - 00326144 _____ () C:\Windows\system32\mswsock.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 00326144 _____ () C:\Windows\system32\MSWSOCK.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 00326144 _____ () C:\Windows\System32\mswsock.dll
2012-01-06 11:18 - 2011-05-21 03:01 - 00047104 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
2012-01-06 11:18 - 2011-05-21 03:01 - 00042496 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
2012-01-06 11:18 - 2011-05-21 03:01 - 00731136 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2012-01-06 12:25 - 2011-05-21 02:45 - 00288864 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2012-12-11 12:03 - 2013-01-29 14:29 - 00188760 _____ () C:\Program Files\IB Updater\ExtensionUpdaterService.exe
2012-12-11 12:02 - 2013-04-07 03:54 - 01455408 _____ () C:\Windows\system32\dmwu.exe
2012-05-22 11:21 - 2012-05-22 11:21 - 00222368 _____ () C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe
2012-01-06 10:58 - 2011-09-22 11:14 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-01-06 12:07 - 2011-01-27 10:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-04-07 03:55 - 2013-04-07 03:55 - 00015152 _____ () C:\Windows\SysWOW64\jmdp\stij.exe
2010-11-17 11:35 - 2010-11-17 11:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2013-04-07 03:54 - 2013-04-07 03:54 - 00306176 _____ () C:\Windows\SysWOW64\jmdp\lmrn.dll
2013-02-05 02:25 - 2013-02-05 02:25 - 00362029 _____ () C:\Windows\SysWOW64\jmdp\sqlite3.dll
2013-01-15 19:14 - 2013-01-15 19:14 - 00009216 _____ () C:\Program Files (x86)\Strongvault Online Backup\Infrastructure.Metadata.dll
2013-01-15 19:14 - 2013-01-15 19:14 - 00006144 _____ () C:\Program Files (x86)\Strongvault Online Backup\Infrastructure.Helpers.dll
2013-01-15 19:14 - 2013-01-15 19:14 - 00009728 _____ () C:\Program Files (x86)\Strongvault Online Backup\Environment.Identification.dll
2013-01-15 19:14 - 2013-01-15 19:14 - 00006656 _____ () C:\Program Files (x86)\Strongvault Online Backup\Infrastructure.Metrics.dll
2013-01-15 19:14 - 2013-01-15 19:14 - 00017920 _____ () C:\Program Files (x86)\Strongvault Online Backup\Metrics.Dispatching.dll
2010-11-24 23:44 - 2010-11-24 23:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2013-01-31 19:19 - 2012-05-25 05:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2013-11-12 11:04 - 2013-11-12 11:04 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2013-03-18 10:47 - 2013-01-29 14:29 - 00170840 _____ () C:\Program Files\IB Updater\Extension32.dll
2012-07-09 15:07 - 2012-07-09 15:07 - 00124072 _____ () C:\Users\Sample\AppData\Local\ArcadeCandy\candyEXPE.dll
2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: X5XSEx
Description: X5XSEx
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: X5XSEx
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/02/2014 08:22:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 10.0.9200.16686, time stamp: 0x5205a143
Exception code: 0xc0000005
Fault offset: 0x00279711
Faulting process id: 0x2310
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (05/30/2014 08:19:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/30/2014 07:58:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 10.0.9200.16686, time stamp: 0x5205a143
Exception code: 0xc0000005
Fault offset: 0x00279711
Faulting process id: 0x1b7c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (05/30/2014 07:42:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/29/2014 11:33:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/29/2014 11:05:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 10.0.9200.16686, time stamp: 0x5205a143
Exception code: 0xc0000005
Fault offset: 0x00279711
Faulting process id: 0x30e0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (05/28/2014 04:29:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 10.0.9200.16686, time stamp: 0x5205a143
Exception code: 0xc0000005
Fault offset: 0x00279711
Faulting process id: 0x2268
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (05/28/2014 04:10:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x36d4
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (05/28/2014 04:07:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x3550
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (05/28/2014 04:05:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1ec8
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3


System errors:
=============
Error: (05/30/2014 07:42:15 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (05/30/2014 07:41:45 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (05/30/2014 07:41:19 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (05/30/2014 07:41:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The X5XSEx service failed to start due to the following error:
%%2

Error: (05/30/2014 07:41:06 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (05/28/2014 01:40:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (05/28/2014 01:39:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (05/28/2014 01:38:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (05/28/2014 01:38:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The X5XSEx service failed to start due to the following error:
%%2

Error: (05/28/2014 01:38:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891


Microsoft Office Sessions:
=========================
Error: (06/02/2014 08:22:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100mshtml.dll10.0.9200.166865205a143c000000500279711231001cf7e657d9c3ea3C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\mshtml.dllf16d7b8f-ea58-11e3-a080-d067e5281020

Error: (05/30/2014 08:19:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (05/30/2014 07:58:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100mshtml.dll10.0.9200.166865205a143c0000005002797111b7c01cf7c062385be97C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\mshtml.dll1fc3a3c5-e7fa-11e3-a080-d067e5281020

Error: (05/30/2014 07:42:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/29/2014 11:33:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (05/29/2014 11:05:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100mshtml.dll10.0.9200.166865205a143c00000050027971130e001cf7b578dfe9f6aC:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\mshtml.dll13a90391-e74b-11e3-8d12-d067e5281020

Error: (05/28/2014 04:29:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100mshtml.dll10.0.9200.166865205a143c000000500279711226801cf7abaf2efe17eC:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\mshtml.dll2ddacc79-e6af-11e3-8d12-d067e5281020

Error: (05/28/2014 04:10:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd36d401cf7ab936bdcfb1C:\Users\Sample\Desktop\Removable Disk\Malwarebytes Anti-Malware\mbam.exeC:\Users\Sample\Desktop\Removable Disk\Malwarebytes Anti-Malware\MSVCR100.dll760628a1-e6ac-11e3-8d12-d067e5281020

Error: (05/28/2014 04:07:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd355001cf7ab8e336780aE:\Malwarebytes Anti-Malware\mbam.exeE:\Malwarebytes Anti-Malware\MSVCR100.dll225fdf16-e6ac-11e3-8d12-d067e5281020

Error: (05/28/2014 04:05:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd1ec801cf7ab89278637bE:\Malwarebytes Anti-Malware\mbam.exeE:\Malwarebytes Anti-Malware\MSVCR100.dlld18ebf85-e6ab-11e3-8d12-d067e5281020


==================== Memory info ===========================

Percentage of memory in use: 69%
Total physical RAM: 4008.63 MB
Available physical RAM: 1236.5 MB
Total Pagefile: 8015.44 MB
Available Pagefile: 4509.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:449.57 GB) (Free:390.93 GB) NTFS
Drive e: () (Removable) (Total:1.87 GB) (Free:1.18 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 7859923F)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=16 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 30AF6998)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================

 

Wow...badly affected.  He's on the same network with the rest of us so should the rest of us on separate computers be concerned?

Link to post
Share on other sites

Hello,

 

 

IMPORTANT NOTE: One or more of the identified infections is related to the rootkit ZeroAccess. Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used be the attacker for malicious purposes. Rootkits are used be Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bepasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:

If your computer was used for online banking, has credit card information or other sensitive data on it, you should stay disconnected from the Internet until your system is fully cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:

Although the infection has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If you decide to continue please do this:

 

 

 

STEP 1

 

 

Next click on Start > type in appwiz.cpl in the search box and press Enter

From the list ununstall the applications below:

 

24x7 Help
Amazon Browser Bar
ArcadeCandy
Ask Toolbar
Ask Toolbar Updater
bSaving
Dogpile Bundle Toolbar
FilmFanatic Toolbar
Free Ride Games Player
HeadlineAlley Toolbar
IB Updater 2.0.0.575
IB Updater Service
iLivid
Incredibar Toolbar  on IE
MapsGalaxy Toolbar
Marine Aquarium Lite Toolbar
PlayFizz
Search Results Toolbar
Searchqu Toolbar
SereneScreen Marine Aquarium Lite
Strongvault Online Backup
TelevisionFanatic Toolbar
Utility Chest Toolbar
VideoScavenger Toolbar
Wajam
Yahoo! Toolbar
Yontoo 1.10.03

 

 

 

STEP 2

 

 

Next please download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Wow...badly affected.  He's on the same network with the rest of us so should the rest of us on separate computers be concerned?

 

I guess so...

 

 

Regards,

Georgi

Link to post
Share on other sites

Bad news about the rest of our stuff being compromised... Hopefully it hasn't reached that point.  Whether it has or hasn't what can we do as a preliminary option? 

 

Here's the log results:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-06-2014
Ran by Sample at 2014-06-03 16:26:12 Run:1
Running from E:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
(PCRx.com, LLC) C:\Program Files (x86)\24x7Help\App24x7Svc.exe
(Crawler, LLC) C:\Program Files (x86)\24x7Help\App24x7Help.exe
C:\Program Files (x86)\24x7Help
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\AskPartnerNetwork
(COMPANYVERS_NAME) C:\Program Files (x86)\FilmFanatic\bar\1.bin\pabarsvc.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\FilmFanatic\bar\1.bin\pabrmon.exe
C:\Program Files (x86)\FilmFanatic
(COMPANYVERS_NAME) C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\29barsvc.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\29brmon.exe
C:\Program Files (x86)\HeadlineAlley_29
() C:\Program Files\IB Updater\ExtensionUpdaterService.exe
C:\Program Files\IB Updater
() C:\Windows\System32\dmwu.exe
C:\Windows\System32\dmwu.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe
C:\Program Files (x86)\MapsGalaxy_39
(COMPANYVERS_NAME) C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57barsvc.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57brmon.exe
C:\Program Files (x86)\MarineAquarium3Free_57
(COMPANYVERS_NAME) C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe
C:\Program Files (x86)\TelevisionFanatic
() C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe
C:\Program Files (x86)\Amazon Browser Bar
(COMPANYVERS_NAME) C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49barsvc.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49brmon.exe
C:\Program Files (x86)\UtilityChest_49
(COMPANYVERS_NAME) C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebarsvc.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebrmon.exe
C:\Program Files (x86)\VideoScavenger_1e
() C:\Windows\SysWOW64\jmdp\stij.exe
C:\Windows\SysWOW64\jmdp
(Exent Technologies Ltd.) C:\Program Files (x86)\FantastiGames\GPlayer.exe
C:\Program Files (x86)\FantastiGames
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TelevisionFanatic Search Scope Monitor] => C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrchMn.exe [42536 2012-04-10] (MindSpark)
HKLM-x32\...\Run: [TelevisionFanatic Browser Plugin Loader] => C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe [30096 2012-04-10] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [FilmFanatic Search Scope Monitor] => C:\Program Files (x86)\FilmFanatic\bar\1.bin\paSrchMn.exe [42536 2012-07-02] (MindSpark)
HKLM-x32\...\Run: [FilmFanatic Browser Plugin Loader] => C:\Program Files (x86)\FilmFanatic\bar\1.bin\pabrmon.exe [30096 2012-07-02] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [HeadlineAlley Search Scope Monitor] => C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\29SrchMn.exe [42536 2012-07-03] (MindSpark)
HKLM-x32\...\Run: [HeadlineAlley_29 Browser Plugin Loader] => C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\29brmon.exe [30096 2012-07-03] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [Marine Aquarium Lite Search Scope Monitor] => C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57SrchMn.exe [42536 2012-07-09] (MindSpark)
HKLM-x32\...\Run: [MarineAquarium3Free_57 Browser Plugin Loader] => C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57brmon.exe [30096 2012-07-09] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [utility Chest Search Scope Monitor] => C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrchMn.exe [42536 2012-08-15] (MindSpark)
HKLM-x32\...\Run: [utilityChest_49 Browser Plugin Loader] => C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49brmon.exe [30096 2012-08-15] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1561768 2012-05-04] (Ask)
HKLM-x32\...\Run: [VideoScavenger Search Scope Monitor] => C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eSrchMn.exe [42536 2012-08-28] (MindSpark)
HKLM-x32\...\Run: [VideoScavenger_1e Browser Plugin Loader] => C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebrmon.exe [30096 2012-08-28] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [MapsGalaxy Search Scope Monitor] => C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrchMn.exe [42536 2012-09-04] (MindSpark)
HKLM-x32\...\Run: [MapsGalaxy_39 Browser Plugin Loader] => C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe [30096 2012-09-04] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [24x7HELP] => C:\Program Files (x86)\24x7Help\App24x7Help.exe [1773648 2013-03-12] (Crawler, LLC)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1483912 2013-02-15] (APN)
HKU\.DEFAULT\...\Run: [Exetender] => C:\Program Files (x86)\FantastiGames\GPlayer.exe [4932056 2012-11-28] (Exent Technologies Ltd.)
HKU\S-1-5-19\...\Run: [Exetender] => C:\Program Files (x86)\FantastiGames\GPlayer.exe [4932056 2012-11-28] (Exent Technologies Ltd.)
HKU\S-1-5-20\...\Run: [Exetender] => C:\Program Files (x86)\FantastiGames\GPlayer.exe [4932056 2012-11-28] (Exent Technologies Ltd.)
HKU\S-1-5-21-1455662546-804498140-2904831263-1000\...\Run: [ddodated] => rundll32 "C:\ProgramData\convures64.dll",CreateProcessNotify
C:\ProgramData\convures64.dll
HKU\S-1-5-21-1455662546-804498140-2904831263-1000\...\Run: [Exetender] => C:\Program Files (x86)\FantastiGames\GPlayer.exe [4932056 2012-11-28] (Exent Technologies Ltd.)
HKU\S-1-5-21-1455662546-804498140-2904831263-1000\...\Run: [Google Update*] => [X] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKU\S-1-5-21-1455662546-804498140-2904831263-1000\...\Run: [backgroundContainerV2] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Sample\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
C:\Users\Sample\AppData\Local\Conduit
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll => C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll File Not Found
AppInit_DLLs:  C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll => C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll [1528760 2012-07-25] (Bandoo Media, inc)
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll => "C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll" File Not Found
AppInit_DLLs-x32:  C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll => C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll [1185208 2012-07-25] (Bandoo Media, inc)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM-x32 - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKCU - DefaultScope {68FED835-C52D-4A2A-B925-C8A1916C4F67} URL = http://search.condui...&ctid=CT3209604
SearchScopes: HKCU - {14511195-910F-4B23-956D-510AF2A2CF5B} URL = http://asksearch.ask...={searchTerms}
SearchScopes: HKCU - {68FED835-C52D-4A2A-B925-C8A1916C4F67} URL = http://search.condui...&ctid=CT3209604
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKCU - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKCU - {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = http://www.amazon.co...y={searchTerms}
SearchScopes: HKCU - {B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} URL = http://mystart.incre...6R8NVOw50v&i=26
SearchScopes: HKCU - {EFD0B20D-0D6E-4C25-9733-D2174B9288B8} URL = http://ws.infospace....r?_iceUrl=true user_id=%userid&tool_id=60231&qkw={searchTerms}
BHO: IB Updater - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll ()
BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
C:\Program Files (x86)\Searchqu Toolbar
BHO-x32: Search Assistant BHO - {06e05b40-77fa-40b6-9077-ed1a7577b1ef} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrcAs.dll (MindSpark)
BHO-x32: Toolbar BHO - {074d3229-0a22-491b-b9dd-ff3171d75f25} - C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57bar.dll (MindSpark)
BHO-x32: Search Assistant BHO - {0eeaa2c3-0cd7-4364-b82e-f9257081c860} - C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57SrcAs.dll (MindSpark)
BHO-x32: Toolbar BHO - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (MindSpark)
BHO-x32: IB Updater - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
BHO-x32: Search Results Toolbar - {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll (Ask.com)
C:\Program Files (x86)\toolbar2
BHO-x32: Toolbar BHO - {433ae6bf-a1fd-4a51-858e-6c26c7cd64db} - C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\29bar.dll (MindSpark)
BHO-x32: Ask Toolbar - {4641532D-5636-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\FAS-V6\Passport.dll (APN LLC.)
BHO-x32: Toolbar BHO - {58f7b5ca-1162-42e8-8bbc-d543b4edd780} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll (MindSpark)
BHO-x32: Search Assistant BHO - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark)
BHO-x32: Toolbar BHO - {631acb68-57c3-48af-9cc5-fcec0837ffd3} - C:\Program Files (x86)\FilmFanatic\bar\1.bin\pabar.dll (MindSpark)
BHO-x32: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
C:\Program Files (x86)\Incredibar.com
BHO-x32: Search Assistant BHO - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (MindSpark)
BHO-x32: PlayFizz Platinum Content Add-on - {757FAD76-20D9-4973-BD64-9208ED0A0624} - C:\Users\Sample\AppData\Local\FizzPlatinum\FizzPlatinumBHO.dll (PlayFizz)
C:\Users\Sample\AppData\Local\FizzPlatinum
BHO-x32: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
BHO-x32: Search Assistant BHO - {9c8de6c1-88f6-4515-9e81-6a280bb35349} - C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\29SrcAs.dll (MindSpark)
BHO-x32: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL No File
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
C:\Program Files (x86)\Wajam
BHO-x32: ArcadeCandy Games - {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - C:\Users\Sample\AppData\Local\ArcadeCandy\candyEX.dll (ArcadeCandy LLC)
C:\Users\Sample\AppData\Local\ArcadeCandy
BHO-x32: Produtools Manuals 2.1 Toolbar - {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - C:\Users\Sample\AppData\LocalLow\Produtools_Manuals_2.1\prxtbPro1.dll (ClientConnect Ltd.)
C:\Users\Sample\AppData\LocalLow\Produtools_Manuals_2.1
BHO-x32: Dogpile Bundle Toolbar BHO - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
C:\Program Files (x86)\Dogpile Bundle Toolbar
BHO-x32: Toolbar BHO - {c6549209-1ff1-4a5c-a815-981f64f34b19} - C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebar.dll (MindSpark)
BHO-x32: Toolbar BHO - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
BHO-x32: Search Assistant BHO - {d047fe10-dfe2-45cf-9fbf-966b9e64920f} - C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eSrcAs.dll (MindSpark)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Search Assistant BHO - {d5e9b421-c309-41de-9014-800a2adcdeb0} - C:\Program Files (x86)\FilmFanatic\bar\1.bin\paSrcAs.dll (MindSpark)
BHO-x32: AlxHelper Class - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
Toolbar: HKLM-x32 - TelevisionFanatic - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
Toolbar: HKLM-x32 - Produtools Manuals 2.1 Toolbar - {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - C:\Users\Sample\AppData\LocalLow\Produtools_Manuals_2.1\prxtbPro1.dll (ClientConnect Ltd.)
Toolbar: HKLM-x32 - FilmFanatic - {0b84b4b4-8af8-4f1f-91fe-074a666f6425} - C:\Program Files (x86)\FilmFanatic\bar\1.bin\pabar.dll (MindSpark)
Toolbar: HKLM-x32 - HeadlineAlley - {8f61e414-ea79-4559-8bb6-61d956f70306} - C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\29bar.dll (MindSpark)
Toolbar: HKLM-x32 - Marine Aquarium Lite - {07189b84-b33b-4a1e-9b32-ad203c983c20} - C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57bar.dll (MindSpark)
Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
Toolbar: HKLM-x32 - Utility Chest - {cf67755f-9265-449c-87cf-b945519e073b} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll (MindSpark)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - VideoScavenger - {acf7da4c-eeb2-484a-a3a1-303d4054d50c} - C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebar.dll (MindSpark)
Toolbar: HKLM-x32 - MapsGalaxy - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (MindSpark)
Toolbar: HKLM-x32 - Search Results Toolbar - {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll (Ask.com)
Toolbar: HKLM-x32 - Dogpile Bundle Toolbar - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
Toolbar: HKLM-x32 - Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
Toolbar: HKLM-x32 - Amazon Browser Bar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
Toolbar: HKLM-x32 - Ask Toolbar - {4641532D-5636-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\FAS-V6\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} -  No File
Toolbar: HKCU - No Name - {C98D5B61-B0EA-4D48-9839-1079D352D880} -  No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
cmd: netsh winsock reset catalog
FF Plugin-x32: @ei.FestiveBar_3g.com/Plugin - C:\Program Files (x86)\FestiveBar_3gEI\Installr\1.bin\NP3gEISB.dll (FestiveBar)
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 - C:\Program Files (x86)\FantastiGames\npExentCtl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @FilmFanatic.com/Plugin - C:\Program Files (x86)\FilmFanatic\bar\1.bin\NPpaStub.dll (MindSpark)
FF Plugin-x32: @HeadlineAlley_29.com/Plugin - C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\NP29Stub.dll (MindSpark)
FF Plugin-x32: @MapsGalaxy_39.com/Plugin - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll (MindSpark)
FF Plugin-x32: @MarineAquarium3Free_57.com/Plugin - C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\NP57Stub.dll (MindSpark)
FF Plugin-x32: @TelevisionFanatic.com/Plugin - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark)
FF Plugin-x32: @UtilityChest_49.com/Plugin - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll (MindSpark)
FF Plugin-x32: @VideoScavenger_1e.com/Plugin - C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\NP1eStub.dll (MindSpark)
FF Plugin-x32: www.exent.com/GameTreatWidget - C:\Program Files (x86)\FantastiGames\NPGameTreatPlugin.dll No File
FF Plugin HKCU: www.exent.com/GameTreatWidget - C:\Program Files (x86)\FantastiGames\npGameTreatWidget.dll (Exent Technologies Ltd.)
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox [2012-12-11]
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox [2012-12-11]
FF HKLM-x32\...\Firefox\Extensions: [64ffxtbr@TelevisionFanatic.com] - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin
FF Extension: TelevisionFanatic - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin [2012-04-10]
FF HKLM-x32\...\Firefox\Extensions: [paffxtbr@FilmFanatic.com] - C:\Program Files (x86)\FilmFanatic\bar\1.bin
FF Extension: FilmFanatic - C:\Program Files (x86)\FilmFanatic\bar\1.bin [2012-07-02]
FF HKLM-x32\...\Firefox\Extensions: [29ffxtbr@HeadlineAlley_29.com] - C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin
FF Extension: HeadlineAlley - C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin [2012-07-03]
FF HKLM-x32\...\Firefox\Extensions: [57ffxtbr@MarineAquarium3Free_57.com] - C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin
FF Extension: Marine Aquarium Lite - C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin [2012-07-09]
FF HKLM-x32\...\Firefox\Extensions: [49ffxtbr@UtilityChest_49.com] - C:\Program Files (x86)\UtilityChest_49\bar\1.bin
FF Extension: Utility Chest - C:\Program Files (x86)\UtilityChest_49\bar\1.bin [2012-08-15]
FF HKLM-x32\...\Firefox\Extensions: [1effxtbr@VideoScavenger_1e.com] - C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin
FF Extension: VideoScavenger - C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin [2012-08-28]
FF HKLM-x32\...\Firefox\Extensions: [39ffxtbr@MapsGalaxy_39.com] - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin
FF Extension: MapsGalaxy - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin [2012-09-04]
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox [2012-12-11]
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox [2012-12-11]
FF HKCU\...\Firefox\Extensions: [games@acandy.com] - C:\Users\Sample\AppData\Local\ArcadeCandy\games@acandy.com
FF Extension: ArcadeCandy - C:\Users\Sample\AppData\Local\ArcadeCandy\games@acandy.com [2013-07-09]
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF Extension: No Name - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013-02-08]
FF HKCU\...\Firefox\Extensions: [{6013E7AC-CCA6-4207-90E0-97EDA12F2359}] - C:\Users\Sample\AppData\Local\FizzPlatinum\{6013E7AC-CCA6-4207-90E0-97EDA12F2359}\
FF Extension: PlayFizz Platinum Content Add-on - C:\Users\Sample\AppData\Local\FizzPlatinum\{6013E7AC-CCA6-4207-90E0-97EDA12F2359}\ []
R2 24x7HelpSvc; C:\Program Files (x86)\24x7Help\App24x7Svc.exe [342168 2012-11-30] (PCRx.com, LLC)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [169096 2013-02-15] (APN LLC.)
R2 FilmFanaticService; C:\Program Files (x86)\FilmFanatic\bar\1.bin\pabarsvc.exe [42504 2012-07-02] (COMPANYVERS_NAME)
R2 HeadlineAlley_29Service; C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\29barsvc.exe [42504 2012-07-03] (COMPANYVERS_NAME)
R2 IB Updater; C:\Program Files\IB Updater\ExtensionUpdaterService.exe [188760 2013-01-29] ()
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1455408 2013-04-07] ()
R2 MapsGalaxy_39Service; C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe [42504 2012-09-04] (COMPANYVERS_NAME)
R2 MarineAquarium3Free_57Service; C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57barsvc.exe [42504 2012-07-09] (COMPANYVERS_NAME)
R2 TelevisionFanaticService; C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe [42504 2012-04-10] (COMPANYVERS_NAME)
R2 Updater Service for AMZN; C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [222368 2012-05-22] ()
R2 UtilityChest_49Service; C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49barsvc.exe [42504 2012-08-15] (COMPANYVERS_NAME)
R2 VideoScavenger_1eService; C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebarsvc.exe [42504 2012-08-28] (COMPANYVERS_NAME)
S3 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2013-01-09] (Wajam)
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{8a768225-5e1d-ab58-6104-6a1e73a35887}\   \...\???\{8a768225-5e1d-ab58-6104-6a1e73a35887}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
R2 X5XSEx_Pr143; C:\Program Files (x86)\FantastiGames\X5XSEx_Pr143.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
S2 X5XSEx; \??\C:\Program Files (x86)\FantastiGames\X5XSEx.Sys [X]
2014-06-02 10:09 - 2013-03-06 13:33 - 00000266 _____ () C:\Windows\Tasks\PlayFizz.job
2014-06-02 09:22 - 2012-09-14 14:34 - 00000274 _____ () C:\Windows\Tasks\CandyUpdater.job
2014-05-28 15:17 - 2013-11-08 15:14 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Ysxawaef
2014-05-28 15:17 - 2013-11-08 14:54 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Yfcievha
2014-05-28 15:16 - 2013-11-08 15:43 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Sakeroxe
2014-05-28 15:16 - 2013-11-08 15:39 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Azydca
2014-05-28 15:16 - 2013-11-08 15:38 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Qogadeu
2014-05-28 15:16 - 2013-11-08 15:26 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Pubedu
2014-05-28 15:16 - 2013-11-08 15:24 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Kigauhm
2014-05-28 15:16 - 2013-11-08 15:22 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Asmila
2014-05-28 15:16 - 2013-11-08 15:18 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Qeryokgi
2014-05-28 15:16 - 2013-11-08 15:09 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Uwirpiy
2014-05-28 15:16 - 2013-11-08 15:08 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Aruhmizu
2014-05-28 15:16 - 2013-11-08 15:07 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Tobaoza
2014-05-28 15:16 - 2013-11-08 14:58 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Enzyuhif
2014-05-28 15:16 - 2013-11-08 14:53 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Abxerev
2014-05-28 15:16 - 2013-11-08 14:49 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Oxlaetib
2014-05-28 15:16 - 2013-11-08 14:49 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Nuzuebb
2014-05-28 15:16 - 2013-11-08 14:48 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Ekgynyi
2014-05-28 15:16 - 2012-02-06 11:25 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Temp
C:\Users\Sample\AppData\Local\Strongvault
C:\Users\Sample\AppData\Local\Strongvault Online Backup
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe.lnk
2014-05-28 15:13 - 2013-02-14 08:27 - 00000000 ____D () C:\Program Files (x86)\Yontoo
C:\Users\Sample\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Users\Public\AlexaNSISPlugin.6188.dll
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
Task: {260A96DA-D720-4A59-97C8-AC62784F3260} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-05-04] () <==== ATTENTION
Task: {53101298-9B51-4264-8746-A8A664EA8BD2} - System32\Tasks\PlayFizz => C:\Users\Sample\AppData\Local\FizzPlatinum\Updater.exe [2013-02-15] ()
Task: {65775FDD-3E21-43AF-9207-72B0B5F681AD} - System32\Tasks\CandyUpdater => C:\Users\Sample\AppData\Local\ArcadeCandy\candyUpdater.exe [2013-09-26] ()
Task: C:\Windows\Tasks\CandyUpdater.job => C:\Users\Sample\AppData\Local\ArcadeCandy\candyUpdater.exe
Task: C:\Windows\Tasks\PlayFizz.job => C:\Users\Sample\AppData\Local\FizzPlatinum\Updater.exe
Task: C:\Windows\Tasks\Security Center Update - 2854487534.job => C:\Users\Sample\AppData\Roaming\Koaqolq\ablyzo.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 3393306516.job => C:\Users\Sample\AppData\Roaming\Udceyvwa\yryqwu.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 4232005664.job => C:\Users\Sample\AppData\Roaming\Exynuz\ruwya.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 775831282.job => C:\Users\Sample\AppData\Roaming\Zepayv\igreen.exe <==== ATTENTION
C:\Users\Sample\AppData\Local\Temp
end
*****************

C:\Program Files (x86)\24x7Help\App24x7Svc.exe => No running process found
C:\Program Files (x86)\24x7Help\App24x7Help.exe => No running process found
"C:\Program Files (x86)\24x7Help" => File/Directory not found.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe => No running process found
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe => No running process found
"C:\Program Files (x86)\AskPartnerNetwork" => File/Directory not found.
C:\Program Files (x86)\FilmFanatic\bar\1.bin\pabarsvc.exe => No running process found
C:\Program Files (x86)\FilmFanatic\bar\1.bin\pabrmon.exe => No running process found
"C:\Program Files (x86)\FilmFanatic" => File/Directory not found.
C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\29barsvc.exe => No running process found
C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\29brmon.exe => No running process found
"C:\Program Files (x86)\HeadlineAlley_29" => File/Directory not found.
C:\Program Files\IB Updater\ExtensionUpdaterService.exe => No running process found
"C:\Program Files\IB Updater" => File/Directory not found.
C:\Windows\System32\dmwu.exe => No running process found
"C:\Windows\System32\dmwu.exe" => File/Directory not found.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe => No running process found
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe => No running process found
"C:\Program Files (x86)\MapsGalaxy_39" => File/Directory not found.
C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57barsvc.exe => No running process found
C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57brmon.exe => No running process found
"C:\Program Files (x86)\MarineAquarium3Free_57" => File/Directory not found.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe => No running process found
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe => No running process found
"C:\Program Files (x86)\TelevisionFanatic" => File/Directory not found.
C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe => No running process found
"C:\Program Files (x86)\Amazon Browser Bar" => File/Directory not found.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49barsvc.exe => No running process found
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49brmon.exe => No running process found
"C:\Program Files (x86)\UtilityChest_49" => File/Directory not found.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebarsvc.exe => No running process found
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebrmon.exe => No running process found
"C:\Program Files (x86)\VideoScavenger_1e" => File/Directory not found.
C:\Windows\SysWOW64\jmdp\stij.exe => No running process found
"C:\Windows\SysWOW64\jmdp" => File/Directory not found.
C:\Program Files (x86)\FantastiGames\GPlayer.exe => No running process found
C:\Program Files (x86)\FantastiGames => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TelevisionFanatic Search Scope Monitor => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TelevisionFanatic Browser Plugin Loader => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\FilmFanatic Search Scope Monitor => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\FilmFanatic Browser Plugin Loader => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HeadlineAlley Search Scope Monitor => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HeadlineAlley_29 Browser Plugin Loader => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Marine Aquarium Lite Search Scope Monitor => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MarineAquarium3Free_57 Browser Plugin Loader => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Utility Chest Search Scope Monitor => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UtilityChest_49 Browser Plugin Loader => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\VideoScavenger Search Scope Monitor => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\VideoScavenger_1e Browser Plugin Loader => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MapsGalaxy Search Scope Monitor => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MapsGalaxy_39 Browser Plugin Loader => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\24x7HELP => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => Value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value not found.
HKU\S-1-5-21-1455662546-804498140-2904831263-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ddodated => Value deleted successfully.
"C:\ProgramData\convures64.dll" => File/Directory not found.
HKU\S-1-5-21-1455662546-804498140-2904831263-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value not found.
HKU\S-1-5-21-1455662546-804498140-2904831263-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKU\S-1-5-21-1455662546-804498140-2904831263-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BackgroundContainerV2 => Value not found.
C:\Users\Sample\AppData\Local\Conduit => Moved successfully.
"C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll" => Value Data not found.
" C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll" => Value Data not found.
"C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll" => Value Data not found.
" C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll" => Value Data not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{D8278076-BC68-4484-9233-6E7F1628B56C} => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} => Value not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{327f75ed-061b-4339-8cc6-5dd45ad1396d} => Value not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{26842a09-ffa8-4e2c-ae12-0c80f01c3295} => Value not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{57dc49cc-5a9f-446c-bcf8-65c52b7060a6} => Value not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{08f9937e-0a4f-48cf-94e7-827223daec1d} => Value not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{796b75f6-6187-47e2-8f1f-c16e059e6e19} => Value not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0696f815-a3a9-490a-bb14-9ec3350b1276} => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{14511195-910F-4B23-956D-510AF2A2CF5B} => Key deleted successfully.
HKCR\CLSID\{14511195-910F-4B23-956D-510AF2A2CF5B} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{68FED835-C52D-4A2A-B925-C8A1916C4F67} => Key deleted successfully.
HKCR\CLSID\{68FED835-C52D-4A2A-B925-C8A1916C4F67} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf} => Key deleted successfully.
HKCR\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} => Key deleted successfully.
HKCR\CLSID\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} => Key deleted successfully.
HKCR\CLSID\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key deleted successfully.
HKCR\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EFD0B20D-0D6E-4C25-9733-D2174B9288B8} => Key deleted successfully.
HKCR\CLSID\{EFD0B20D-0D6E-4C25-9733-D2174B9288B8} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087} => Key not found.
HKCR\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0} => Key not found.
HKCR\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0} => Key not found.
"C:\Program Files (x86)\Searchqu Toolbar" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06e05b40-77fa-40b6-9077-ed1a7577b1ef} => Key not found.
HKCR\Wow6432Node\CLSID\{06e05b40-77fa-40b6-9077-ed1a7577b1ef} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074d3229-0a22-491b-b9dd-ff3171d75f25} => Key not found.
HKCR\Wow6432Node\CLSID\{074d3229-0a22-491b-b9dd-ff3171d75f25} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0eeaa2c3-0cd7-4364-b82e-f9257081c860} => Key not found.
HKCR\Wow6432Node\CLSID\{0eeaa2c3-0cd7-4364-b82e-f9257081c860} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e91a655-bb4b-4693-a05e-2edebc4c9d89} => Key not found.
HKCR\Wow6432Node\CLSID\{1e91a655-bb4b-4693-a05e-2edebc4c9d89} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087} => Key not found.
HKCR\Wow6432Node\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{348bd83c-b2cd-4319-a605-c96bb458dd80} => Key not found.
HKCR\Wow6432Node\CLSID\{348bd83c-b2cd-4319-a605-c96bb458dd80} => Key deleted successfully.
"C:\Program Files (x86)\toolbar2" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{433ae6bf-a1fd-4a51-858e-6c26c7cd64db} => Key not found.
HKCR\Wow6432Node\CLSID\{433ae6bf-a1fd-4a51-858e-6c26c7cd64db} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4641532D-5636-006A-76A7-7A786E7484D7} => Key not found.
HKCR\Wow6432Node\CLSID\{4641532D-5636-006A-76A7-7A786E7484D7} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58f7b5ca-1162-42e8-8bbc-d543b4edd780} => Key not found.
HKCR\Wow6432Node\CLSID\{58f7b5ca-1162-42e8-8bbc-d543b4edd780} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d79f641-c168-40df-a32f-bacea7509e75} => Key not found.
HKCR\Wow6432Node\CLSID\{5d79f641-c168-40df-a32f-bacea7509e75} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{631acb68-57c3-48af-9cc5-fcec0837ffd3} => Key not found.
HKCR\Wow6432Node\CLSID\{631acb68-57c3-48af-9cc5-fcec0837ffd3} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} => Key not found.
HKCR\Wow6432Node\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} => Key not found.
"C:\Program Files (x86)\Incredibar.com" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71c1d63a-c944-428a-a5bd-ba513190e5d2} => Key not found.
HKCR\Wow6432Node\CLSID\{71c1d63a-c944-428a-a5bd-ba513190e5d2} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{757FAD76-20D9-4973-BD64-9208ED0A0624} => Key not found.
HKCR\Wow6432Node\CLSID\{757FAD76-20D9-4973-BD64-9208ED0A0624} => Key not found.
"C:\Users\Sample\AppData\Local\FizzPlatinum" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7} => Key not found.
HKCR\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c8de6c1-88f6-4515-9e81-6a280bb35349} => Key not found.
HKCR\Wow6432Node\CLSID\{9c8de6c1-88f6-4515-9e81-6a280bb35349} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} => Key not found.
HKCR\Wow6432Node\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} => Key not found.
"C:\Program Files (x86)\Wajam" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} => Key not found.
HKCR\Wow6432Node\CLSID\{AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} => Key not found.
"C:\Users\Sample\AppData\Local\ArcadeCandy" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} => Key deleted successfully.
C:\Users\Sample\AppData\LocalLow\Produtools_Manuals_2.1 => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F} => Key not found.
HKCR\Wow6432Node\CLSID\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F} => Key not found.
"C:\Program Files (x86)\Dogpile Bundle Toolbar" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c6549209-1ff1-4a5c-a815-981f64f34b19} => Key not found.
HKCR\Wow6432Node\CLSID\{c6549209-1ff1-4a5c-a815-981f64f34b19} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb41fc95-f1b3-4797-8bb6-1012ff62abba} => Key not found.
HKCR\Wow6432Node\CLSID\{cb41fc95-f1b3-4797-8bb6-1012ff62abba} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d047fe10-dfe2-45cf-9fbf-966b9e64920f} => Key not found.
HKCR\Wow6432Node\CLSID\{d047fe10-dfe2-45cf-9fbf-966b9e64920f} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5e9b421-c309-41de-9014-800a2adcdeb0} => Key not found.
HKCR\Wow6432Node\CLSID\{d5e9b421-c309-41de-9014-800a2adcdeb0} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712} => Key not found.
HKCR\Wow6432Node\CLSID\{F443A627-5009-4323-9C1D-7FD598D0D712} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{c98d5b61-b0ea-4d48-9839-1079d352d880} => Value not found.
HKCR\Wow6432Node\CLSID\{c98d5b61-b0ea-4d48-9839-1079d352d880} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{0b84b4b4-8af8-4f1f-91fe-074a666f6425} => Value not found.
HKCR\Wow6432Node\CLSID\{0b84b4b4-8af8-4f1f-91fe-074a666f6425} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8f61e414-ea79-4559-8bb6-61d956f70306} => Value not found.
HKCR\Wow6432Node\CLSID\{8f61e414-ea79-4559-8bb6-61d956f70306} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{07189b84-b33b-4a1e-9b32-ad203c983c20} => Value not found.
HKCR\Wow6432Node\CLSID\{07189b84-b33b-4a1e-9b32-ad203c983c20} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} => Value not found.
HKCR\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{cf67755f-9265-449c-87cf-b945519e073b} => Value not found.
HKCR\Wow6432Node\CLSID\{cf67755f-9265-449c-87cf-b945519e073b} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value not found.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{acf7da4c-eeb2-484a-a3a1-303d4054d50c} => Value not found.
HKCR\Wow6432Node\CLSID\{acf7da4c-eeb2-484a-a3a1-303d4054d50c} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{364ea597-e728-4ce4-bb4a-ed846ef47970} => Value not found.
HKCR\Wow6432Node\CLSID\{364ea597-e728-4ce4-bb4a-ed846ef47970} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{348bd83c-b2cd-4319-a605-c96bb458dd80} => Value not found.
HKCR\Wow6432Node\CLSID\{348bd83c-b2cd-4319-a605-c96bb458dd80} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{C80BDEB2-8735-44C6-BD55-A1CCD555667A} => Value not found.
HKCR\Wow6432Node\CLSID\{C80BDEB2-8735-44C6-BD55-A1CCD555667A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{F9639E4A-801B-4843-AEE3-03D9DA199E77} => Value not found.
HKCR\Wow6432Node\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EA582743-9076-4178-9AA6-7393FDF4D5CE} => Value not found.
HKCR\Wow6432Node\CLSID\{EA582743-9076-4178-9AA6-7393FDF4D5CE} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4641532D-5636-006A-76A7-7A786E7484D7} => Value not found.
HKCR\Wow6432Node\CLSID\{4641532D-5636-006A-76A7-7A786E7484D7} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} => Value deleted successfully.
HKCR\CLSID\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C98D5B61-B0EA-4D48-9839-1079D352D880} => Value not found.
HKCR\CLSID\{C98D5B61-B0EA-4D48-9839-1079D352D880} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll

=========  netsh winsock reset catalog =========

The following helper DLL cannot be loaded: WSHELPER.DLL.
The following command was not found: winsock reset catalog.

========= End of CMD: =========

HKLM\Software\Wow6432Node\MozillaPlugins\@ei.FestiveBar_3g.com/Plugin => Key deleted successfully.
C:\Program Files (x86)\FestiveBar_3gEI\Installr\1.bin\NP3gEISB.dll => Moved successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0 => Key not found.
C:\Program Files (x86)\FantastiGames\npExentCtl.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@FilmFanatic.com/Plugin => Key not found.
C:\Program Files (x86)\FilmFanatic\bar\1.bin\NPpaStub.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@HeadlineAlley_29.com/Plugin => Key not found.
C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\NP29Stub.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@MapsGalaxy_39.com/Plugin => Key not found.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@MarineAquarium3Free_57.com/Plugin => Key not found.
C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\NP57Stub.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@TelevisionFanatic.com/Plugin => Key not found.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@UtilityChest_49.com/Plugin => Key not found.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@VideoScavenger_1e.com/Plugin => Key not found.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\NP1eStub.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\www.exent.com/GameTreatWidget => Key not found.
C:\Program Files (x86)\FantastiGames\NPGameTreatPlugin.dll not found.
HKCU\Software\MozillaPlugins\www.exent.com/GameTreatWidget => Key deleted successfully.
C:\Program Files (x86)\FantastiGames\npGameTreatWidget.dll not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} => Value deleted successfully.
C:\Program Files\IB Updater\Firefox not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} => Value deleted successfully.
C:\Program Files\IB Updater\Firefox not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\64ffxtbr@TelevisionFanatic.com => Value not found.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\paffxtbr@FilmFanatic.com => Value not found.
C:\Program Files (x86)\FilmFanatic\bar\1.bin not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\29ffxtbr@HeadlineAlley_29.com => Value not found.
C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\57ffxtbr@MarineAquarium3Free_57.com => Value not found.
C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\49ffxtbr@UtilityChest_49.com => Value not found.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\1effxtbr@VideoScavenger_1e.com => Value not found.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\39ffxtbr@MapsGalaxy_39.com => Value not found.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} => Value deleted successfully.
C:\Program Files\IB Updater\Firefox not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} => Value deleted successfully.
C:\Program Files\IB Updater\Firefox not found.
HKCU\Software\Mozilla\Firefox\Extensions\\games@acandy.com => Value not found.
C:\Users\Sample\AppData\Local\ArcadeCandy\games@acandy.com not found.
HKCU\Software\Mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2} => Value deleted successfully.
C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi not found.
HKCU\Software\Mozilla\Firefox\Extensions\\{6013E7AC-CCA6-4207-90E0-97EDA12F2359} => Value not found.
C:\Users\Sample\AppData\Local\FizzPlatinum\{6013E7AC-CCA6-4207-90E0-97EDA12F2359}\ not found.
24x7HelpSvc => Service not found.
APNMCP => Service not found.
FilmFanaticService => Service not found.
HeadlineAlley_29Service => Service not found.
IB Updater => Service not found.
IBUpdaterService => Service not found.
MapsGalaxy_39Service => Service not found.
MarineAquarium3Free_57Service => Service not found.
TelevisionFanaticService => Service not found.
Updater Service for AMZN => Service not found.
UtilityChest_49Service => Service not found.
VideoScavenger_1eService => Service not found.
WajamUpdater => Service not found.
*etadpug => Service deleted successfully.
X5XSEx_Pr143 => Service not found.
X5XSEx => Service deleted successfully.
"C:\Windows\Tasks\PlayFizz.job" => File/Directory not found.
"C:\Windows\Tasks\CandyUpdater.job" => File/Directory not found.
C:\Users\Sample\AppData\Roaming\Ysxawaef => Moved successfully.
C:\Users\Sample\AppData\Roaming\Yfcievha => Moved successfully.
C:\Users\Sample\AppData\Roaming\Sakeroxe => Moved successfully.
C:\Users\Sample\AppData\Roaming\Azydca => Moved successfully.
C:\Users\Sample\AppData\Roaming\Qogadeu => Moved successfully.
C:\Users\Sample\AppData\Roaming\Pubedu => Moved successfully.
C:\Users\Sample\AppData\Roaming\Kigauhm => Moved successfully.
C:\Users\Sample\AppData\Roaming\Asmila => Moved successfully.
C:\Users\Sample\AppData\Roaming\Qeryokgi => Moved successfully.
C:\Users\Sample\AppData\Roaming\Uwirpiy => Moved successfully.
C:\Users\Sample\AppData\Roaming\Aruhmizu => Moved successfully.
C:\Users\Sample\AppData\Roaming\Tobaoza => Moved successfully.
C:\Users\Sample\AppData\Roaming\Enzyuhif => Moved successfully.
C:\Users\Sample\AppData\Roaming\Abxerev => Moved successfully.
C:\Users\Sample\AppData\Roaming\Oxlaetib => Moved successfully.
C:\Users\Sample\AppData\Roaming\Nuzuebb => Moved successfully.
C:\Users\Sample\AppData\Roaming\Ekgynyi => Moved successfully.
C:\Users\Sample\AppData\Roaming\Temp => Moved successfully.
"C:\Users\Sample\AppData\Local\Strongvault" => File/Directory not found.
"C:\Users\Sample\AppData\Local\Strongvault Online Backup" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe.lnk" => File/Directory not found.
C:\Program Files (x86)\Yontoo => Moved successfully.
C:\Users\Sample\AppData\Local\Google\Desktop\Install => Moved successfully.

"C:\Program Files (x86)\Google\Desktop\Install" directory move:

Could not move "C:\Program Files (x86)\Google\Desktop\Install" directory. => Scheduled to move on reboot.

C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.
C:\Users\Public\AlexaNSISPlugin.6188.dll => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{260A96DA-D720-4A59-97C8-AC62784F3260} => Key not found.
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53101298-9B51-4264-8746-A8A664EA8BD2} => Key not found.
C:\Windows\System32\Tasks\PlayFizz not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PlayFizz => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65775FDD-3E21-43AF-9207-72B0B5F681AD} => Key not found.
C:\Windows\System32\Tasks\CandyUpdater not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CandyUpdater => Key not found.
C:\Windows\Tasks\CandyUpdater.job not found.
C:\Windows\Tasks\PlayFizz.job not found.
C:\Windows\Tasks\Security Center Update - 2854487534.job => Moved successfully.
C:\Windows\Tasks\Security Center Update - 3393306516.job => Moved successfully.
C:\Windows\Tasks\Security Center Update - 4232005664.job => Moved successfully.
C:\Windows\Tasks\Security Center Update - 775831282.job => Moved successfully.
 

Link to post
Share on other sites

That was part 1 because it said my post is too long. Here's part 2 of the scan:

 

"C:\Users\Sample\AppData\Local\Temp" directory move:

C:\Users\Sample\AppData\Local\Temp\1038429291105331.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\103842929111527959.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\103842929111603479.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\103842929113544537.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1038429291150213.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\103842929116371618.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\103842929116680547.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\10384292911980557.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\10384292912039510.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\10384292912246180.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1038429291302829.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\103842929131007663.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\10384292913115355.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1038429291485428.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\103842929166316.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\10384292916872951.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\103842929178109.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\103842929185426.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\103842929189982359.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\103842929190215.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1038429291916615.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\103842929197469.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\11aijin0.0.cs => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\11aijin0.cmdline => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\11aijin0.err => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\11aijin0.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099100386.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009910153075.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009910175914.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099102356405.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099102399.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099102964325.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009910306705.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099103912515.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099104389348.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009910453018.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009910496745.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009910576898.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009910607131.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009910803911.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009910822881.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099108352241.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099109019021.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099110168202.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099112195.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099112679.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099113140707.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009911391801.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009911490035.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099115418135.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009911549097.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009911593697.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099117369317.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100991191832.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009911951345.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100991216355.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099123443.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009912446024.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099124570511.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009912585365.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009912770023.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009912796044.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009912989048.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009913119403.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099131771610.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099132304.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099132897.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009913534958.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009913649213.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099138972835.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009913897723.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009914090665.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009914208508.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009914283248.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009914317771.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099143895.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099144363.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009914472727.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099145268.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009914546094.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009914550587.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009914561741.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099146173935.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009914653501.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009914677822.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099147998.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009914819798.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099148450.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009914879812.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009914993474.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009915045563.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009915091099.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009915289689.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099153375206.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009915403289.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009915552769.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099157342.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009915735555.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099157623.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009915928419.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009915952365.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009916008650.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099160576275.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009916128506.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009916147070.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009916361899.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009916482051.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009916670828.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009916694197.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009916761589.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099167777421.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009916928152.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009916958837.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009916959539.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009916980927.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099170758.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009917103388.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009917173884.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099171944.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009917288327.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009917354175.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009917461971.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009917483546.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099174979129.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009917650171.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009917664164.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009917668969.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009917742711.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099177741189.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009918021329.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009918023029.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099182135145.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099182180276.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009918369897.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009918486212.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009918500969.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099185320046.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099189381376.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009918941719.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099192520615.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009919411594.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099195438.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009919646095.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099196582600.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100991971337.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009919895400.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009919949797.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009919972324.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009919997799.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100992030072.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099203783638.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100992057512.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009921059308.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009921059417.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009921151021.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009921328706.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009921486360.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009921518341.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009921762498.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009921801061.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009921855552.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009921879951.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009922080553.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009922110208.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009922194605.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100992234776.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009922603827.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009922688832.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009922754087.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009922879964.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009922937841.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009923053562.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009923190469.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009923210936.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009923225772.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009923331525.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009923331759.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009923348888.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009923458166.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009923580565.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099236232.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009923884860.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100992402945.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009924131591.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009924183415.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009924206253.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009924304565.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009924377324.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009924473624.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009924553761.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099245935.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009924647081.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009924685379.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009924847979.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009924866902.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009924868805.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009924944513.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099250319.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009925503651.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009925573914.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009925687889.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009925885511.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099261573256.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009926368817.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009926621399.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099268618.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099268774216.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009926970872.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099269725.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009927176076.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009927199975.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009927573270.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099275976298.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009928021211.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009928260595.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099283526637.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009928352791.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009929100317.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099294046.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100992951991.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009929947699.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009930999177.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100993105777.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099328054.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099357010175.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100993602016.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099374012958.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100993863739.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099402342.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099416600.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099430795528.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099432947312.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099440141985.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099447342710.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099454545214.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099459126.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099461745970.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100994621748.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100994751088.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099475959.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100995036819.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099534537.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100995383890.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100995473934.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009955333.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009957392.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100995809836.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100995917804.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099600432.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009962135.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009963679.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009963960.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009964294673.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009966940.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100996696405.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009967002.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100996863201.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009968640.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009968780.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100996917489.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099704069203.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099715105322.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100997268117.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100997271596.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100997273858.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100997275481.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100997276760.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009972899.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100997295807.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100997332452.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100997345010.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100997357724.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009973726.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100997372810.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009974131.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009974428.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100997450592.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009974521.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100997471090.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100997476394.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100997528421.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100997602100.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100997679695.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100997737353.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009977450814.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009977906.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100997791516.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100997871233.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100997875180.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100997878565.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100997889500.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100997925771.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009979697431.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009980402.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009980527.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009982150.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009982323272.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009982524.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100998417330.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099843637.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009985160.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100998535126.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009986752.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009986764979.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009986901589.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009987750.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009988561939.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009988670.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100998946064.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009989989083.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099907021.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100999086621.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100999197038.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100999205447.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100999226367.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009992383.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100999325318.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100999402585.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009994664074.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100999493534.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009995154541.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009995441.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009995763241.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009995940.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1511610099963259.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009996471.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009996711384.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009997051154.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009997187094.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100999728206.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100999744352.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100999781059.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\151161009998609901.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\15116100999902303.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\168257611102133.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761110296596.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761110495606.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761111391458.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1682576111191598.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1682576111216105.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\168257611121665.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\168257611122335.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761112795810.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761113534677.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\168257611148185.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761115160832.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761115289501.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761116128319.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761116172732.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\168257611169775.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761117461691.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761117742414.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1682576111970963.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761121059136.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1682576112234261.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761122537698.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761122879699.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761123073000.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761123453439.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761123929913.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\168257611245420.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761124846092.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\168257611261573022.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1682576112771451.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\168257611293656.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761130998381.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1682576113105543.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\168257611327680.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1682576113915141.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\168257611432939419.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\168257611475584.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1682576115383578.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761157221.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\168257611704068891.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1682576117132568.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761173819.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761175660.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761177189.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1682576117878362.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1682576117924585.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761181853.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1682576118434849.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1682576118534955.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761186761016.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\168257611867724.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761189982359.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761190215.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\168257611906865.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1682576119205275.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1682576119226179.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1682576119493347.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1682576119512457.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761195153777.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761195581.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761196003.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\168257611963087.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\16825761199169476.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1c6yhu8k.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1c6yhu8k.out => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1icmkyw1.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\1icmkyw1.out => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3397051458141539.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3397051458180958492.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\33970514581971150.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3397051458475631.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\339705145887953.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3397051458906896.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\339705145895800.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602102356062.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060210306502.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602103912047.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602104389176.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060210495606.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602111634.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602113140505.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060211391458.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602115417838.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060211951158.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\35906606021216105.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602122382.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060212444714.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060212585177.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060212795826.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060213119060.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602132460.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060213897286.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602141414.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060214313934.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602155532.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060215735399.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060215928279.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060215952194.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060216008338.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060216670656.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602169822.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602171710.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060217461691.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060217483390.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060217664008.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060217668766.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060217742414.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602177741002.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602182134724.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060218494464.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\35906606021970963.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060219997580.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060221150865.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060221800874.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060222194433.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\35906606022234261.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060222937669.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060223053437.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602231692.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060223210780.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060223331353.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060223884720.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060224473452.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060224868649.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060224944357.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602261573022.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060226614550.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602268773576.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602269522.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060226970716.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060230998381.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\35906606023105543.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602327742.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602357009645.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\35906606023599021.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602432940058.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602447342289.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602454544808.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602458923.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\35906606024621467.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\35906606024750932.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602475600.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602534209.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\35906606025383578.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060254740.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\35906606025809602.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060263539.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060264284174.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060265395.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060266643.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060266690.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\35906606026696264.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060268344.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602704068907.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\35906606027267930.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\35906606027273671.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\35906606027332296.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060273336.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\35906606027371359.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060273850.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060274038.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\35906606027470950.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\35906606027528265.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060275722.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060277189.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\35906606027791376.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\35906606027878362.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\35906606027924585.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060279696433.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060281884.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602843247.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060284708.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\35906606028534955.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060286761110.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060287438.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060287812.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060288218.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060289982390.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\35906606029196867.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\35906606029226179.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060295145.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060295153777.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060295581.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\3590660602963087.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060296698764.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060297050905.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\35906606029727988.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\359066060298609589.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819101853.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819103024433.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819103647.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819104389192.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819105441.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819107203.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181910803662.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819108155.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181910826609.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819109138.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181911395935.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819115422737.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181911554042.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819116095.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181911720308.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819117429425.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318191196356.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318191221347.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181912449612.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181912994290.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819131831733.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819131961.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819132647.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181913539545.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819139683.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181914479950.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181914487532.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181914487766.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181914503693.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181914504692.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181914532834.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181914537499.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181914621833.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819146234089.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181914823917.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181914826506.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181914868268.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181914955301.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181915059665.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181915166822.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819152366.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181915251000.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819152584.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181915293589.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819152990.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819153130.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819153270.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181915408109.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181915433241.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181915559929.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181915936172.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181915957170.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819160636351.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181916132312.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181916205321.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181916354832.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181916366610.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181916488915.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181916877857.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181916920289.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181916963470.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181916963501.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819170493.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181917178221.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181917292991.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181917360212.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181917466558.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819175039205.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181917654414.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181917671777.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181917675927.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819176764.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181917747110.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819177746478.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819181085.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819182139560.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181918374718.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181918392190.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181918490907.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181918494370.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819189441483.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819191787.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819192151095.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181919417272.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819195375.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318192008590.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819201147.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318192034596.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819203843792.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318192062286.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819206982.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181921063800.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181921268411.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181921813073.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181922114280.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181922329764.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318192240907.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181922971974.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181922997916.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181923065278.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181923181779.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181923408964.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181923820822.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318192408546.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181924127348.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819241988.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181924243491.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181924364657.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181924478600.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181924651761.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181924852862.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181925508331.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819257573.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181925890128.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819261577890.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181926373466.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819265248.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181926975770.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181927180568.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819273422.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181927393962.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181927569339.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819276038153.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181928889778.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181928907827.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181929356190.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318192956499.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181929946700.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819307571.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181931004824.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318193110347.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819333623.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819357014091.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819374254931.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318193868590.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819406460.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819421311.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318194217237.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819430787775.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819432942975.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819447343755.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819461745565.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318194626303.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819466817.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318194755815.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819480436.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318195041546.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318195388461.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819543913.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318195478287.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819548000.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318195819617.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318195922843.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819604753.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181961635.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181962556.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181964283955.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318196466927.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181966721.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318196868006.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181969233.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181969280.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318196977550.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819704073462.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181970793.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181971245.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819715113965.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181974240.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819766323.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318197877176.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318197879672.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318197928579.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181979712158.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318198020541.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181980621.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181980668.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181981650.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181981853.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181982236457.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181982327936.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181983288.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819848317.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318198541288.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181988566463.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318198950697.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181989982375.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318199092455.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819911607.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318199201687.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318199231374.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181992492.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181992882.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181993397.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318199498214.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181995158628.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181995550.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181996696595.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181996814.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181997055725.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181997843.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318199785817.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181998613645.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181998904.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\41530318199908169.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\415303181999438001.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\4153031819997657.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\7RXGO09O.emf => Moved successfully.

Link to post
Share on other sites

part 3:

 

Could not move "C:\Users\Sample\AppData\Local\Temp\AdobeARM.log" => Scheduled to move on reboot.

C:\Users\Sample\AppData\Local\Temp\AdobeARM_NotLocked.log => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\APNSetup.exe => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ArmUI.ini => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\aro.exe => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\atstpip.exe => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\au-descriptor-1.7.0_40-b43.xml => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\au-descriptor-1.7.0_45-b18.xml => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\au-descriptor-1.7.0_51-b13.xml => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\au-descriptor-1.7.0_55-b13.xml => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\au-descriptor-1.7.0_55-b14.xml => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\AUCHECK_PARSER.txt => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\bndk2aao.out => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\bp7mtp0s.out => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm1041.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm1061.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm118E.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm11DD.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm120E.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm123E.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm124B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm133D.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm138F.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm139B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm13CE.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm15D2.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm1611.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm16E2.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm1BD6.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm1C38.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm1C54.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm1C97.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm1D4B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm1DC8.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm1E2B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm1F69.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm1F7A.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm2747.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm2786.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm31C4.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm39AB.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm3B45.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm3B94.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm4367.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm43D5.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm4486.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm4523.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm4562.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm47BC.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm47FB.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm48BB.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm48EA.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm4C0C.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm4C5B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm5.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm520B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm523B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm536B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm53AA.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm5429.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm54B7.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm565E.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm5685.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm56AD.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm56D4.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm5E45.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm5E85.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm62B6.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm62E5.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm63E7.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm6427.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm664A.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm664F.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm668F.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm6700.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm6740.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm6946.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm6976.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm6D78.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm6E7E.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm6EBD.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm71CF.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm725C.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm73F1.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm784B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm7858.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm787B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm78B6.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm7AEB.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm7B2B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm7DBC.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm7E0B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm8336.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm83A4.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm8B52.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm8BA1.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm8CC4.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm8CF4.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm8FFE.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm90BA.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm92E1.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm9AA8.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm9AD8.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm9D2D.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm9D5C.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm9D7C.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdm9E09.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmA061.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmA146.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmA188.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmA206.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmA315.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmA345.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmA70E.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmA79B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmABBB.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmABFA.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmB7EA.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmB842.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmB877.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmBAB9.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmBAF8.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmBF22.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmBF71.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmC019.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmC03A.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmC62E.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmC66D.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmCD7E.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmCE1B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmCEDD.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmCF4C.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmD0DF.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmD4A8.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmD4B1.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmD613.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmD662.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmD79A.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmD995.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmDD5.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmE121.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmE25C.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmE27.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmE2CA.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmE332.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmE48A.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmE53.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmE63.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmE956.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmEB2.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmEE37.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmEEC4.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmEF03.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmF0E2.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmF112.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmF12.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmFBED.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmFC3C.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmFE6D.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmFEAC.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmFF47.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmFF89.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmFFA6.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\cdmFFB9.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\CVR16C3.tmp.cvr => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\CVR1E3D.tmp.cvr => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\CVR2715.tmp.cvr => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\CVR3DDE.tmp.cvr => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\CVR6158.tmp.cvr => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\CVR8777.tmp.cvr => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\CVR92F1.tmp.cvr => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\CVR9FE.tmp.cvr => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\CVRAFF2.tmp.cvr => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\CVRB8A8.tmp.cvr => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\CVRDBA.tmp.cvr => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat11EE.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat11EF.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat11F0.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat11F1.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat1367.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat1368.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat1369.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat14ED.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat16AE.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat16BF.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat16C0.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat16D0.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat16D1.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat16E2.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat16E3.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat16F3.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat170.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat1704.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat1705.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat177D.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat1924.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat1A63.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat1A73.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat1A74.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat1A75.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat1A76.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat1A87.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat1B88.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat1B98.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat1BA9.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat1BB9.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat1C18.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat1C29.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat1C39.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat1CB7.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat1CC8.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat1CD8.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat1D92.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat1DA3.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat1EEB.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat1FBD.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat1FBE.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat1FBF.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat2237.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat22B5.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat241D.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat25E7.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat277E.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat2B54.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat2BC2.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat2DDA.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat2FDF.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat2FEF.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat30.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat33E5.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3440.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3450.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3461.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3462.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3472.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3473.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat34A3.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3920.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat39C4.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat39C5.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat39F5.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3E18.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3E29.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3E39.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3EBD.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3ECD.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3ECE.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3ECF.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3ED0.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3EE1.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3EE2.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3EE3.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3F0B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3F0C.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3F1A.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3F1D.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3F2A.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3F3B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3F3C.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3F4C.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3F4D.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3F4E.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3F5D.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3F5E.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat3F5F.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat400C.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat42DE.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat42EF.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat42F0.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat42F1.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat42F2.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat4302.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat434F.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat4360.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat4371.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat4381.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat4392.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat43A2.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat43C3.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat43D3.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat46AA.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat46D1.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat49ED.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat49FD.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat49FE.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat49FF.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat4A00.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat4A11.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat4BD5.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat4BE1.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat4BE2.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat4BE6.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat4C06.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat4C36.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat4EFF.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat4FA0.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat4FB0.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat4FC1.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat4FC2.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5359.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat53F5.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat578E.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat579F.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat57A3.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat57AF.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat57CF.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat57F0.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat57F2.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5800.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5811.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5854.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat58D2.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5A15.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5A66.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5A67.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5A78.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5A89.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5AC8.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5AD9.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5ADA.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5ADB.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5ADC.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5B8B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5B9C.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5B9D.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5B9E.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5BAE.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5BAF.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5BB0.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5BB1.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5DC8.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5DC9.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5DCA.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5DDB.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5DDC.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5DEC.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5DED.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5E42.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5E67.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5E68.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5E69.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5E7A.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5EB2.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5F.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5FF0.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5FF1.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat5FF2.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat61AD.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat61AE.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat644E.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat656E.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat656F.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat6580.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat6581.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat6582.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat6583.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat6593.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat6594.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat66DD.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat6C42.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat6C43.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat6C53.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat6C54.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat6C55.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat6C56.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat6C67.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat6C68.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat6D25.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat6D72.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat6D96.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat754E.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat75D0.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat79F2.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat7A03.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat7B2F.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat7C2A.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat7C3B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat7C5B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat7C6B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat7C7C.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat7C86.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat7C8D.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat7CAD.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat7CBD.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat7CC0.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat7CD0.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat7CED.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat7CFE.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat7D0E.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat7D1F.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat7D30.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat7D40.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat7DAC.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat7DBC.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat7FE.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat8140.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat8151.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat8709.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat870A.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat870B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat871C.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat88B5.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat88C5.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat88D6.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat88D7.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat88E7.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat88E8.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat88E9.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat88FA.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat890B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat890C.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat8C8A.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat8CB9.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat8D84.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat8FD5.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat8FDB.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat8FDC.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat8FDD.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat8FE6.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat8FE7.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat8FE8.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat8FEE.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat8FEF.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat8FF8.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat8FFF.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9000.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9009.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat900A.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9011.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat90A7.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat90A8.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat90B8.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat90B9.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat90DD.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat910F.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9110.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9120.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9121.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9122.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9123.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9134.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9135.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9136.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9147.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9148.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9149.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9159.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat915A.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat915B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat915C.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat915D.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat916E.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat916F.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9170.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9171.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9172.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9173.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9183.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9184.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9185.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9186.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9197.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9A52.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9A57.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9A58.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9A59.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9A63.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9A64.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9A65.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9A6A.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9A6B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9A76.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9A77.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9A78.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9AB7.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9AB8.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9AB9.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9AC9.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9AE9.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9AEA.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9AEB.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9AFC.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9AFD.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9B59.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9B5A.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9B5B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9B6C.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9B6D.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9B6E.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9B7F.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9B80.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\dat9CC8.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA048.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA12F.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA130.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA141.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA142.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA191.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA192.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA1A2.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA1A3.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA1A4.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA1DE.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA1EF.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA1F0.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA1FE.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA1FF.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA210.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA220.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA3AE.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA3AF.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA3B0.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA3BE.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA3BF.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA3C1.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA3C2.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA3C3.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA3C4.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA3D0.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA3E0.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA3E1.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA3F2.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA3F3.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA404.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA414.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datA45B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datACA7.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datACB8.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datACC8.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datACC9.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datACCA.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datACDB.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datACDC.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datACDD.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datAF7D.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datAFDE.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB0C9.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB312.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB313.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB324.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB325.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB326.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB336.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB337.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB338.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB339.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB34A.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB34B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB34C.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB35C.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB35D.tmp => Moved successfully.

Link to post
Share on other sites

part 4:

 

C:\Users\Sample\AppData\Local\Temp\datB35E.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB35F.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB370.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB371.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB372.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB373.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB374.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB385.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB386.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB387.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB388.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB389.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB38A.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB38C.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datB39A.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datBCFA.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datBD0B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datBD1B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datBDB8.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datBDB9.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datBDC5.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datBDD5.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datBDF5.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datBE16.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datC1BB.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datC1BC.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datC1CC.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datC2A6.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datC2A7.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datC49B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datC4F4.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datC5EE.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datC5EF.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datC600.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datC601.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datC602.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datC612.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datC7E1.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datC7E2.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datC7F2.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datC7F3.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datC900.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datC97A.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datC97B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datC98C.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datC9D9.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datCAB0.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datCF85.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datD3A4.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datD3A5.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datDC6A.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datDC7B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datDC7C.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datDC8C.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datDD1A.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datDD1B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datDD1C.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datDD6.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datDD68.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datDD69.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datDD6A.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datDD7.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datDE8.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datDF8.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datDFB.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datE0C.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datE310.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datE4D5.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datE4F5.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datE534.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datE5A3.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datEB95.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datEBA6.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datEBA7.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datEBA8.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datEBE5.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datEBF7.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datEBF8.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datEBF9.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datEBFA.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datEC0B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datECEF.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datED5F.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datED70.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datED71.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datED82.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datED83.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datED84.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datED94.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datEE69.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datEE6A.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datEE6B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datEE7B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datF4BE.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datF4BF.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datF4C0.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datF4C1.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datF4D2.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datF4D3.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datF4D4.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datF4E5.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datF5F4.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datF5F5.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datF605.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datF63D.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datF6B0.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datF6D0.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datF75E.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datF77E.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datFBE.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datFC6E.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datFD90.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datFD91.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datFD92.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\datFDB7.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\fla4813.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\fla7309.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\fla8F25.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\flaC98.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\flaEC9D.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\flaF35D.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\flaFDA2.tmp => Moved successfully.
Could not move "C:\Users\Sample\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Sample\AppData\Local\Temp\FXVGC1B2.emf => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\G3PPC7LI.emf => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\G4KLH7X0.htm => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\GIZBAACZ.emf => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Guest.bmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\I0R57ERS.emf => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\installhelper.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\jar_cache2703635307253163277.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\jar_cache2709265806721568272.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\jar_cache5624618856703025390.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\jar_cache6066831178237396706.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\jar_cache8221769001571849427.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\JAUReg.log => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\JavaDeployReg.log => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\java_install.log => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\java_install_reg.log => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\java_install_sp.log => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\jinstall.cfg => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\juninstall_log.html => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\jusched.log => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\LKHQNA6R.emf => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\MSB1CACH.LEX => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\MSI8643e.LOG => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\MSI8643f.LOG => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\MSNE698.exe => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\mssinstaller.exe => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\nsb4933.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\nsjE17C.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\nsm452D.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\nsoA449.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\nstA727.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\nszE3AF.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocv175E.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocv19F7.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocv2272.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocv3BAF.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocv3BB0.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocv4144.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocv41E4.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocv41E5.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocv456.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocv4BD5.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocv67BE.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocv67BF.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocv82B9.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocv8585.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocv8AD8.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocv8F87.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocv8FC0.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocv8FC1.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocv962C.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocvA094.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocvA095.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocvA1B2.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocvA1B3.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocvA605.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocvAC67.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocvAC78.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocvBA59.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocvBA6A.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocvC4C5.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocvC8EC.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocvC9E5.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocvC9E6.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocvF128.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocvF5B8.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocvF9CF.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocvF9D0.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ocvFD95.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\RD5B1A.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Sample.bmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Searchqu.ini => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\searchqutoolbar-manifest.xml => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Set6891.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Setup.log => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SetupDataMngr_Searchqu.exe => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SRAssetsHelper.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\stubinstaller.ini => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\TB_AF22.exe => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\The_Weather_Channel_Application.exe => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Tmp01.icc => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\tmp621D.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Uninstall_2014-06-03-15-58-09-108.log => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Upgrade_2014-06-03-15-58-09-030.log => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\VGXD480.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\VGXD684.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\VGXDCA8.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\VGXDCA9.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\VTH45FA.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\VTH4B3A.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\VTHA71F.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\VTHBCC3.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\VTHBE4B.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\VTHBFB4.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\VTHC1C8.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\wajam_install.exe => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\wcdinst.exe => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\wcrldcsc.0.cs => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\wcrldcsc.cmdline => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\wcrldcsc.err => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\wcrldcsc.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\WERCE49.tmp.WERInternalMetadata.xml => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\wmplog00.sqm => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\wmsetup.log => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\y3usyhjq.out => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\y4tgswfs.out => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF009DDFE94928DBD6.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF01656F73899FA79F.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF01A311ED03F14D0A.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF0421CAE71768801F.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF058C53783B218A68.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF07B0D91B115F2987.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF08B23A89CA28BDFD.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF0C37AC7D3A93E657.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF0D51382D21915971.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF0D792C4F58F642E1.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF0F29353F09951302.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF129887ABFC694DDE.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF1589215153B21F05.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF182988BD7BB52774.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF1CE127429C88139B.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF2040A4141FEC8A1F.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF21CD46228DE9E059.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF253F88D844AB0727.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF26790713F672F0FD.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF269C5FAB80085E4B.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF279A075F91F59233.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF27E917FCA64AA3B6.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF28B241B8FD25C207.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF28F9811DA35B5E83.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF29A9CAE2CBD37F88.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF3224F5DC9BD4FF20.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF32FA060D91D7ACCF.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF33039FE16BA4B734.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF33408883B83F4FE3.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF3437168069031CBA.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF35F84BBF03C439C3.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF3779BFFADFCA92AD.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF388A0CA2B63DBAB6.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF39B561B17F5B7270.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF3AE83AB343698192.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF3B1A552BAD92B824.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF3D7380E4385B8867.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF40ED9CD43C2B0467.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF4276097AB88972E9.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF4470E4DE2CF3161C.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF45152F06510CC06C.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF45F4A2B24086C8F2.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF488150E14594BE6C.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF49BF33E42738D9F9.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF49E2E9601B885015.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF4B2F82A55450AA4F.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF4E3C248BAD12B992.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF4FADCE8D01A22026.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF4FE2FEEA4921F749.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF50FD9EE888B270D4.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF51767BC7F9E119F8.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF5577CC6B1680E9B2.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF58A3FDCFD3970A4D.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF5930BD0504ADFADE.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF5B1ECDEFD88362E9.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF5C9B8B7829BAD40F.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF5D521987DBDE8C2D.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF5D5FD224757D5362.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF60F7EE3417EDD811.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF61076F537061B02D.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF649D365DA5FFBD65.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF64E767155F2EC381.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF66CE2D30D2FD1811.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF6D3EA104A4BE4264.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF6E7BD71D80A0DBF6.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF6F04FDD58A63141B.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF6F85E55FAEBF682F.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF715E7DDB2C2A81E6.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF721BFB5B480ABEE1.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF7259BA3CD7244C4D.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF73E18AC0FEC46C1E.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF7460975D997C4163.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF74E3ECED3EDF9566.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF76C0D6355207B9BF.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF77A0C37086D24C7E.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF78046C4EAE76F086.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF781A5ECF37AED1C2.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF7CE45255F6252FFF.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF7CF90929478E9CFB.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF82467C5A2767743F.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF83A0352749AC9D6A.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF84B598FD24B86E24.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF8649978775A6C671.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF86981D1E32C9BD55.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF8F33B39AB4417CF1.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF90AE2A3454FEED25.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF912F288E602E8D90.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF92291C75B6DE1A88.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF9357B7EDDFFC76BD.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF93D7AFBCDF3AC0B6.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF9467F05AD592DEB4.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF979860D844052120.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF97F50E6375C05B99.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF981F40B3448312D4.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF98E96FA68F22E6BA.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF99BEE14F1510C0CD.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF9B91D4EF42CE4472.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF9BA34BC42CB92A76.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF9D54EFD4EFEE64AF.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF9EB1A8F1B45A6C88.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DF9F85F91E6391A1CC.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFA06793069045EA46.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFA094BC349BC22779.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFA1C6A32B04ACD3EB.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFA3794856DFBA9D0B.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFA4ADA6E7C2034F30.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFA64F5DEA61C7D314.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFAD541E053211C339.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFAE1D90BC47540ADC.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFAFA5940BC63039B4.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFAFBC4F6057136585.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFB0A893CC2D9E62E2.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFB0D8D1D12C8CE392.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFB308CE72DBFF0631.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFB9B232F1BDA9FC57.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFBA98F33BA8DFE87C.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFBB4F178E9BA162C5.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFBE1CD24599AE35D7.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFBE9484095A96A42E.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFC1D242399D52AAE5.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFC41CC71883CCA1BA.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFC5650BC7CDAA29F2.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFC5FDD07B446CCF0B.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFC60A63584938A15E.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFC92E02378A7621D0.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFC99CF0878B0F0468.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFD05E13E04F7953A3.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFD483394B5AA5D850.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFD85F3150227B8B5C.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFD9ABA2AAE68719E6.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFDAF12D93783DD112.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFDC3CCD726F8F61BD.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFDC81BAEF8CF48A5F.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFDCCDCC414F90751D.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFDE9E3DBE3846096D.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFE3118D7EB650989E.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFE47BBCFB64F3A93B.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFEB65E46632942BE5.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFED322A3DA68704BB.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFEE9EF0231DFD5819.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFEEBD79897068419A.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFEED827F38FD3BB73.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFEEF53447FA0637F3.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFF0F90EF5636A4D57.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFF1ADB53C3D360417.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFF51D696D8F236BA1.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFF567723419B13B64.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFF67D25DE731F8EDA.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFF7A01E091EF8A787.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFF90D760CF63C71A5.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFFB94F4D3E4959E67.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFFCEDFDF40F056A90.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFFE2B51C9CEE43D7B.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~DFFFBB5A103750F16E.TMP => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~tmf2352036831966432887.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~tmf2423890773195331471.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~tmf2486988866130683273.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~tmf3841102016472736942.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~tmf4277248289070831013.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~tmf4673586585511682392.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~tmf6380642436678383551.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~tmf7690108487963582011.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~tmf7698953334885546845.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~tmf8618734651838477077.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\~tmf8689546203881387204.tmp => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\desktop.ini => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\11841648348@x86[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\132467453454[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\132467453454[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\160x600[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\2156[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\234x60_OT_3PicSwap_FemaleWinter_15s_130890_0113[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\234x60_OT_3PicSwap_FemaleWinter_15s_130890_0113[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\234x60_OT_3PicSwap_Women_purp_108129_0512[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\234x60_OT_3PicSwap_Women_purp_108129_0512[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\234x60_OT_Button_highlights_Meet50_womanYahoo_123488_1012[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\58616-2[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\58616-9[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\8223[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\admeld_sync[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\adServerESI[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\ajs[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\a_081610[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\ba[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\bc_2.0.5[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\beacon[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\cbcpc[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\cc[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\click[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\desktop.ini => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\displayAd[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\dref=http%253A%252F%252Fwww.freeridegames.com%252Ftf%252Ftfbuster[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\fetch[10].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\fetch[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\fetch[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\fetch[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\fetch[4].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\fetch[5].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\fetch[6].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\fetch[7].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\fetch[8].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\fetch[9].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\freeridegames_direct[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\ga[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\get[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\get[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\glamadapt_jsrv[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\glamadapt_jsrv[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\glamadapt_jsrv[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\globalMacro[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\gplayer_api_defines[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\ibiview[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\ibiview[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\imp[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\imp[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\imp[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\index[10].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\index[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\index[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\index[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\index[4].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\index[5].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\index[6].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\index[7].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\index[8].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\index[9].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\j[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\j[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\j[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\j[4].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\j[5].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\LatestReaderManifest[1].msi => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\lgrt[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\lgrt[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\lgrt[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\loader-min[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\mainwindow[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\meld128[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\meld[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\meld[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\meld[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\pibiview[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\player[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\player[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\quant[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\receivethenpush[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\ron_freeridegames_player_atf;sz=160x600;ord=[timestamp][1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\rpc[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\rpc[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\rpc[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\rpc[4].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\rpc[5].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\rpc[6].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\rs[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\seg[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\skeleton[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\surly[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\swfobject[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\tagextensions_base[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\tags[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\tags[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\tag[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\ttj[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\verifyc[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\verifyc[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\visit[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\visit[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\ylc_1.9[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\yql[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZH1BOBDD\yui-min[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\11199036068@x86[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\11361204541@x90[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\11404993146@x86[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\132467453454[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\132467453454[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\160x600[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\234x60_OT_3PicSwap_FemaleWinter_15s_130890_0113[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\234x60_OT_3PicSwap_Women_purp_108129_0512[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\234x60_OT_3PicSwap_Women_purp_108129_0512[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\234x60_OT_3PicSwap_Women_purp_108129_0512[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\234x60_OT_3PicSwap_Women_purp_108129_0512[4].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\234x60_OT_Button_highlights_Meet50_womanYahoo_123488_1012[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\58616-2[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\58616-2[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\728x90[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\728x90[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\aceUAC[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\admeld-match[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\admeld_sync[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\ads[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\ads[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\am_js[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\at[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\beacon[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\callback=lglotame[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\ca[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\ca[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\ca[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\ca[4].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\click[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\combo[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\companions[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\desktop.ini => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\fetch[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\fetch[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\fetch[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\fetch[4].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\fetch[5].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\fetch[6].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\fetch[7].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\fetch[8].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\freeridegames_direct[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\get[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\glamadapt_jsrv[10].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\glamadapt_jsrv[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\glamadapt_jsrv[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\glamadapt_jsrv[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\glamadapt_jsrv[4].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\glamadapt_jsrv[5].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\glamadapt_jsrv[6].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\glamadapt_jsrv[7].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\glamadapt_jsrv[8].js => Moved successfully.

Link to post
Share on other sites

part 5:

 

C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\glamadapt_jsrv[9].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\glam_comscore[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\ibiview[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\ibiview[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\ie7fix[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\imp[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\imp[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\imp[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\imp[4].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\imp[5].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\imp[6].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\imp[7].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\index[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\index[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\index[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\index[4].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\index[5].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\index[6].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\j[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\j[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\j[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\j[4].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\j[5].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\j[6].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\j[7].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\lgrt[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\lgrt[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\l[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\l[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\match[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\meld[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\monster_jdn_atlas[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\niftybase_20120727[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\pibiview[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\player[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\ptj[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\ros;sect=ros;mtfInline=true;sz=728x90;dcopt=ist;type=pop;tile=1;ord=2709655273902934[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\rpc[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\rpc[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\skinAds%253FadId%253DMG160x600Frame[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\SkinComMgr[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\st.beta[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\surly[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\ttj[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\usersync[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\util[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\viewChannelModule[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\viewChannelModule[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\yahoo-dom-event[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZESTVKOS\zxml[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\11359681533@x90[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\11606832914@x86[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\234x60_OT_3PicSwap_FemaleWinter_15s_130890_0113[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\234x60_OT_3PicSwap_FemaleWinter_15s_130890_0113[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\234x60_OT_3PicSwap_FemaleWinter_15s_130890_0113[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\234x60_OT_3PicSwap_Women_purp_108129_0512[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\234x60_OT_3PicSwap_Women_purp_108129_0512[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\234x60_OT_3PicSwap_Women_purp_108129_0512[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\234x60_OT_3PicSwap_Women_purp_108129_0512[4].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\234x60_OT_3PicSwap_Women_purp_108129_0512[5].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\728x90[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\adimage[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\admeld_sync[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\afe_specificclick_net[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\at[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\avs414[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\bsredirect5[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\bsredirect5[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\bsredirect5[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\callback=lglotame[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\callback=lglotame[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\ca[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\ca[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\ca[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\cc_af[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\clientad_rotator_090324[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\combo[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\combo[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\combo[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\desktop.ini => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\dk[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\dk[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\dref=[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\dvtp_src[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\dvtp_src[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\dvtp_src[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\ebStdBannerEx[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\eolas[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\fetch[10].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\fetch[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\fetch[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\fetch[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\fetch[4].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\fetch[5].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\fetch[6].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\fetch[7].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\fetch[8].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\fetch[9].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\get[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\get[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\get[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\glamadapt_jsrv[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\glamadapt_jsrv[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\glamadapt_jsrv[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\glamadapt_jsrv[4].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\glamadapt_jsrv[5].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\glamadapt_jsrv[6].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\glamadapt_jsrv[7].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\glamadapt_jsrv[8].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\GlamSelectDefaultAds[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\gplayer_api[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\gr10-swfo22[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\gr10-swfo22_201105121000[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\imp[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\imp[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\index[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\index[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\index[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\index[4].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\index[5].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\index[6].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\index[7].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\index[8].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\index[9].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\jquery[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\j[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\j[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\j[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\j[4].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\lgrt[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\lgrt[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\lgrt[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\loader-min[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\meld[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\meld[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\meld[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\optn=64[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\optoutx[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\ph_14028561_hab_jollibee_lrec_exp_video_05mar2013[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\pibiview[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\quant[1].js => Moved successfully.
Could not move "C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\ron_freeridegames_atf;net=cm;u=,cm-21370102827_1348488065,12a1be8bd00a98a,ads,ax.60;sz=160x600;env=ifr;ord1=350829;cmw=owl;dcopt=ist;contx=ads;cmd=tag.admeld[1].js" => Scheduled to move on reboot.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\ron_freeridegames_atf;sz=160x600;ord=1348488064[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\rpc[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\rpc[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\rpc[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\skeleton[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\SkinComMgrProducer[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\slideview[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\slideview[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\swfobject[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\swfobject_2_2[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\tags[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\text_group[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\util[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\wrapper[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\234x60_OT_Button_highlights_Meet50_womanYahoo_123488_1012[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\234x60_OT_Button_highlights_Meet50_womanYahoo_123488_1012[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\234x60_OT_Button_highlights_Meet50_womanYahoo_123488_1012[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\546[2].js => Moved successfully.
Could not move "C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\A%25252F%25252F%25252FC%25253A%25252FProgram%25252520Files%25252520%2528x86%2529%25252FFantastiGames%25252FSkins%25252F000005%25252Fhtml%25252FSkin%25252FProvider%25252Fmg[1].js" => Scheduled to move on reboot.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\ad2[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\admeld_sync[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\at[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\at[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\bc_2.0.5[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\brightroll[1].bid => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\ca[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\cc[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\channels[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\channels[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\click[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\click[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\click[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\click[4].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\combo[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\combo[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\cookie[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\desktop.ini => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\displayAd[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\display_ads[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\documentwrite[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\dvtp_src[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\dvtp_src[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\fetch[10].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\fetch[11].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\fetch[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\fetch[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\fetch[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\fetch[4].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\fetch[5].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\fetch[6].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\fetch[7].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\fetch[8].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\fetch[9].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\flashwrite_1_2[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\flash_inpage_rendering_lib_200_18[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\ga[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\get[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\glamadapt_jsrv[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\glamadapt_jsrv[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\imp[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\imp[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\imp[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\imp[4].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\imp[5].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\imp[6].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\imp[7].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\imp[8].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\index[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\index[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\index[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\index[4].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\index[5].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\index[6].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\index[7].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\index[8].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\jquery[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\j[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\j[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\j[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\j[4].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\j[5].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\j[6].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\lgrt[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\lgrt[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\lgrt[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\lgrt[4].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\lgrt[5].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\load[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\mainwindow[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\meld[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\meld[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\meld[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\meld[4].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\meld[5].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\meld[6].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\meld[7].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\oio[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\player[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\player[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\plcr_2466756_0_1361208613238[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\preroll.2.0[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\PreRollAdMgrProducer[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\prWriteCode[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\ptj[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\pubcode.min[1].js => Moved successfully.
Could not move "C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\reeridegames_player_atf;net=cm;u=,cm-21243477008_1357162635,12a1be8bd00a98a,games,ax.280;sz=160x600;env=ifr;ord1=723260;cmw=owl;dcopt=ist;contx=games;cmd=www.freeridegames[1].js" => Scheduled to move on reboot.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\ros;sect=ros;mtfInline=true;sz=160x600;tile=1;ord=9050081743069386[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\rpc[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\rpc[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\rpc[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\rpc[4].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\rs[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\rs[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\tags[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\ttj[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\ttj[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\ttj[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\upsell_conn_201010291509[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\usersync[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\verifyc[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\visit[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\visit[2].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\visit[3].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\yql[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\yui-min[1].js => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\TeamViewer\Version7\7.hta => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\TeamViewer\Version7\TeamViewer_.exe => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\TeamViewer\Version7\tvinfo.ini => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\TCDC42.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\TCDAC66.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\TCD9AB0.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\TCD8EBA.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\TCD6E6D.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\TCD4B09.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\TCD3268.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\TCD300.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\TCD2E83.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_f7da800c-a6c8-447d-9258-9e6e73d3797c\DiagPackage.diagpkg => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_f7da800c-a6c8-447d-9258-9e6e73d3797c\DiagPackage.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_f7da800c-a6c8-447d-9258-9e6e73d3797c\HTInteractiveRes.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_f7da800c-a6c8-447d-9258-9e6e73d3797c\InteractiveRes.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_f7da800c-a6c8-447d-9258-9e6e73d3797c\NetworkDiagnosticsResolve.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_f7da800c-a6c8-447d-9258-9e6e73d3797c\NetworkDiagnosticsTroubleshoot.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_f7da800c-a6c8-447d-9258-9e6e73d3797c\NetworkDiagnosticsVerify.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_f7da800c-a6c8-447d-9258-9e6e73d3797c\StartDPSService.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_f7da800c-a6c8-447d-9258-9e6e73d3797c\UtilityFirewall.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_f7da800c-a6c8-447d-9258-9e6e73d3797c\UtilityFunctions.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_f7da800c-a6c8-447d-9258-9e6e73d3797c\UtilitySetConstants.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_f7da800c-a6c8-447d-9258-9e6e73d3797c\result\results.xsl => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_f7da800c-a6c8-447d-9258-9e6e73d3797c\en-US\LocalizationData.psd1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_e9014143-5756-4b37-95f0-a835d6ddb316\DiagPackage.diagpkg => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_e9014143-5756-4b37-95f0-a835d6ddb316\HTInteractiveRes.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_e9014143-5756-4b37-95f0-a835d6ddb316\InteractiveRes.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_e9014143-5756-4b37-95f0-a835d6ddb316\NetworkDiagnosticsResolve.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_e9014143-5756-4b37-95f0-a835d6ddb316\NetworkDiagnosticsTroubleshoot.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_e9014143-5756-4b37-95f0-a835d6ddb316\NetworkDiagnosticsVerify.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_e9014143-5756-4b37-95f0-a835d6ddb316\StartDPSService.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_e9014143-5756-4b37-95f0-a835d6ddb316\UtilityFirewall.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_e9014143-5756-4b37-95f0-a835d6ddb316\UtilityFunctions.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_e9014143-5756-4b37-95f0-a835d6ddb316\UtilitySetConstants.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_e9014143-5756-4b37-95f0-a835d6ddb316\en-US\LocalizationData.psd1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_bb3526af-e076-4cff-942b-0291e68d176f\CL_Utility.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_bb3526af-e076-4cff-942b-0291e68d176f\DiagPackage.diagpkg => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_bb3526af-e076-4cff-942b-0291e68d176f\RS_AdminDiagnosticHistory.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_bb3526af-e076-4cff-942b-0291e68d176f\RS_MachineWERQueue.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_bb3526af-e076-4cff-942b-0291e68d176f\RS_RemoveShortcuts.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_bb3526af-e076-4cff-942b-0291e68d176f\RS_RemoveUnusedDesktopIcons.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_bb3526af-e076-4cff-942b-0291e68d176f\RS_SyncSystemTime.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_bb3526af-e076-4cff-942b-0291e68d176f\RS_UserDiagnosticHistory.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_bb3526af-e076-4cff-942b-0291e68d176f\RS_UserWERQueue.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_bb3526af-e076-4cff-942b-0291e68d176f\TS_BrokenShortcuts.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_bb3526af-e076-4cff-942b-0291e68d176f\TS_DiagnosticHistory.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_bb3526af-e076-4cff-942b-0291e68d176f\TS_InaccurateSystemTime.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_bb3526af-e076-4cff-942b-0291e68d176f\TS_UnusedDesktopIcons.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_bb3526af-e076-4cff-942b-0291e68d176f\TS_VolumeErrors.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_bb3526af-e076-4cff-942b-0291e68d176f\TS_WERQueue.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_bb3526af-e076-4cff-942b-0291e68d176f\result\results.xsl => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_bb3526af-e076-4cff-942b-0291e68d176f\en-US\CL_LocalizationData.psd1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_83960419-64e0-4306-964d-9ff38ded02ae\CL_Utility.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_83960419-64e0-4306-964d-9ff38ded02ae\DiagPackage.diagpkg => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_83960419-64e0-4306-964d-9ff38ded02ae\RS_MultipleUsers.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_83960419-64e0-4306-964d-9ff38ded02ae\RS_PowerMode.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_83960419-64e0-4306-964d-9ff38ded02ae\RS_RemoveAllUsersStartupPrograms.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_83960419-64e0-4306-964d-9ff38ded02ae\RS_RemoveCurrentUserStartupPrograms.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_83960419-64e0-4306-964d-9ff38ded02ae\RS_StartSysMainService.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_83960419-64e0-4306-964d-9ff38ded02ae\RS_SwitchIntoDMA.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_83960419-64e0-4306-964d-9ff38ded02ae\RS_VisualEffects.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_83960419-64e0-4306-964d-9ff38ded02ae\TS_MultipleAntivirusProducts.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_83960419-64e0-4306-964d-9ff38ded02ae\TS_MultipleUsers.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_83960419-64e0-4306-964d-9ff38ded02ae\TS_PIOMode.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_83960419-64e0-4306-964d-9ff38ded02ae\TS_PowerMode.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_83960419-64e0-4306-964d-9ff38ded02ae\TS_SuperFetch.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_83960419-64e0-4306-964d-9ff38ded02ae\TS_TooManyStartupPrograms.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_83960419-64e0-4306-964d-9ff38ded02ae\TS_VisualEffects.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_83960419-64e0-4306-964d-9ff38ded02ae\result\results.xsl => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_83960419-64e0-4306-964d-9ff38ded02ae\en-US\CL_LocalizationData.psd1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_7836e7c7-ee11-48e3-a2ef-e18adf98a3ae\DiagPackage.diagpkg => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_7836e7c7-ee11-48e3-a2ef-e18adf98a3ae\HTInteractiveRes.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_7836e7c7-ee11-48e3-a2ef-e18adf98a3ae\InteractiveRes.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_7836e7c7-ee11-48e3-a2ef-e18adf98a3ae\NetworkDiagnosticsResolve.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_7836e7c7-ee11-48e3-a2ef-e18adf98a3ae\NetworkDiagnosticsTroubleshoot.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_7836e7c7-ee11-48e3-a2ef-e18adf98a3ae\NetworkDiagnosticsVerify.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_7836e7c7-ee11-48e3-a2ef-e18adf98a3ae\StartDPSService.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_7836e7c7-ee11-48e3-a2ef-e18adf98a3ae\UtilityFirewall.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_7836e7c7-ee11-48e3-a2ef-e18adf98a3ae\UtilityFunctions.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_7836e7c7-ee11-48e3-a2ef-e18adf98a3ae\UtilitySetConstants.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_7836e7c7-ee11-48e3-a2ef-e18adf98a3ae\result\results.xsl => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_7836e7c7-ee11-48e3-a2ef-e18adf98a3ae\en-US\DiagPackage.dll.mui => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_7836e7c7-ee11-48e3-a2ef-e18adf98a3ae\en-US\LocalizationData.psd1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_31e023a1-8a0a-4864-85d2-72800c81e297\DiagPackage.diagpkg => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_31e023a1-8a0a-4864-85d2-72800c81e297\HTInteractiveRes.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_31e023a1-8a0a-4864-85d2-72800c81e297\InteractiveRes.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_31e023a1-8a0a-4864-85d2-72800c81e297\NetworkDiagnosticsResolve.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_31e023a1-8a0a-4864-85d2-72800c81e297\NetworkDiagnosticsTroubleshoot.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_31e023a1-8a0a-4864-85d2-72800c81e297\NetworkDiagnosticsVerify.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_31e023a1-8a0a-4864-85d2-72800c81e297\StartDPSService.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_31e023a1-8a0a-4864-85d2-72800c81e297\UtilityFirewall.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_31e023a1-8a0a-4864-85d2-72800c81e297\UtilityFunctions.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_31e023a1-8a0a-4864-85d2-72800c81e297\UtilitySetConstants.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_31e023a1-8a0a-4864-85d2-72800c81e297\result\results.xsl => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_31e023a1-8a0a-4864-85d2-72800c81e297\en-US\LocalizationData.psd1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_29e6096e-ec9e-4ff5-9070-2e711d6131fb\CL_Utility.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_29e6096e-ec9e-4ff5-9070-2e711d6131fb\DiagPackage.diagpkg => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_29e6096e-ec9e-4ff5-9070-2e711d6131fb\RS_AdminDiagnosticHistory.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_29e6096e-ec9e-4ff5-9070-2e711d6131fb\RS_MachineWERQueue.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_29e6096e-ec9e-4ff5-9070-2e711d6131fb\RS_RemoveShortcuts.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_29e6096e-ec9e-4ff5-9070-2e711d6131fb\RS_RemoveUnusedDesktopIcons.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_29e6096e-ec9e-4ff5-9070-2e711d6131fb\RS_SyncSystemTime.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_29e6096e-ec9e-4ff5-9070-2e711d6131fb\RS_UserDiagnosticHistory.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_29e6096e-ec9e-4ff5-9070-2e711d6131fb\RS_UserWERQueue.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_29e6096e-ec9e-4ff5-9070-2e711d6131fb\TS_BrokenShortcuts.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_29e6096e-ec9e-4ff5-9070-2e711d6131fb\TS_DiagnosticHistory.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_29e6096e-ec9e-4ff5-9070-2e711d6131fb\TS_InaccurateSystemTime.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_29e6096e-ec9e-4ff5-9070-2e711d6131fb\TS_UnusedDesktopIcons.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_29e6096e-ec9e-4ff5-9070-2e711d6131fb\TS_VolumeErrors.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_29e6096e-ec9e-4ff5-9070-2e711d6131fb\TS_WERQueue.ps1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_29e6096e-ec9e-4ff5-9070-2e711d6131fb\result\results.xsl => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\SDIAG_29e6096e-ec9e-4ff5-9070-2e711d6131fb\en-US\CL_LocalizationData.psd1 => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Produtools_Manuals_2.1\nsjE17C.tbPro2.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Produtools_Manuals_2.1\nsm452D.tbPro0.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Produtools_Manuals_2.1\nsoA449.tbPro0.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\nspAB1F.tmp\zplugins.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\nsn6211.tmp\System.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\nskD0C4.tmp\System.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\nskD0C4.tmp\zplugins.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\MUI\ib.lnk => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\MUI\OLYMPUS ib\ib Help.lnk => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\MUI\OLYMPUS ib\ib Readme.lnk => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\MUI\OLYMPUS ib\ib.lnk => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\msohtmlclip1\01\clip_colorschememapping.xml => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\msohtmlclip1\01\clip_themedata.thmx => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\desktop.ini => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\IQLJ7HQ9\desktop.ini => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\4X6KIS0B\desktop.ini => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3QVOXQCR\desktop.ini => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\29LLIZUL\desktop.ini => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Low\History\History.IE5\desktop.ini => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\is202948896\1044521320.cfg => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\is202948896\1107084736.cfg => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\is202948896\1347817100.cfg => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\is202948896\1349446289.cfg => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\is202948896\1680625080.cfg => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\is202948896\2051841183.cfg => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\is202948896\264325618.cfg => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\is202948896\397292075.cfg => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\is202948896\508001216.cfg => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\is202948896\56054429.cfg => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\is202948896\695518566.cfg => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\is202948896\724696389.cfg => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\is202948896\distro-amzn-ironsource-rs.exe => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\is202948896\PCFixSpeedSetup.exe => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\is202948896\Strongvault.exe => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\is202948896\wajam_download.exe => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\InstallHelp\SecurityScanner32.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ib\432daf96-57d5-4158-8a26-ba0f8451ed14.exe => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\History\History.IE5\desktop.ini => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\Exent\GI20140603204841GMT.Log => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ckz_80B3\MALiteSetup.exe => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ckz_80B3\Runit.exe => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\ckz_80B3\Runit\Release\Runit.exe => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\APNLogs\iw.log => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\APN\ReportingData.dat => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\CbsProvider.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\CompatProvider.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\DismCore.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\DismCorePS.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\DismHost.exe => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\DismProv.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\DmiProvider.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\FolderProvider.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\IntlProvider.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\LogProvider.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\MsiProvider.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\OSProvider.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\SmiProvider.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\TransmogProvider.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\UnattendProvider.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\wdscore.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\WimProvider.dll => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\en-US\CbsProvider.dll.mui => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\en-US\CompatProvider.dll.mui => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\en-US\DismCore.dll.mui => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\en-US\DismProv.dll.mui => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\en-US\DmiProvider.dll.mui => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\en-US\FolderProvider.dll.mui => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\en-US\IntlProvider.dll.mui => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\en-US\LogProvider.dll.mui => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\en-US\MsiProvider.dll.mui => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\en-US\OSProvider.dll.mui => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\en-US\SmiProvider.dll.mui => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\en-US\TransmogProvider.dll.mui => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\en-US\UnattendProvider.dll.mui => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\45064307-E76C-4209-BA80-7DEA28EF4D25\en-US\WimProvider.dll.mui => Moved successfully.
Could not move "C:\Users\Sample\AppData\Local\Temp" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-03 16:28:29)<=

C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.
C:\Users\Sample\AppData\Local\Temp\AdobeARM.log => Is moved successfully.
C:\Users\Sample\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TBAYMX5Z\ron_freeridegames_atf;net=cm;u=,cm-21370102827_1348488065,12a1be8bd00a98a,ads,ax.60;sz=160x600;env=ifr;ord1=350829;cmw=owl;dcopt=ist;contx=ads;cmd=tag.admeld[1].js => Is moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\A%25252F%25252F%25252FC%25253A%25252FProgram%25252520Files%25252520%2528x86%2529%25252FFantastiGames%25252FSkins%25252F000005%25252Fhtml%25252FSkin%25252FProvider%25252Fmg[1].js => Is moved successfully.
C:\Users\Sample\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OVONLTEI\reeridegames_player_atf;net=cm;u=,cm-21243477008_1357162635,12a1be8bd00a98a,games,ax.280;sz=160x600;env=ifr;ord1=723260;cmw=owl;dcopt=ist;contx=games;cmd=www.freeridegames[1].js => Is moved successfully.
C:\Users\Sample\AppData\Local\Temp => Moved successfully.

==== End of Fixlog ====

 

That's pretty neat! I think I see how it works. Basically the first file tells you what and where all of the problems are.  Then the second file corresponds to the first to find and remove the problems right?  Virus removal techniques intrigues me at times so hopefully one day I can understand how all of this works so I can do it myself.

Link to post
Share on other sites

Hello,

 

 

Bad news about the rest of our stuff being compromised... Hopefully it hasn't reached that point.  Whether it has or hasn't what can we do as a preliminary option?

 

I can't be sure in that, but it's quite possible. How many computers are connected in the network? Do they have the same symptoms as yours (unable to download anything, did Malwarebytes detect anything so far etc)?

 

That's pretty neat! I think I see how it works. Basically the first file tells you what and where all of the problems are.  Then the second file corresponds to the first to find and remove the problems right?  Virus removal techniques intrigues me at times so hopefully one day I can understand how all of this works so I can do it myself.

 

That's correct.

The logic here is that the most of the scanners use definitions to automatically detect and clean threats and that's why they could easily miss malware because of this. The tools we use help us determine the malware load points so we can detect malware without the need for definitions. smile.png Check these tutorials:

 

http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

http://www.geekstogo.com/forum/topic/277391-otl-tutorial-how-to-use-oldtimer-listit/

 

However if you prefer to attempt to clean the computer yourself in the future then check the common startup points for signs of the infection. it takes a trained eye to catch the offending code. It all depends from the good research (Google is your best friend if you know how to use it), also many practice exercises, a good knowledge of each operating system is necessary to work with them, knowing the registry etc. This task is best performed by experienced users so I strongly advise you to Back up the registry before beginning in case you delete or change legitimate settings by mistake.

A few good tutorials can be found here:

 

http://www.youtube.com/watch?v=LGBA46y49YU
http://www.youtube.com/watch?v=jBrzrFh9dxs

 

Note: Keep in mind that the most of the tools used in the tutorials like TDSSKiller or Combofix are very powerful and they should be used under the guidance and supervision of an expert because you can render your computer unbootable when used incorrectly...

 

If you wish to learn how to fight malware properly then I suggest you check the malware removal training programs

 

http://www.bleepingcomputer.com/forums/t/532535/malware-removal-training-program/

http://www.techsupportforum.com/forums/f50/please-read-before-applying-to-join-the-academy-294775.html

http://www.geekstogo.com/geeku/

http://www.spywareinfoforum.com/topic/34-the-boot-camp-here-anti-malware-training/

 

etc...

 

Ok...I forgot to ask you to uninstall the following application as well:

 

Produtools Manuals 2.1 Toolbar (if present in the Control Panel).

 

Next please run a new scan with FRST and post back the results. (Make sure that Addition.txt is checked before you proceed with the scan).

 

 

Regards,

Georgi

Link to post
Share on other sites

Cool thanks for all the info!  Whenever I get time I'll read it over.  We have about 10 on the network.  Oh by the way I forgot to mention that I couldn't delete Yontoo 1.10.03.   An error box occurs saying "Setup initialization error" when I tried to delete it the way you told me to.  I assume i have to have Yontoo deleted as well as Produtools Manuals 2.1 Toolbar before I proceed to scan again right?  I also just tried to delete Produtools but it wouldn't delete either.  No error messages though. Any other delete options before I scan or should I just leave it as is?

 

Also an error box appears at startup saying "There was a problem starting C:\ProgramData\convures64.dll. The specified module could not be found."  Could've been the result of choosing to remove the virus using ESET i don't know.  Any thoughts?

Link to post
Share on other sites

Hello,

 

We have about 10 on the network.

 

Once we are done here you can run a scan with FRST on every 10 computers, zip the logs and send them to me via PM if you want to check them for sign of ZeroAccess if needed.
 

 

Oh by the way I forgot to mention that I couldn't delete Yontoo 1.10.03.   An error box occurs saying "Setup initialization error" when I tried to delete it the way you told me to.  I assume i have to have Yontoo deleted as well as Produtools Manuals 2.1 Toolbar before I proceed to scan again right?

 

Try to uninstall them using the following MSFixit. If unsuccessful then use Revo Uninstaller instead:

 

Please download and install Revo Uninstaller 1.95.
Then please run Revo Uninstaller and select Yontoo 1.10.03.
Please click Uninstall icon to uninstall the selected program.
Please choose Advanced.
Then click Next and follow the prompts.
Please click Select All and Delete to delete all registry items, folders and files listed by Revo.
If asked to restart the computer, please do so.

Repeat the steps for Produtools Manuals 2.1 Toolbar
Let me know about the results.

 

Also an error box appears at startup saying "There was a problem starting C:\ProgramData\convures64.dll. The specified module could not be found."  Could've been the result of choosing to remove the virus using ESET i don't know.  Any thoughts?

 

This is odd because I removed the registry references already related to this entry:

 

HKU\S-1-5-21-1455662546-804498140-2904831263-1000\...\Run: [ddodated] => rundll32 "C:\ProgramData\convures64.dll",CreateProcessNotify

 

HKU\S-1-5-21-1455662546-804498140-2904831263-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ddodated => Value deleted successfully.
"C:\ProgramData\convures64.dll" => File/Directory not found.

 

Anyway...when you post a fresh log from FRST this will bring some light on the issue. :)

 

 

Regards,

Georgi

Link to post
Share on other sites

Ok I guess Yontoo is gone... It's kind of weird because it's still on his computer by name only in Control Panel, but everywhere I looked, even tracing back to its original file location, it's not there.  Produtools was successfully removed by Revo.  Yontoo didn't even show up on Revo nor any of his browsers (IE & Firefox). I did look up how to remove Yontoo but again since it's not showing up on his computer I couldn't do anything with it. 

 

Side note, a good sign is that I was able to download Firefox, Malwarebytes and CCleaner from IE.  Before I couldn't download a thing!  At any rate, I don't like the fact that although it may be "gone" its still there by name.  I don't want it to somehow regenerate itself.

 

Anyways here are the FRST logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by Sample (administrator) on SAMPLE-PC on 06-06-2014 12:56:36
Running from C:\Users\Sample\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\ib\olycamdetect.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(VS Revo Group) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2011-05-21] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1119392 2011-05-21] (Trend Micro Inc.)
HKLM\...\Run: [EKAIO2StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe [3240448 2011-12-10] (Eastman Kodak Company)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [Olympus ib] => C:\Program Files (x86)\Olympus\ib\olycamdetect.exe [96128 2012-02-02] (OLYMPUS IMAGING CORP.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe [223104 2011-08-30] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1455662546-804498140-2904831263-1000\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
HKU\S-1-5-21-1455662546-804498140-2904831263-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-1455662546-804498140-2904831263-1000\...\MountPoints2: {b43858aa-ad29-11e2-99df-d067e5281020} - G:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x37BBF6C5AD81CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - No Name - !{07189b84-b33b-4a1e-9b32-ad203c983c20} -  No File
Toolbar: HKLM - No Name - !{0b84b4b4-8af8-4f1f-91fe-074a666f6425} -  No File
Toolbar: HKLM - No Name - !{348bd83c-b2cd-4319-a605-c96bb458dd80} -  No File
Toolbar: HKLM - No Name - !{364ea597-e728-4ce4-bb4a-ed846ef47970} -  No File
Toolbar: HKLM - No Name - !{8f61e414-ea79-4559-8bb6-61d956f70306} -  No File
Toolbar: HKLM - No Name - !{acf7da4c-eeb2-484a-a3a1-303d4054d50c} -  No File
Toolbar: HKLM - No Name - !{C80BDEB2-8735-44C6-BD55-A1CCD555667A} -  No File
Toolbar: HKLM - No Name - !{cf67755f-9265-449c-87cf-b945519e073b} -  No File
Toolbar: HKLM - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - !{07189b84-b33b-4a1e-9b32-ad203c983c20} -  No File
Toolbar: HKLM-x32 - No Name - !{0b84b4b4-8af8-4f1f-91fe-074a666f6425} -  No File
Toolbar: HKLM-x32 - No Name - !{348bd83c-b2cd-4319-a605-c96bb458dd80} -  No File
Toolbar: HKLM-x32 - No Name - !{364ea597-e728-4ce4-bb4a-ed846ef47970} -  No File
Toolbar: HKLM-x32 - No Name - !{8f61e414-ea79-4559-8bb6-61d956f70306} -  No File
Toolbar: HKLM-x32 - No Name - !{acf7da4c-eeb2-484a-a3a1-303d4054d50c} -  No File
Toolbar: HKLM-x32 - No Name - !{C80BDEB2-8735-44C6-BD55-A1CCD555667A} -  No File
Toolbar: HKLM-x32 - No Name - !{cf67755f-9265-449c-87cf-b945519e073b} -  No File
Toolbar: HKLM-x32 - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.)
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Sample\AppData\Roaming\Mozilla\Firefox\Profiles\dv5em2u2.default-1402076494319
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension\ []

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]

==================== Drivers (Whitelisted) ====================

R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE1200w764.sys [1254464 2011-03-29] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90896 2011-05-21] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144656 2011-05-21] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [69392 2011-05-21] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2011-05-21] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-06 12:56 - 2014-06-06 12:56 - 00016490 _____ () C:\Users\Sample\Downloads\FRST.txt
2014-06-06 12:55 - 2014-06-06 12:55 - 02072576 _____ (Farbar) C:\Users\Sample\Downloads\FRST64.exe
2014-06-06 12:41 - 2014-06-06 12:41 - 00000000 ____D () C:\Users\Sample\Desktop\Old Firefox Data
2014-06-06 11:55 - 2014-06-06 11:55 - 00001266 _____ () C:\Users\Sample\Desktop\Revo Uninstaller.lnk
2014-06-06 11:55 - 2014-06-06 11:55 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-06 11:54 - 2014-06-06 11:56 - 00000134 _____ () C:\Users\Sample\Desktop\Microsoft Fix it.url
2014-06-06 11:54 - 2014-06-06 11:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Sample\Downloads\revosetup.exe
2014-06-06 11:54 - 2014-06-06 11:54 - 00347816 _____ (Microsoft Corporation) C:\Users\Sample\Downloads\MicrosoftFixit.WinFileFolder.FISC.12325504090395883.2.1.Run.exe
2014-06-06 11:48 - 2014-06-06 11:48 - 00347816 _____ (Microsoft Corporation) C:\Users\Sample\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.12325504090395883.1.1.Run.exe
2014-06-04 16:07 - 2014-06-05 14:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-04 16:07 - 2014-06-04 16:07 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-04 16:07 - 2014-06-04 16:07 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-04 16:07 - 2014-06-04 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-04 16:07 - 2014-06-04 16:07 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-04 16:03 - 2014-06-04 16:05 - 04748896 _____ (Piriform Ltd) C:\Users\Sample\Downloads\ccsetup414.exe
2014-06-04 16:03 - 2014-06-04 16:03 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-04 16:03 - 2014-06-04 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-04 16:03 - 2014-06-04 16:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-04 16:03 - 2014-06-04 16:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 16:03 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-04 16:03 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-04 16:03 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-04 16:02 - 2014-06-04 16:02 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sample\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-04 15:57 - 2014-06-04 15:58 - 00000000 ____D () C:\Users\Sample\AppData\Local\Mozilla
2014-06-04 15:57 - 2014-06-04 15:57 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-04 15:57 - 2014-06-04 15:57 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-04 15:57 - 2014-06-04 15:57 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-04 15:57 - 2014-06-04 15:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-03 16:43 - 2014-06-06 12:56 - 00000000 ____D () C:\Users\Sample\AppData\Local\Temp
2014-06-03 16:25 - 2014-06-03 16:17 - 00027137 _____ () C:\Users\Sample\Desktop\fixlist.txt
2014-06-03 15:49 - 2014-06-03 15:49 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-06-02 11:29 - 2014-06-06 12:56 - 00000000 ____D () C:\FRST
2014-05-28 16:08 - 2014-05-28 16:09 - 00000000 ____D () C:\Users\Sample\Desktop\Removable Disk
2014-05-28 15:21 - 2014-05-28 15:21 - 00008472 _____ () C:\Users\Sample\Documents\eset scan results.txt
2014-05-28 14:22 - 2014-05-28 14:22 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-27 07:44 - 2014-05-27 07:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-05-27 07:44 - 2014-05-27 07:44 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-05-22 08:12 - 2014-05-27 13:52 - 00013660 _____ () C:\Users\Sample\Documents\Internal Audit Schedule (2)1.xlsx
2014-05-15 07:53 - 2014-05-15 07:53 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Oracle
2014-05-15 07:49 - 2014-05-15 07:49 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-15 07:48 - 2014-05-15 07:48 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-15 07:48 - 2014-05-15 07:48 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-15 07:48 - 2014-05-15 07:48 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-15 07:48 - 2014-05-15 07:48 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-15 07:48 - 2014-05-15 07:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-15 07:48 - 2014-05-15 07:48 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-05-15 07:48 - 2014-05-15 07:48 - 00000000 ____D () C:\Program Files (x86)\Java

==================== One Month Modified Files and Folders =======

2014-06-06 12:56 - 2014-06-06 12:56 - 00016490 _____ () C:\Users\Sample\Downloads\FRST.txt
2014-06-06 12:56 - 2014-06-03 16:43 - 00000000 ____D () C:\Users\Sample\AppData\Local\Temp
2014-06-06 12:56 - 2014-06-02 11:29 - 00000000 ____D () C:\FRST
2014-06-06 12:55 - 2014-06-06 12:55 - 02072576 _____ (Farbar) C:\Users\Sample\Downloads\FRST64.exe
2014-06-06 12:47 - 2012-04-05 15:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-06 12:41 - 2014-06-06 12:41 - 00000000 ____D () C:\Users\Sample\Desktop\Old Firefox Data
2014-06-06 12:36 - 2012-04-02 15:23 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{227FD765-263C-480D-80E1-CD61222B9105}
2014-06-06 12:23 - 2012-04-12 09:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-06 11:56 - 2014-06-06 11:54 - 00000134 _____ () C:\Users\Sample\Desktop\Microsoft Fix it.url
2014-06-06 11:55 - 2014-06-06 11:55 - 00001266 _____ () C:\Users\Sample\Desktop\Revo Uninstaller.lnk
2014-06-06 11:55 - 2014-06-06 11:55 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-06 11:54 - 2014-06-06 11:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Sample\Downloads\revosetup.exe
2014-06-06 11:54 - 2014-06-06 11:54 - 00347816 _____ (Microsoft Corporation) C:\Users\Sample\Downloads\MicrosoftFixit.WinFileFolder.FISC.12325504090395883.2.1.Run.exe
2014-06-06 11:48 - 2014-06-06 11:48 - 00347816 _____ (Microsoft Corporation) C:\Users\Sample\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.12325504090395883.1.1.Run.exe
2014-06-06 08:10 - 2012-04-05 15:24 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-05 14:07 - 2014-06-04 16:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 14:06 - 2012-02-03 10:34 - 00000000 ____D () C:\ProgramData\Kodak
2014-06-04 16:15 - 2009-07-13 23:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-04 16:15 - 2009-07-13 23:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-04 16:12 - 2009-07-14 00:13 - 00794278 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-04 16:09 - 2012-01-06 11:21 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-06-04 16:09 - 2012-01-06 11:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-06-04 16:09 - 2012-01-06 10:57 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-06-04 16:08 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-04 16:08 - 2009-07-13 23:51 - 00070866 _____ () C:\Windows\setupact.log
2014-06-04 16:07 - 2014-06-04 16:07 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-04 16:07 - 2014-06-04 16:07 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-04 16:07 - 2014-06-04 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-04 16:07 - 2014-06-04 16:07 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-04 16:05 - 2014-06-04 16:03 - 04748896 _____ (Piriform Ltd) C:\Users\Sample\Downloads\ccsetup414.exe
2014-06-04 16:03 - 2014-06-04 16:03 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-04 16:03 - 2014-06-04 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-04 16:03 - 2014-06-04 16:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-04 16:03 - 2014-06-04 16:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 16:02 - 2014-06-04 16:02 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sample\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-04 15:58 - 2014-06-04 15:57 - 00000000 ____D () C:\Users\Sample\AppData\Local\Mozilla
2014-06-04 15:58 - 2012-02-03 10:36 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Mozilla
2014-06-04 15:57 - 2014-06-04 15:57 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-04 15:57 - 2014-06-04 15:57 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-04 15:57 - 2014-06-04 15:57 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-04 15:57 - 2014-06-04 15:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-04 15:57 - 2012-12-11 12:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-03 16:27 - 2010-11-20 22:47 - 00576406 _____ () C:\Windows\PFRO.log
2014-06-03 16:17 - 2014-06-03 16:25 - 00027137 _____ () C:\Users\Sample\Desktop\fixlist.txt
2014-06-03 16:06 - 2013-01-31 19:17 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-06-03 16:06 - 2012-01-06 10:57 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-03 15:58 - 2013-02-14 08:27 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-06-03 15:58 - 2013-02-14 08:27 - 00000000 __SHD () C:\AI_RecycleBin
2014-06-03 15:58 - 2013-02-14 08:27 - 00000000 ____D () C:\ProgramData\Strongvault Online Backup
2014-06-03 15:57 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-03 15:52 - 2013-09-23 08:22 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
2014-06-03 15:50 - 2012-08-18 15:36 - 00000000 ____D () C:\Firefox
2014-06-03 15:49 - 2014-06-03 15:49 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-05-28 16:09 - 2014-05-28 16:08 - 00000000 ____D () C:\Users\Sample\Desktop\Removable Disk
2014-05-28 15:21 - 2014-05-28 15:21 - 00008472 _____ () C:\Users\Sample\Documents\eset scan results.txt
2014-05-28 14:22 - 2014-05-28 14:22 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-27 13:52 - 2014-05-22 08:12 - 00013660 _____ () C:\Users\Sample\Documents\Internal Audit Schedule (2)1.xlsx
2014-05-27 13:51 - 2013-07-02 13:06 - 00030208 _____ () C:\Users\Sample\Documents\NCRLOG.xls
2014-05-27 07:44 - 2014-05-27 07:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-05-27 07:44 - 2014-05-27 07:44 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-05-15 13:58 - 2012-02-03 10:33 - 00000000 ____D () C:\Users\Sample\AppData\Local\VirtualStore
2014-05-15 07:53 - 2014-05-15 07:53 - 00000000 ____D () C:\Users\Sample\AppData\Roaming\Oracle
2014-05-15 07:49 - 2014-05-15 07:49 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-15 07:48 - 2014-05-15 07:48 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-15 07:48 - 2014-05-15 07:48 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-15 07:48 - 2014-05-15 07:48 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-15 07:48 - 2014-05-15 07:48 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-15 07:48 - 2014-05-15 07:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-15 07:48 - 2014-05-15 07:48 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-05-15 07:48 - 2014-05-15 07:48 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-14 10:26 - 2012-04-12 09:23 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 10:26 - 2012-04-12 09:23 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 10:26 - 2012-01-06 10:44 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-12 07:26 - 2014-06-04 16:03 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-04 16:03 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-04 16:03 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-08 08:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-08 07:42 - 2012-04-05 15:24 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 07:42 - 2012-04-05 15:24 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 09:02

==================== End Of Log ============================

Link to post
Share on other sites

Now here are the Addition.txt results:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2014
Ran by Sample at 2014-06-06 12:56:49
Running from C:\Users\Sample\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Trend Micro Titanium Internet Security (Disabled - Out of date) {68F968AC-2AA0-091D-848C-803E83E35902}
AS: Trend Micro Titanium Internet Security (Disabled - Out of date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
aioscnnr (x32 Version: 7.3.4.0 - Your Company Name) Hidden
Antique Shop (HKLM-x32\...\exent_645050) (Version:  - )
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
Cabos (HKLM-x32\...\{D27928E5-C1A2-47B1-9834-6191D3AC34CE}) (Version: 0.8.2 - heavy_baby)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
center (x32 Version: 6.2.5.0 - Eastman Kodak Company) Hidden
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.4.0 - Conexant)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2433A103-9EC3-49EA-9AD1-58A35F27EE56}) (Version:  - Microsoft)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Digital Delivery (HKLM-x32\...\{B96348BD-6B0D-42E3-80B1-FA6718067BFE}) (Version: 2.8.1000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
essentials (x32 Version: 6.0.14.0 - Eastman Kodak Company) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4413.1752 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Graboid Video 3.11 (HKLM-x32\...\Graboid Video) (Version: 3.11 - Graboid Inc.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodak AIO Printer (Version: 7.3.4.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.3.8.20 - Eastman Kodak Company)
LUXOR - 5th Passage (HKLM-x32\...\exent_710650) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 8.0 Support DLLs (HKLM-x32\...\{342F5437-C87D-4BB5-89B9-B23E16C6A395}) (Version: 1.0.0 - McNeel & Associates)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6308.28 - PC-Doctor, Inc.)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OLYMPUS Digital Camera Updater (HKLM-x32\...\{A68C62E8-B243-4777-89BB-12173DFA1D45}) (Version: 1.0.1 - OLYMPUS IMAGING CORP.)
Olympus ib (HKLM-x32\...\InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}) (Version: 1.3.2207 - OLYMPUS IMAGING CORP.)
Olympus ib (x32 Version: 1.3.2207 - OLYMPUS IMAGING CORP.) Hidden
OLYMPUS Viewer 2 (HKLM-x32\...\{7177EE4E-3D1D-4F45-85B5-B93DC758BA0B}) (Version: 1.1.1 - OLYMPUS IMAGING CORP.)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PreReq (x32 Version: 6.2.3.0 - Eastman Kodak Company) Hidden
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rhinoceros 4.0 SR6 (HKLM-x32\...\{6B9DD988-5ECB-4623-BBFF-8A8F2DA3ED16}) (Version: 4.0.40709 - Robert McNeel & Associates)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.12541 - TeamViewer)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )
Trend Micro Titanium Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 3.1 - Trend Micro Inc.)
Trend Micro Titanium Internet Security (Version: 3.00 - Trend Micro Inc.) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{97C39B81-3054-4AB4-B11D-A656DE619982}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{150A0FF0-AF69-4132-BD93-1E34F63FC8A3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{24BD08F8-FF6E-4DD8-BE49-3659AE78A819}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{47894754-0FEC-4920-9A65-6C1E732587AC}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{190EC86F-5867-4D7A-B9F3-D14D82C26F3D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Video Converter (HKCU\...\Video Converter) (Version:  - )
VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yontoo 1.10.03 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.03 - Yontoo LLC) <==== ATTENTION

==================== Restore Points  =========================

17-04-2014 15:01:47 Scheduled Checkpoint
25-04-2014 14:30:57 Scheduled Checkpoint
05-05-2014 16:50:23 Scheduled Checkpoint
13-05-2014 19:36:04 Scheduled Checkpoint
15-05-2014 12:47:30 Removed Java 6 Update 34
15-05-2014 12:48:03 Installed Java 7 Update 55
22-05-2014 16:21:14 Scheduled Checkpoint
30-05-2014 13:25:47 Scheduled Checkpoint
06-06-2014 16:59:13 Revo Uninstaller's restore point - Produtools Manuals 2.1 Toolbar

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1F203423-4DD1-47D0-BE6D-FF4D1C8572D4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {4A4A7ED1-B62A-472E-8135-FB44FB7DBF77} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-05] (Google Inc.)
Task: {801972BA-0CA3-4971-94D7-D3007BC09680} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-05] (Google Inc.)
Task: {B0101EAA-3149-44DC-85BF-C750923FA248} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-09-05] (PC-Doctor, Inc.)
Task: {C5075548-0749-4741-ABF1-A5AB218A6A2A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {E7572864-D131-4A26-8E2C-C56B6DBFB198} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {EF70A479-8F6C-4293-B5B3-34654C045E38} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-05] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-01-06 11:18 - 2011-05-21 03:01 - 00047104 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
2012-01-06 11:18 - 2011-05-21 03:01 - 00042496 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
2012-01-06 11:18 - 2011-05-21 03:01 - 00731136 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2012-01-06 12:25 - 2011-05-21 02:45 - 00288864 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2012-01-06 12:07 - 2011-01-27 10:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-01-06 10:58 - 2011-09-22 11:14 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2010-11-17 11:35 - 2010-11-17 11:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2010-11-24 23:44 - 2010-11-24 23:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2013-01-31 19:19 - 2012-05-25 05:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2013-11-12 11:04 - 2013-11-12 11:04 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2012-01-06 12:25 - 2011-05-21 02:45 - 00049152 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc80-mt-1_36.dll
2012-01-06 12:25 - 2011-05-21 02:45 - 00057344 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc80-mt-1_36.dll
2014-06-04 15:57 - 2014-05-06 21:27 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/06/2014 08:03:08 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/05/2014 02:56:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/04/2014 04:10:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/04/2014 00:55:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/04/2014 00:46:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.2.183.21, time stamp: 0x4b95e661
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072
Exception code: 0xc0000005
Fault offset: 0x000223e0
Faulting process id: 0xc0
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3

Error: (06/03/2014 04:28:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2014 04:07:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2014 03:42:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2014 11:20:08 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/02/2014 03:02:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 10.0.9200.16686, time stamp: 0x5205a143
Exception code: 0xc0000005
Fault offset: 0x00279711
Faulting process id: 0x28c0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3


System errors:
=============
Error: (06/04/2014 04:09:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (06/04/2014 04:09:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (06/04/2014 04:08:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (06/04/2014 00:33:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (06/03/2014 04:29:28 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (06/03/2014 04:28:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (06/03/2014 04:28:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (06/03/2014 04:27:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (06/03/2014 04:12:28 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (06/03/2014 04:06:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060


Microsoft Office Sessions:
=========================
Error: (06/06/2014 08:03:08 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (06/05/2014 02:56:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (06/04/2014 04:10:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/04/2014 00:55:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (06/04/2014 00:46:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.2.183.214b95e661ntdll.dll6.1.7601.1822951fb1072c0000005000223e0c001cf801b159de78dC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll301cc334-ec10-11e3-b862-d067e5281020

Error: (06/03/2014 04:28:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2014 04:07:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2014 03:42:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2014 11:20:08 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (06/02/2014 03:02:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100mshtml.dll10.0.9200.166865205a143c00000050027971128c001cf7e9cc6136ee3C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\mshtml.dllda3f2886-ea90-11e3-a080-d067e5281020


==================== Memory info ===========================

Percentage of memory in use: 40%
Total physical RAM: 4008.63 MB
Available physical RAM: 2383.32 MB
Total Pagefile: 8015.44 MB
Available Pagefile: 5891.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:449.57 GB) (Free:393.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 7859923F)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=16 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Let me know what you come up with.  I'm here for another 3 hours so if you reply anytime after that I won't be able to get to his computer until Monday since we're closed on weekends.  Thanks!

Link to post
Share on other sites

Hello,
 

Ok I guess Yontoo is gone... It's kind of weird because it's still on his computer by name only in Control Panel, but everywhere I looked, even tracing back to its original file location, it's not there.

That's not a problem. I guess that the uninstaller didn't remove the registry entry under the key -  HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall
We can fix that.

 

 

Please download search.pngSystemLook_x64.exe and save it to your desktop.

  • Double-click SystemLook_x64.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:folderfind
Yontoo
:regfind
Yontoo
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Also go ahead and uninstall the following applications as well:

ESET Online Scanner v3
McAfee Security Scan Plus
Google Toolbar for Internet Explorer
Mozilla Maintenance Service

 

Next we need to remove a few remnants left in the registry by uninstalled toolbars:

 

Please download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi

Link to post
Share on other sites

Ok here we go:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 11:37 on 09/06/2014 by Sample
Administrator - Elevation successful

========== folderfind ==========

Searching for "Yontoo"
C:\FRST\Quarantine\C\Program Files (x86)\Yontoo    d------    [13:27 14/02/2013]

========== regfind ==========

Searching for "Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\YontooIEClient.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]
@="YontooIEClient"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0]
@="YontooIEClient 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\0\win32]
@="C:\Program Files (x86)\Yontoo\YontooIEClient.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\HELPDIR]
@="C:\Program Files (x86)\Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InProcServer32]
@="C:\Program Files (x86)\Yontoo\YontooIEClient.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]
@="Yontoo Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32]
@="C:\Program Files (x86)\Yontoo\YontooIEClient.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ProgID]
@="YontooIEClient.Api.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\VersionIndependentProgID]
@="YontooIEClient.Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
@="Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ProgID]
@="YontooIEClient.Layers.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\VersionIndependentProgID]
@="YontooIEClient.Layers"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}\defaultEnableAppsList]
@="DropDownDeals,buzzdock,YontooNewOffers"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\YontooIEClient.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]
@="YontooIEClient"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0]
@="YontooIEClient 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\0\win32]
@="C:\Program Files (x86)\Yontoo\YontooIEClient.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\HELPDIR]
@="C:\Program Files (x86)\Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api]
@="Yontoo Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api\CurVer]
@="YontooIEClient.Api.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api.1]
@="Yontoo Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers]
@="Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers\CurVer]
@="YontooIEClient.Layers.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers.1]
@="Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
"InstallLocation"="C:\Program Files (x86)\Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
"DisplayName"="Yontoo 1.10.03"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
"Publisher"="Yontoo LLC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
"URLInfoAbout"="http://www.yontoo.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
"Contact"="support@yontoo.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products\{361E80BE-388B-4270-BF54-A10C2B756504}]
"TizPath"="C:\Users\Sample\AppData\Local\Temp\IS2029~1\yontoo-C4.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
@="Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
"TizPath"="C:\Users\Sample\AppData\Local\Temp\6E25F9FF\YontooSetup.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\yontoo-C4-1E50_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\yontoo-C4-1E50_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-1C10_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-1C10_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InProcServer32]
@="C:\Program Files (x86)\Yontoo\YontooIEClient.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]
@="Yontoo Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32]
@="C:\Program Files (x86)\Yontoo\YontooIEClient.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ProgID]
@="YontooIEClient.Api.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\VersionIndependentProgID]
@="YontooIEClient.Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
@="Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ProgID]
@="YontooIEClient.Layers.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\VersionIndependentProgID]
@="YontooIEClient.Layers"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}\defaultEnableAppsList]
@="DropDownDeals,buzzdock,YontooNewOffers"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\YontooIEClient.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]
@="YontooIEClient"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0]
@="YontooIEClient 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\0\win32]
@="C:\Program Files (x86)\Yontoo\YontooIEClient.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\HELPDIR]
@="C:\Program Files (x86)\Yontoo"

-= EOF =-

 

Here's the fixlog file:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-06-2014 02
Ran by Sample at 2014-06-09 13:44:31 Run:2
Running from C:\Users\Sample\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
Toolbar: HKLM - No Name - !{07189b84-b33b-4a1e-9b32-ad203c983c20} -  No File
Toolbar: HKLM - No Name - !{0b84b4b4-8af8-4f1f-91fe-074a666f6425} -  No File
Toolbar: HKLM - No Name - !{348bd83c-b2cd-4319-a605-c96bb458dd80} -  No File
Toolbar: HKLM - No Name - !{364ea597-e728-4ce4-bb4a-ed846ef47970} -  No File
Toolbar: HKLM - No Name - !{8f61e414-ea79-4559-8bb6-61d956f70306} -  No File
Toolbar: HKLM - No Name - !{acf7da4c-eeb2-484a-a3a1-303d4054d50c} -  No File
Toolbar: HKLM - No Name - !{C80BDEB2-8735-44C6-BD55-A1CCD555667A} -  No File
Toolbar: HKLM - No Name - !{cf67755f-9265-449c-87cf-b945519e073b} -  No File
Toolbar: HKLM - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKLM-x32 - No Name - !{07189b84-b33b-4a1e-9b32-ad203c983c20} -  No File
Toolbar: HKLM-x32 - No Name - !{0b84b4b4-8af8-4f1f-91fe-074a666f6425} -  No File
Toolbar: HKLM-x32 - No Name - !{348bd83c-b2cd-4319-a605-c96bb458dd80} -  No File
Toolbar: HKLM-x32 - No Name - !{364ea597-e728-4ce4-bb4a-ed846ef47970} -  No File
Toolbar: HKLM-x32 - No Name - !{8f61e414-ea79-4559-8bb6-61d956f70306} -  No File
Toolbar: HKLM-x32 - No Name - !{acf7da4c-eeb2-484a-a3a1-303d4054d50c} -  No File
Toolbar: HKLM-x32 - No Name - !{C80BDEB2-8735-44C6-BD55-A1CCD555667A} -  No File
Toolbar: HKLM-x32 - No Name - !{cf67755f-9265-449c-87cf-b945519e073b} -  No File
Toolbar: HKLM-x32 - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
C:\ProgramData\McAfee Security Scan
C:\Program Files\McAfee Security Scan
C:\Program Files (x86)\ESET
cmd: netsh winsock reset
end
*****************

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk" => File/Directory not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully.
'HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}'=> Key not found.
'HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{07189b84-b33b-4a1e-9b32-ad203c983c20} => value deleted successfully.
'HKCR\CLSID\!{07189b84-b33b-4a1e-9b32-ad203c983c20}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{0b84b4b4-8af8-4f1f-91fe-074a666f6425} => value deleted successfully.
'HKCR\CLSID\!{0b84b4b4-8af8-4f1f-91fe-074a666f6425}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{348bd83c-b2cd-4319-a605-c96bb458dd80} => value deleted successfully.
'HKCR\CLSID\!{348bd83c-b2cd-4319-a605-c96bb458dd80}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{364ea597-e728-4ce4-bb4a-ed846ef47970} => value deleted successfully.
'HKCR\CLSID\!{364ea597-e728-4ce4-bb4a-ed846ef47970}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{8f61e414-ea79-4559-8bb6-61d956f70306} => value deleted successfully.
'HKCR\CLSID\!{8f61e414-ea79-4559-8bb6-61d956f70306}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{acf7da4c-eeb2-484a-a3a1-303d4054d50c} => value deleted successfully.
'HKCR\CLSID\!{acf7da4c-eeb2-484a-a3a1-303d4054d50c}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{C80BDEB2-8735-44C6-BD55-A1CCD555667A} => value deleted successfully.
'HKCR\CLSID\!{C80BDEB2-8735-44C6-BD55-A1CCD555667A}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{cf67755f-9265-449c-87cf-b945519e073b} => value deleted successfully.
'HKCR\CLSID\!{cf67755f-9265-449c-87cf-b945519e073b}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
'HKCR\CLSID\!{D4027C7F-154A-4066-A1AD-4243D8127440}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{07189b84-b33b-4a1e-9b32-ad203c983c20} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\!{07189b84-b33b-4a1e-9b32-ad203c983c20}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{0b84b4b4-8af8-4f1f-91fe-074a666f6425} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\!{0b84b4b4-8af8-4f1f-91fe-074a666f6425}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{348bd83c-b2cd-4319-a605-c96bb458dd80} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\!{348bd83c-b2cd-4319-a605-c96bb458dd80}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{364ea597-e728-4ce4-bb4a-ed846ef47970} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\!{364ea597-e728-4ce4-bb4a-ed846ef47970}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{8f61e414-ea79-4559-8bb6-61d956f70306} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\!{8f61e414-ea79-4559-8bb6-61d956f70306}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{acf7da4c-eeb2-484a-a3a1-303d4054d50c} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\!{acf7da4c-eeb2-484a-a3a1-303d4054d50c}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{C80BDEB2-8735-44C6-BD55-A1CCD555667A} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\!{C80BDEB2-8735-44C6-BD55-A1CCD555667A}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{cf67755f-9265-449c-87cf-b945519e073b} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\!{cf67755f-9265-449c-87cf-b945519e073b}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\!{D4027C7F-154A-4066-A1AD-4243D8127440}'=> Key not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin'=> Key not found.
C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll not found.
McComponentHostService => Service not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus" => File/Directory not found.
"C:\ProgramData\McAfee Security Scan" => File/Directory not found.
"C:\Program Files\McAfee Security Scan" => File/Directory not found.
"C:\Program Files (x86)\ESET" => File/Directory not found.

=========  netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


==== End of Fixlog ====

 

On a side note, his firewall and virus protection is down and I keep getting error messages when I try to turn them on.  Action Center says there are 4 important problems:

1. click to see antispyware programs.

2. Turn on Trend Micro Titanium Internet security.

3. Change windows update settings.

4. Turn on windows firwall. 

 

None of each seem to let me resolve the issues.  For the firewall error it says "Windows Firewall can't change some of your settings. Error code: 0x80070424."  It also says windows defender isn't turned on and when I tried to it said it's not on my computer... Weird because it usually comes free on Windows 7.  Figured I'd mention just in case it's a related issue.

Link to post
Share on other sites

Hello,

 

As we are going to edit the registry to clean some pups related entries we must proceed with caution.

 

Backup Your Registry

 

 

Then please download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Let me know if Yontoo is still visible in the Control Panel.

 

As for the Windows Firewall please do this:

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure that all options are checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

Regards,

Georgi

Link to post
Share on other sites

Hey Georgi,

 

Ok I finally got around to getting it done so here's the fixlist:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-06-2014 01
Ran by Sample at 2014-06-11 11:17:02 Run:3
Running from C:\Users\Sample\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\YontooIEClient.DLL" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\YontooIEClient.DLL" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\yontoo-C4-1E50_RASAPI32" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\yontoo-C4-1E50_RASMANCS" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-1C10_RASAPI32" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-1C10_RASMANCS" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\YontooIEClient.DLL" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}" /f
end
*****************


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\YontooIEClient.DLL" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\YontooIEClient.DLL" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\yontoo-C4-1E50_RASAPI32" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\yontoo-C4-1E50_RASMANCS" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-1C10_RASAPI32" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-1C10_RASMANCS" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\YontooIEClient.DLL" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


==== End of Fixlog ====

 

Yipes....What's with all of the errors?  Anywho, Yontoo is gone yay!  Ok enough of my celebrating and back to work.  Here's the FSS log:

 

Farbar Service Scanner Version: 10-06-2014
Ran by Sample (administrator) on 11-06-2014 at 11:20:57
Running from "C:\Users\Sample\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.


Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Parameters\FirewallPolicy\FirewallRules" registry key. The key does not exist.

Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.



File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

And here's the link to pastebin.com: http://pastebin.com/pUSHkqx1

Link to post
Share on other sites

Hello,

 

Yipes....What's with all of the errors? 

 

No need to worry. The errors mean that the entries are already deleted. Give me a fresh log from SystemLook to compare the results. :)
 

 

Anywho, Yontoo is gone yay!  Ok enough of my celebrating and back to work.  Here's the FSS log:

 

Good to know that! :)

 

Next let's try to fix the broken services.


Backup Your Registry

 


 

Now download the following files and save them to your desktop:

mpsdrv.reg

 

MpsSvc.reg

 

SharedAccess.reg

 

wuauserv.reg

 

BITS.reg

 

WinDefend.reg

 

RemoteAccess.reg

Now double click on each of them one by one. An information box will pop up asking if you want to merge the information in the file into the registry, click YES.

 

  • Next please download the ESET ServicesRepair utility and save it to your Desktop.
  • Double-click ServicesRepair.exe to run the ESET ServicesRepair utility.
  • If you are using User Access Control, click Run when prompted and then click Yes when asked to allow changes.
  • Reboot the computer and then please attach fresh log from the following tool Farbar Service Scanner.

 

 

Regards,

Georgi

Link to post
Share on other sites

Ok here's what seems to be the finale.  First the fresh SystemLook logs which im assuming the whole Yontoo thing right?  Here it is:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 14:30 on 11/06/2014 by Sample
Administrator - Elevation successful

========== folderfind ==========

Searching for "Yontoo"
C:\FRST\Quarantine\C\Program Files (x86)\Yontoo    d------    [13:27 14/02/2013]

========== regfind ==========

Searching for "Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api.1]
@="Yontoo Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers.1]
@="Yontoo"

-= EOF =-

 

 

Now the FSS scan:

 

Farbar Service Scanner Version: 10-06-2014
Ran by Sample (administrator) on 11-06-2014 at 14:06:33
Running from "C:\Users\Sample\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

Wasn't sure if that was what you're looking for regarding the SystemLook log but let me know if there was something else in particular that I was supposed to look up.  Thanks!

Link to post
Share on other sites

Hello,

 

I am truly sorry about the delay. I was out of town and my phone got broken by an accident so I was unable to sent you a PM.

 

Let's remove the final leftovers from Yontoo:

 

 

Please download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Please let me know if you have any remaining issues that need to be addressed:

 

Do you still have a notification related to "There was a problem starting C:\ProgramData\convures64.dll. The specified module could not be found."

 

Are you able to turn on Windows firewall now?

 

 

Regards,

Georgi

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.