mattyang Posted September 27, 2014 Share Posted September 27, 2014 (edited) Firstly resetted Firefox to default setting didn't work. On opening the browser, home page shown is www.istartsurf.com, different from what I had set. However, when I press on homepage it does bring me back to my original homepage. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2014Ran by Matt (administrator) on MATT-PC on 27-09-2014 22:01:06Running from C:\Users\Matt\DownloadsLoaded Profile: Matt (Available profiles: Matt)Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe() C:\Windows\System32\GFNEXSrv.exe(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Teruten) C:\Windows\System32\FsUsbExService.Exe(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgscanx.exe(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe(HDPlus-01TotalV27.09) C:\Program Files\TotalPlus01-3.1V27.09\f7ed0e0a-16d8-4542-9ba7-870140e413fe.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe(RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\loggingserver.exe(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe() C:\Program Files\AVG Web TuneUp\vprot.exe(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Windows\System32\wuauclt.exe(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [] => [X]HKLM\...\Run: [TkBellExe] => C:\Program Files\real\realplayer\update\realsched.exe [296056 2011-12-16] (RealNetworks, Inc.)HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [134624 2014-07-23] (Check Point Software Technologies Ltd.)HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [2680344 2014-09-04] ()HKLM\...\Run: [sDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-22] (Adobe Systems Incorporated)HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]HKU\S-1-5-21-2988392325-1286642985-2377832700-1005\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-10-06] (Google Inc.)HKU\S-1-5-21-2988392325-1286642985-2377832700-1005\...\MountPoints2: {bb44bce0-7344-11e1-ae64-001fc6f8d958} - E:\AUTORun.exe autorunShellIconOverlayIdentifiers: ATFPUOverlayIcon -> {3239DBC1-B76D-4dc7-8B29-D99CBA3C7336} => C:\Program Files\TOSHIBA\TFPU\TFPUOverlayIcon.dll (TOSHIBA)BootExecute: autocheck autochk * sdnclean.exe==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1411813995&from=ild&uid=HitachiXHTS545050B9A300_100309PBN40617CMHYMEX&q={searchTerms}StartMenuInternet: IEXPLORE.EXE - iexplore.exeSearchScopes: HKLM - {75703935-5E50-4089-AB69-54BE1131A1BF} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSASSearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=304SearchScopes: HKCU - {75703935-5E50-4089-AB69-54BE1131A1BF} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAS_enSG384SG384SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://sg.search.yahoo.com/search?p={searchTerms}BHO: TFPUPWDBankBHO Class -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\TFPU\TFPUPWDBankBHO.dll (TODO: <Company name>)BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileDPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabDPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocxHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.1.254FireFox:========FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\p3dkmt60.default-1411826126322FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\3.2.0\\npsitesafety.dll No FileFF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)FF Plugin: @real.com/nppl3260;version=15.0.1.13 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprjplug;version=15.0.1.13 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprphtml5videoshim;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprpjplug;version=15.0.1.13 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @veetle.com/vbp;version=0.9.17 -> C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No FileFF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\libdivx.dll (The OpenSSL Project, http://www.openssl.org/)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ssldivx.dll (The OpenSSL Project, http://www.openssl.org/)FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xmlFF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-25]FF HKLM\...\Firefox\Extensions: [{C1CA7765-44E4-452e-9D00-A04F3D434281}] - C:\Program Files\TOSHIBA\TFPU\FirefoxAddinFF Extension: Automatic password input in Fx - C:\Program Files\TOSHIBA\TFPU\FirefoxAddin [2010-04-13]FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-12-16]FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG Web TuneUp\FireFoxExt\3.1.0.8FF Extension: AVG Web TuneUp - C:\ProgramData\AVG Web TuneUp\FireFoxExt\3.1.0.8 [2014-08-28]FF StartMenuInternet: FIREFOX.EXE - firefox.exeChrome:=======CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hp&ts=1411813995&from=ild&uid=HitachiXHTS545050B9A300_100309PBN40617CMHYMEX"CHR DefaultSearchKeyword: Default -> istartsurfCHR DefaultSearchProvider: Default -> istartsurfCHR CustomProfile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-15]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-23]CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2010-06-23]CHR Extension: (Skype Click to Call) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-12-30]CHR Extension: (Go away MDA - Bypass MDA blocked sites) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lledpflfnanamkogoclkgaggfdgoalok [2013-12-30]CHR Extension: (Google Wallet) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-12-16]CHR HKLM\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files\vShare.tv plugin\vshareplg.crx [2011-12-16]CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-08-13]CHR StartMenuInternet: Google Chrome - Chrome.exe========================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1811704 2009-10-24] (AuthenTec, Inc.)R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-10-28] (TOSHIBA CORPORATION)R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-11] (TOSHIBA CORPORATION)R2 FsUsbExService; C:\windows\system32\FsUsbExService.Exe [233472 2009-07-15] (Teruten) [File not signed]S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [238328 2009-08-28] (WildTangent, Inc.)R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [132408 2009-10-23] ()R2 LMS; C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-08-13] (Skype Technologies S.A.)S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-10-07] (TOSHIBA Corporation)R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-09-29] (TOSHIBA Corporation)S3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-09-18] (TOSHIBA Corporation)S3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [677232 2009-10-31] (TOSHIBA Corporation)R2 UNS; C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3596240 2014-07-23] (Check Point Software Technologies Ltd.)R2 vToolbarUpdater3.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [1843736 2014-09-04] (AVG Secure Search)R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [93712 2014-07-03] (Check Point Software Technologies, Ltd.)==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)U0 ataa; C:\windows\System32\drivers\upsiuoj.sys [52440 2014-09-27] (Malwarebytes Corporation)R1 Avgdiskx; C:\windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHX; C:\windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 AVGIDSShim; C:\windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 Avgldx86; C:\windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 Avglogx; C:\windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 Avgmfx86; C:\windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)R0 Avgrkx86; C:\windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 Avgtdix; C:\windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [42784 2014-09-04] (AVG Technologies)R3 FsUsbExDisk; C:\windows\system32\FsUsbExDisk.SYS [36608 2009-07-15] () [File not signed]R2 NPF; C:\windows\System32\DRIVERS\aztech_npf32.sys [42000 2009-08-19] (CACE Technologies)R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-23] (TOSHIBA Corporation)R2 risdpcie; C:\windows\System32\DRIVERS\risdpe86.sys [49152 2009-07-29] (REDC)R2 rixdpcie; C:\windows\System32\DRIVERS\rixdpe86.sys [38400 2009-07-05] (REDC)R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-20] (TOSHIBA Corporation)R1 Vsdatant; C:\windows\System32\DRIVERS\vsdatant.sys [456088 2014-07-23] (Check Point Software Technologies Ltd.)U2 TMAgent; No ImagePathU5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-05] () [File not signed]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2014-09-27 22:01 - 2014-09-27 22:01 - 00024888 _____ () C:\Users\Matt\Downloads\FRST.txt2014-09-27 22:00 - 2014-09-27 22:01 - 00000000 ____D () C:\FRST2014-09-27 22:00 - 2014-09-27 22:00 - 01100288 _____ (Farbar) C:\Users\Matt\Downloads\FRST.exe2014-09-27 21:55 - 2014-09-27 21:55 - 00000000 ____D () C:\Users\Matt\Desktop\Old Firefox Data2014-09-27 19:36 - 2014-09-27 19:36 - 00052440 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\upsiuoj.sys2014-09-27 19:35 - 2014-09-27 19:35 - 00131621 _____ () C:\Users\Matt\Desktop\malware scan 27 sep 14.txt2014-09-27 19:04 - 2014-09-27 19:04 - 00005042 _____ () C:\windows\PFRO.log2014-09-27 18:37 - 2014-09-27 19:15 - 00001336 _____ () C:\windows\Tasks\FWVJSTT.job2014-09-27 18:36 - 2014-09-27 19:15 - 00001332 _____ () C:\windows\Tasks\DJZBF.job2014-09-27 18:35 - 2014-09-27 19:36 - 00000000 ____D () C:\Program Files\TotalPlus01-3.1V27.092014-09-27 18:35 - 2014-09-27 19:36 - 00000000 ____D () C:\Program Files\globalUpdate2014-09-27 18:35 - 2014-09-27 18:35 - 00000000 ____D () C:\Users\Matt\AppData\Local\globalUpdate2014-09-27 18:34 - 2014-09-27 19:36 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect2014-09-27 18:34 - 2014-09-27 18:34 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\BandExtend2014-09-25 20:56 - 2014-09-27 19:15 - 00000560 _____ () C:\windows\setupact.log2014-09-25 20:56 - 2014-09-25 20:56 - 00000000 _____ () C:\windows\setuperr.log2014-09-25 19:15 - 2014-09-25 19:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox2014-09-24 18:42 - 2014-09-10 05:47 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll2014-09-18 06:43 - 2014-09-18 18:39 - 00000366 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_Matt.job2014-09-18 06:43 - 2014-09-18 18:39 - 00000362 _____ () C:\windows\Tasks\ReclaimerUpdateXML_Matt.job2014-09-13 08:45 - 2014-09-13 08:45 - 00001764 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-09-13 08:45 - 2014-09-13 08:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-09-13 08:44 - 2014-09-13 08:45 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E12014-09-13 08:44 - 2014-09-13 08:45 - 00000000 ____D () C:\Program Files\iTunes2014-09-13 08:44 - 2014-09-13 08:44 - 00000000 ____D () C:\Program Files\iPod2014-09-12 18:32 - 2014-09-05 09:52 - 00445952 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll2014-09-12 18:32 - 2014-09-05 09:47 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2014-09-11 21:45 - 2014-08-20 01:39 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll2014-09-11 21:45 - 2014-08-19 06:26 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2014-09-11 21:45 - 2014-08-19 06:08 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2014-09-11 21:45 - 2014-08-19 05:57 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2014-09-11 21:45 - 2014-08-19 05:57 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll2014-09-11 21:45 - 2014-08-19 05:46 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2014-09-11 21:45 - 2014-08-19 05:45 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2014-09-11 21:45 - 2014-08-19 05:44 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll2014-09-11 21:45 - 2014-08-19 05:44 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll2014-09-11 21:45 - 2014-08-19 05:42 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2014-09-11 21:45 - 2014-08-19 05:39 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2014-09-11 21:45 - 2014-08-19 05:39 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2014-09-11 21:45 - 2014-08-19 05:37 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2014-09-11 21:45 - 2014-08-19 05:36 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe2014-09-11 21:45 - 2014-08-19 05:36 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe2014-09-11 21:45 - 2014-08-19 05:35 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll2014-09-11 21:45 - 2014-08-19 05:30 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe2014-09-11 21:45 - 2014-08-19 05:27 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll2014-09-11 21:45 - 2014-08-19 05:22 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll2014-09-11 21:45 - 2014-08-19 05:19 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll2014-09-11 21:45 - 2014-08-19 05:17 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll2014-09-11 21:45 - 2014-08-19 05:17 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2014-09-11 21:45 - 2014-08-19 05:15 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2014-09-11 21:45 - 2014-08-19 05:09 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2014-09-11 21:45 - 2014-08-19 05:08 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2014-09-11 21:45 - 2014-08-19 05:08 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2014-09-11 21:45 - 2014-08-19 05:07 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll2014-09-11 21:45 - 2014-08-19 04:46 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2014-09-11 21:45 - 2014-08-19 04:38 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2014-09-11 21:45 - 2014-08-19 04:36 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2014-09-11 21:44 - 2014-06-27 09:45 - 02285056 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll2014-09-11 18:45 - 2014-08-01 19:35 - 00793600 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll2014-09-11 18:45 - 2014-07-07 09:40 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll2014-09-11 18:45 - 2014-07-07 09:40 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll2014-09-11 18:45 - 2014-06-24 10:59 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll2014-09-01 16:18 - 2014-09-01 16:18 - 00002086 _____ () C:\Users\Matt\AppData\Roaming\FWVJSTT2014-09-01 16:18 - 2014-09-01 16:18 - 00001248 _____ () C:\Users\Matt\AppData\Roaming\DJZBF2014-08-31 19:43 - 2014-08-31 19:43 - 00004477 _____ () C:\windows\system32\jupdate-1.7.0_67-b01.log2014-08-31 19:43 - 2014-08-31 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-08-31 19:43 - 2014-08-31 19:43 - 00000000 ____D () C:\Program Files\Common Files\Java2014-08-31 19:43 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll2014-08-31 19:43 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\windows\system32\javaws.exe2014-08-31 19:43 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\windows\system32\javaw.exe2014-08-31 19:43 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\windows\system32\java.exe2014-08-31 19:41 - 2014-08-31 19:41 - 00918952 _____ (Oracle Corporation) C:\Users\Matt\Downloads\jxpiinstall.exe2014-08-28 18:58 - 2014-08-23 09:46 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll2014-08-28 18:58 - 2014-08-23 08:42 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2014-09-27 21:14 - 2012-04-29 09:59 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2014-09-27 21:13 - 2010-06-19 19:14 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2014-09-27 19:47 - 2014-04-18 20:47 - 00000000 ____D () C:\Users\Matt\Desktop\mbar2014-09-27 19:47 - 2014-04-18 20:47 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-09-27 19:36 - 2014-08-19 20:00 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-09-27 19:23 - 2009-07-14 12:34 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-09-27 19:23 - 2009-07-14 12:34 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-09-27 19:19 - 2013-06-01 13:51 - 01873193 _____ () C:\windows\WindowsUpdate.log2014-09-27 19:17 - 2014-08-19 20:00 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-09-27 19:17 - 2010-07-03 10:39 - 00000000 ____D () C:\Users\Matt\AppData\Local\CrashDumps2014-09-27 19:15 - 2010-06-19 19:14 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2014-09-27 19:15 - 2009-07-14 12:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-09-27 18:38 - 2014-08-19 20:39 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 22014-09-27 18:33 - 2011-08-27 15:08 - 00001335 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk2014-09-27 18:33 - 2011-08-27 15:08 - 00001323 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk2014-09-27 18:33 - 2010-06-23 21:31 - 00002517 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-09-27 18:33 - 2010-06-19 19:08 - 00001644 _____ () C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-09-27 18:11 - 2014-08-06 19:25 - 00000000 ____D () C:\ProgramData\MFAData2014-09-27 11:22 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\rescache2014-09-27 10:29 - 2012-05-05 17:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service2014-09-25 20:18 - 2009-12-24 15:02 - 00933686 _____ () C:\windows\system32\PerfStringBackup.INI2014-09-25 19:12 - 2013-11-02 12:39 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-09-25 19:12 - 2009-12-24 15:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe2014-09-24 20:14 - 2012-04-29 09:59 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe2014-09-24 20:14 - 2011-05-16 09:15 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl2014-09-24 18:59 - 2013-08-01 18:52 - 00000000 ____D () C:\Users\Matt\AppData\Local\CutePDF Writer2014-09-17 19:14 - 2010-12-01 16:39 - 00000000 ____D () C:\Users\Matt\Documents\PERSONAL2014-09-13 08:44 - 2010-09-19 09:58 - 00000000 ____D () C:\Program Files\Common Files\Apple2014-09-12 23:11 - 2014-05-06 22:30 - 00000000 ___SD () C:\windows\system32\CompatTel2014-09-12 18:36 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\Microsoft.NET2014-09-11 21:45 - 2010-04-13 15:21 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-09-11 21:44 - 2013-08-14 09:17 - 00000000 ____D () C:\windows\system32\MRT2014-09-11 21:36 - 2010-06-20 11:10 - 98758480 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2014-09-07 20:09 - 2012-01-24 21:17 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\vlc2014-09-04 19:44 - 2014-08-06 19:28 - 00000000 ____D () C:\ProgramData\AVG20142014-09-04 19:43 - 2014-08-08 19:03 - 00042784 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx86.sys2014-09-04 19:43 - 2014-08-08 19:03 - 00000000 ____D () C:\Program Files\AVG Web TuneUp2014-09-03 19:20 - 2014-08-06 19:28 - 00000865 _____ () C:\Users\Public\Desktop\AVG 2014.lnk2014-09-03 19:20 - 2014-08-06 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG2014-08-31 19:44 - 2013-09-24 21:07 - 00000000 ____D () C:\ProgramData\Oracle2014-08-31 19:43 - 2009-12-24 14:58 - 00000000 ____D () C:\Program Files\Java2014-08-29 18:42 - 2009-07-14 12:33 - 00416896 _____ () C:\windows\system32\FNTCACHE.DAT2014-08-28 19:50 - 2014-08-08 19:03 - 00000000 _____ () C:\Program Files\Mozilla Firefoxwtu-secure-search.xml==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\windows\explorer.exe => File is digitally signedC:\windows\system32\winlogon.exe => File is digitally signedC:\windows\system32\wininit.exe => File is digitally signedC:\windows\system32\svchost.exe => File is digitally signedC:\windows\system32\services.exe => File is digitally signedC:\windows\system32\User32.dll => File is digitally signedC:\windows\system32\userinit.exe => File is digitally signedC:\windows\system32\rpcss.dll => File is digitally signedC:\windows\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2014-09-27 11:14==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-09-2014Ran by Matt at 2014-09-27 22:01:52Running from C:\Users\Matt\DownloadsBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)Adobe AIR (Version: 1.5.0.7220 - Adobe Systems Inc.) HiddenAdobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)AuthenTec Fingerprint Software (HKLM\...\{83F136F0-2AE5-420C-A0B6-A440AD42591C}) (Version: 8.5.4.46 - AuthenTec, Inc.)AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)AVG 2014 (Version: 14.0.4025 - AVG Technologies) HiddenAVG 2014 (Version: 14.0.4765 - AVG Technologies) HiddenAVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 3.1.0.8 - AVG Technologies)Bejeweled 2 Deluxe (Version: 2.2.0.82 - WildTangent) HiddenBing Bar (HKLM\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)Bing Desktop (HKLM\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)BlackVue (HKLM\...\BlackVue) (Version: - )Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.00(T) - TOSHIBA CORPORATION)Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) HiddenCanon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)Chinese Simplified Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-2447-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)Chuzzle Deluxe (Version: 2.2.0.82 - WildTangent) HiddenCutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)D3DX10 (Version: 15.4.2368.0902 - Microsoft) HiddenDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft)DivX Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.5.0.11 - DivX, LLC)DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.5.0 - DivX,Inc.)Dolby Control Center (HKLM\...\{87725CEF-1BC6-47C5-B2CD-96DD6D392EE3}) (Version: 2.2.1 - Dolby)DVD Flick 1.3.0.7 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)FATE (Version: 2.2.0.82 - WildTangent) HiddenFileASSASSIN (HKLM\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)Gmask 1.70 English (HKLM\...\Gmask 1.70 English) (Version: - )Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.24.15 - Google Inc.) HiddenHDMI Control Manager (HKLM\...\{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}) (Version: 2.0 - TOSHIBA CORPORATION)HomePlug AV Ethernet Adapter (HKLM\...\{2DFC446B-8A6E-4EF3-99DF-C89E37DB156D}) (Version: - )HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)HP Photosmart 5520 series Basic Device Software (HKLM\...\{E8ED5ADB-3EB5-4890-85F6-0FEA13A47EEE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)HP Photosmart 5520 series Help (HKLM\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)HP Photosmart 5520 series Product Improvement Study (HKLM\...\{B58FBD4F-C69A-41C1-94AC-1A47AD946C91}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)Intel® Turbo Boost Technology Driver (HKLM\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.670 - Oracle)Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) HiddenJunk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) HiddenMagic Match - The Genie's Journey (Version: 2.2.0.82 - WildTangent) HiddenMalwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) HiddenMicrosoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)Microsoft redistributable runtime DLLs VS2005(x86) (HKLM\...\{C0DB380B-97B5-4BB8-AC8D-1835E61439B6}) (Version: 1.0.0.0 - SAP)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) HiddenMicrosoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.4.5000.00 - Microsoft Corporation) HiddenMicrosoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00 - Microsoft Corporation) HiddenMicrosoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)Monopoly (Version: 2.2.0.82 - WildTangent) HiddenMovie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) HiddenMozilla Firefox 32.0.3 (x86 en-GB) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-GB)) (Version: 32.0.3 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)MSVCRT (Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT110 (Version: 16.4.1108.0727 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)NVIDIA PhysX (HKLM\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)Peggle (Version: 2.2.0.82 - WildTangent) HiddenPhoto Gallery (Version: 16.4.3528.0331 - Microsoft Corporation) HiddenPlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)Polar Bowler (Version: 2.2.0.82 - WildTangent) HiddenPolar Golfer (Version: 2.2.0.82 - WildTangent) HiddenQuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) HiddenRealPlayer (HKLM\...\RealPlayer 15.0) (Version: - RealNetworks)Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5923 - Realtek Semiconductor Corp.)Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) HiddenRICOH R5U230 Media Driver ver.2.07.03.02 (HKLM\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.07.03.02 - RICOH)Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)SDFormatter (HKLM\...\{A5355F15-F98B-4704-9BAE-E53B9FE48F48}) (Version: 3.1.0 - SD Association)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) HiddenSkype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.2.10687 - Skype Technologies S.A.)Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)SopCast 3.8.3 (HKLM\...\SopCast) (Version: 3.8.3 - www.sopcast.com)Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)TFPU (Version: 1.0.0 - TOSHIBA) HiddenTOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.11 - TOSHIBA)TOSHIBA Bulletin Board (HKLM\...\InstallShield_{6B81F4D9-A640-4081-A01D-7CB37F5DF4A4}) (Version: 1.5.05.32 - TOSHIBA Corporation)TOSHIBA Bulletin Board (Version: 1.5.05.32 - TOSHIBA Corporation) HiddenTOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.25 - TOSHIBA Corporation)TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 - TOSHIBA Corporation)TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.1.04-A - TOSHIBA Corporation)TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.1.12.0 - TOSHIBA Corporation)TOSHIBA eco Utility (Version: 1.1.12.0 - TOSHIBA Corporation) HiddenTOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) HiddenTOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.3.32 - TOSHIBA Corporation)TOSHIBA Face Recognition (Version: 3.1.3.32 - TOSHIBA Corporation) HiddenTOSHIBA Fingerprint Utility (HKLM\...\TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}) (Version: 1.0.2.18 - TOSHIBA Corporation)TOSHIBA Hardware Setup (HKLM\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0005 - TOSHIBA)TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.3 - TOSHIBA Corporation)TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.3 - TOSHIBA Corporation)TOSHIBA HDD/SSD Alert (Version: 3.1.0.3 - TOSHIBA Corporation) HiddenTOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.5.0.0 - TOSHIBA Corporation)TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 - TOSHIBA Corporation)TOSHIBA ReelTime (HKLM\...\InstallShield_{921F22A4-290B-4B6C-9E8E-B50B58F18ED0}) (Version: 1.5.07.32 - TOSHIBA Corporation)TOSHIBA ReelTime (Version: 1.5.07.32 - TOSHIBA Corporation) HiddenTOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )TOSHIBA Supervisor Password (HKLM\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0002 - TOSHIBA)TOSHIBA USB Sleep and Charge Utility (HKLM\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.3.2.0 - TOSHIBA Corporation)TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.32 - TOSHIBA Corporation)TOSHIBA Value Added Package (Version: 1.2.32 - TOSHIBA Corporation) HiddenTOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.9 - TOSHIBA Corporation)TVUPlayer 2.5.3.1 (HKLM\...\TVUPlayer) (Version: 2.5.3.1 - TVU networks)Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6 Edited September 27, 2014 by mattboy Link to post Share on other sites
Juliet Posted September 27, 2014 Share Posted September 27, 2014 OK C:\Program Files\Trend Micro\Internet Security AVG Which antivirus program are you using? We ask that only 1 be present on a computer at a time. ***************************************************** (Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ Yahoo! Search Protection The above 2 items need to be uninstalled. ******* Running from C:\Users\Matt\Downloads This wont work. To allow the fix to run and execute as it should Farbar (FRST) needs to be on desktop. Please go to your downloads folder. Find Right click on the icon and select CUT Next, go to an open spot on your desktop and select Paste. This should place Farbar's Recovery Scan Tool on your desktop. Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. save it to the Desktop as fixlist.txt NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. It It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow) start CloseProcesses: Folder:C:\ProgramData\WindowsMangerProtect HKLM\...\Run: [] => [X] HKU\S-1-5-21-2988392325-1286642985-2377832700-1005\...\MountPoints2: {bb44bce0-7344-11e1-ae64-001fc6f8d958} - E:\AUTORun.exe autorun HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1411813995&from=ild&uid=HitachiXHTS545050B9A300_100309PBN40617CMHYMEX&q={searchTerms} Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hp&ts=1411813995&from=ild&uid=HitachiXHTS545050B9A300_100309PBN40617CMHYMEX" CHR DefaultSearchKeyword: Default -> istartsurf CHR DefaultSearchProvider: Default -> istartsurf Task: {F013C274-C2D0-4405-9FAB-32E91EDD8E98} - System32\Tasks\FWVJSTT => C:\Users\Matt\AppData\Roaming\FWVJSTT.exe Task: {F8B704BD-EF59-4046-BCB7-A78A135C8B69} - System32\Tasks\DJZBF => C:\Users\Matt\AppData\Roaming\DJZBF.exe C:\Users\Matt\AppData\Roaming\DJZBF.exe C:\Users\Matt\AppData\Roaming\FWVJSTT.exe AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 Hosts: End NEST Open FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. ************** Please download Junkware Removal Tool to your desktop. Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. please post Fixlog.txt JRT.txt Tell me if you see any improvements. Link to post Share on other sites
mattyang Posted September 28, 2014 Author Share Posted September 28, 2014 Hi Juliet, in replying to the AV software, used to had Trend but have since stopped using as license expired. Currently having AVG Free Edition installed. Following is FARBAR Fixlog result: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-09-2014Ran by Matt at 2014-09-28 09:33:47 Run:1Running from C:\Users\Matt\DesktopLoaded Profile: Matt (Available profiles: Matt)Boot Mode: Normal==============================================Content of fixlist:*****************startCloseProcesses:Folder:C:\ProgramData\WindowsMangerProtectHKLM\...\Run: [] => [X]HKU\S-1-5-21-2988392325-1286642985-2377832700-1005\...\MountPoints2: {bb44bce0-7344-11e1-ae64-001fc6f8d958} - E:\AUTORun.exe autorunHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsur...q={searchTerms}Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileCHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hp&ts=1411813995&from=ild&uid=HitachiXHTS545050B9A300_100309PBN40617CMHYMEX"CHR DefaultSearchKeyword: Default -> istartsurfCHR DefaultSearchProvider: Default -> istartsurfTask: {F013C274-C2D0-4405-9FAB-32E91EDD8E98} - System32\Tasks\FWVJSTT => C:\Users\Matt\AppData\Roaming\FWVJSTT.exeTask: {F8B704BD-EF59-4046-BCB7-A78A135C8B69} - System32\Tasks\DJZBF => C:\Users\Matt\AppData\Roaming\DJZBF.exeC:\Users\Matt\AppData\Roaming\DJZBF.exeC:\Users\Matt\AppData\Roaming\FWVJSTT.exeAlternateDataStreams: C:\ProgramData\TEMP:5C321E34Hosts:End*****************Processes closed successfully.========================= Folder:C:\ProgramData\WindowsMangerProtect ========================Directory Not FoundHKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully."HKU\S-1-5-21-2988392325-1286642985-2377832700-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb44bce0-7344-11e1-ae64-001fc6f8d958}" => Key deleted successfully."HKCR\CLSID\{bb44bce0-7344-11e1-ae64-001fc6f8d958}" => Key not found.HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully."HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.Chrome StartupUrls deleted successfully.Chrome DefaultSearchKeyword deleted successfully.CHR DefaultSearchProvider: Default -> istartsurf ==> The Chrome "Settings" can be used to fix the entry."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F013C274-C2D0-4405-9FAB-32E91EDD8E98}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F013C274-C2D0-4405-9FAB-32E91EDD8E98}" => Key deleted successfully.C:\Windows\System32\Tasks\FWVJSTT => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FWVJSTT" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F8B704BD-EF59-4046-BCB7-A78A135C8B69}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8B704BD-EF59-4046-BCB7-A78A135C8B69}" => Key deleted successfully.C:\Windows\System32\Tasks\DJZBF => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DJZBF" => Key deleted successfully."C:\Users\Matt\AppData\Roaming\DJZBF.exe" => File/Directory not found."C:\Users\Matt\AppData\Roaming\FWVJSTT.exe" => File/Directory not found.C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.C:\Windows\System32\Drivers\etc\hosts => Moved successfully.Hosts was reset successfully.The system needed a reboot.==== End of Fixlog ==== Following is JRT Log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.2.3 (09.27.2014:1)OS: Windows 7 Home Premium x86Ran by Matt on Sun 28/09/2014 at 9:41:37.15~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS~~~ Files~~~ FoldersSuccessfully deleted: [Folder] "C:\ProgramData\apn"Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0103610F-18D0-4181-878E-376319A95ACC}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{012A1B1F-363B-47AF-A2EF-346FE3FFF5EC}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{01C57775-9A8C-4433-9A9D-1DA36F81639E}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0211F482-C958-490F-9521-BB1F999296C6}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{02600436-FD8C-4B74-8E2F-ADAC857404FF}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0286B544-B8EF-4213-BDB5-E1CD30303CF1}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{02D3B025-BA4B-4FB4-9C0D-4D26AF19E571}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{034988B9-19E5-46C9-813B-F5D83A62F942}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0353CD39-4880-417A-B3BD-C05861464DA4}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0386384A-B8DF-457F-94F9-854434C08D11}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{03F8AEA8-62F2-46C6-BE52-E277EF17A207}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{041C0E69-1F5D-4D95-AAF0-A47ADF4F81E8}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{04B68668-3C54-49CF-B2D2-7C6919B392CD}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{05DEAC63-331C-44A3-BAE1-A0CA00B0EFC3}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{063CD621-2312-4EA4-9BC8-4CBA6219F658}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{06573032-603C-44D5-B2EC-2C64C70EE3FB}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0749E6AF-A27F-47CB-B522-EA85DCFBCCA2}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0807CECA-B188-4AD2-9799-67FC1C4C6EA4}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{09FC6167-9686-44A4-AEC7-4F5AB757E013}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0A1151FD-6831-4852-A7AB-83FE02ACB74D}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0A11D492-30F4-4CE2-B2EC-4CB6CDCF32BE}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0B4D9049-E4A2-4113-9C2D-65AE1C606DA9}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0C2E94F0-6F50-4580-89ED-AB52F101B06C}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0C630F41-8BFB-46F7-A24D-F1E774C1E09D}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0CCEC521-2A98-4F37-BD1F-A124BD4E4E91}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0DE0FA98-5D21-44B1-8D56-39746997B4F3}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0E34B8C1-6FAE-4E86-821E-357E0E57B28E}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0E4E9E43-8E66-44B2-AEEB-5D3F6BE0A921}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0F49AE7E-9564-4F2E-A84E-730629A65F21}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0F836A48-1647-474F-BE6E-347DF41A77AC}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{10617C82-9D8A-4670-BD6E-C40FBEE1E08A}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{10B76DB5-9014-4CB7-B518-47995327F336}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{10BC4FB9-16D7-4F03-B754-2468335EAEF7}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{10F5C3E6-5721-424A-BD94-D8460DF9CD07}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{125B0BE8-6AC2-4EAD-90AF-88E2FA2A1D70}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{138902BC-114F-49D5-8B83-9A7E4ED0E6DC}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{14CA637D-817B-4426-ACCC-CCB32E16973D}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{14EB1875-F077-4CAF-BCC2-261913557DA8}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{14EF3069-DD6D-4235-A33B-60AAB54CBAEE}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{187FF5C9-69A5-4D54-B859-40BC79270686}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{19E019FE-D209-4ACB-8BC0-4A10F5096FA2}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{1A2424BC-3C26-4885-B6B5-FCD4EAD7489E}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{1A3B7000-58A7-4317-9562-1C8FE294289C}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{1A806100-E642-4653-8C6F-611F64F9744A}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{1BC3F5CB-EE31-488B-8130-0F2D13DE5390}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{1CDF5015-D7AB-45D1-9DC2-4474AC583844}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{1E3025B0-64B6-4938-8547-35FE1913B8BD}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{1EAC0F0D-4081-480F-80CA-B688E1F6CE02}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{20372DCC-472B-452D-95B6-37FC74AF31A9}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{21BD2FE9-AC07-4ED5-B27A-918578AFB2D8}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{22222D66-3AC2-477A-B7B0-C3334CB4509C}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{22CEBDC4-1928-4035-B2BA-5AFC46244590}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{23081BF4-ECDA-4E05-A772-5CD618843BAB}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2318079A-2D5C-4D1D-8BD1-990F38B572A8}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{236681BB-94C9-4B0D-B101-5BA270C4B4F3}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{23A314F4-400E-4FEB-9B25-F52BD21325E9}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{244F250D-83C6-4C62-92F5-4A17BF58851F}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{247EA3D8-087E-423B-8999-BBE598C079F0}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{24973656-36C6-43AC-AAAA-1A92EBA1428E}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{25E9A4F4-B511-4222-9452-0D75DADCEEBD}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2622A8E2-CB67-4FAB-8BE0-59374C05CE3D}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{271A8479-FF0E-43FE-ADB2-119CD52743FE}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{29802EBF-1462-4B2C-ABFF-86B2D43F3429}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2AB640B0-3BC9-4CBD-8E30-3890E6CB7CB0}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2AEC3947-76F5-4944-A8F2-E21B5F014972}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2B01A73B-2681-4BEE-B7E8-BD9B387EEF0F}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2B19FFCE-88AB-4015-84D9-0FA7D6235DFF}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2C269C91-73F6-46AA-864B-659BCDC6A149}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2C9AE38A-29EA-4525-BB44-6AD0B3F61E30}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2CB207EC-BB90-4380-8569-EAA69DFA9F5B}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2CBB2F23-0807-450A-ADEA-D3DC1E56F9A4}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2D27E991-6E4A-45AF-9B1F-77BC9F9932F5}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2D2D8573-6196-48D6-983E-AE836FF84D2E}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2D5B3D3A-877A-44D1-8F2F-654CF883B3DD}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2E0CE17E-2D7C-4E2E-8BAA-4F0DD4EB00C3}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2E477545-8508-474D-89E5-750A4206A351}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{307312E7-4547-4C70-A9F1-335D094F4852}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{31111668-8A3D-495B-B8D8-095976C833C0}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{31F3F775-165C-4F01-A785-DA5446C79619}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{356C255D-0F01-4C77-8E85-3CC95A68DD11}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{360147AF-2A13-4590-B146-4B01556BCF46}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{36791A2E-CE6F-42EF-BA68-0AB2A64B8979}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{36D0BEA8-731D-40B9-AB26-0CFF2DCEA39A}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{379BC36D-BC9D-4958-8682-E71EA121B622}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{38136471-21C3-4E3D-9485-9A6F7FF0AEDA}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{38C0F7D0-CCCD-4D98-8588-4734E67A2BAF}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{390C1E9F-1F8F-491D-8A96-48F4BD03DEF4}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{392FDDD6-B35B-44ED-B521-EEE037DECF8B}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{399F56F7-F64B-46A7-B8DC-4327090AE1F7}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{39FE66BD-699E-444C-9D4A-69527FD3A1AC}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{3A3B38B9-B5F3-44FE-9D83-39352591B76D}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{3A69DB40-FAE5-46FA-ACAD-A14E17D510E0}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{3AADF8FA-3641-4CB5-82F6-25C06B28B7C4}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{3AD331C2-21D0-4E52-9F70-231840B9E160}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{3AE365F0-5F20-4D82-A2CE-BB8D273D80DA}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{3C7F86D6-D0BF-4465-98E5-A74314CAE2D5}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{3CC9D6CD-F0C1-4EDE-BEBA-8516A914203E}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{3CD5E5BD-8F71-4222-86BC-3753071D8CDF}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{3D5CF262-7DB6-4B14-8FC9-8A208D6C3CE1}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{3EB85CFF-1C7E-40F1-ACEC-10CBCCA24D4F}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{3EEA9E1F-C035-4D71-AE70-9CECB056F27D}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{40259F41-482B-48A7-A582-1FCCBBC142FA}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{40AE4146-4DD5-4EB2-9A8B-FAEDF6FF36F6}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{41D100D3-7CA7-4D55-9185-76A14ADF02B1}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{4242F997-4892-4E17-A038-BCC1973E0C19}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{424ED7F0-0FA7-4B0F-B1AB-E83C5998BC1D}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{425A53BE-3A42-493A-9781-9520DC2C56CA}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{43927AF1-005D-4045-AE56-2F9F7F53FCBB}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{440C0208-4902-4273-8C35-0B111910A12D}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{4475C490-2F3C-4DAF-A7B8-A37B41EA5F43}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{464E967C-A8B6-4C88-9B89-B45D711C6A3C}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{471651FE-D4C6-4268-A4BA-F7D934568180}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{47F10EB1-B68E-4D11-AD56-6BB8A8ACD263}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{483F1513-7945-4001-8BD6-8AA17EED83B2}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{486614CE-AB56-448D-87CD-13B2757CC3AC}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{488BFD99-6C40-4EDB-8245-A105FF3A9D0A}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{48B119D9-0D37-49F9-833C-69107DA72330}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{490FA37D-C9B8-4ABA-8123-E065CDCFCA03}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{4A94AD6E-DAFD-4460-B429-289969663782}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{4D363D01-B805-43F1-BA85-A5A97600C0A3}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{4D48A3F6-6A42-4FDC-B6B6-B8C85B1F9D88}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{4E249ED8-BA16-4E29-A282-789B882505A9}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{4EFA3B26-100F-4416-80BC-940F434DA426}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{4EFC01C1-E43E-4101-A2DC-512ED380329F}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{4F1B2E44-FEDF-408D-902C-9D85FBF67E5A}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{4FBB3A7D-F1CC-4B5F-9C1C-7A56698A22AB}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{4FEB6C52-283A-487C-8853-EC126C286ACC}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{500AFC85-1230-4030-9756-03AE7D034308}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{50B2E073-EC03-4DB1-B7C7-4AB38D3F3B86}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{50D64316-669B-4DD4-AF75-632917C2A2E7}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{515831D2-B1A7-46ED-8AC6-106E112FDA19}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{51B66E84-6BE5-43FC-8133-A2D28958F31B}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{52AA4CF7-3678-4501-9D5B-8329CF44BEC4}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{52B5B406-092D-4B85-9358-7EDBCEBDB9E1}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{52CAF52C-F1C9-473C-90D8-4B0B21CFF083}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{549A8E66-0F91-4C21-AFF4-AD8F051F676E}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{557301D4-7918-456D-BE1E-45C684ECF16F}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{567C91A3-9DFA-42B5-BF68-3FCCE78A2AA7}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{56C17D08-E6B8-4C78-A428-DD95FAE15606}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{579B36BA-1479-4570-977B-0CD083E421B2}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{58B12B4B-64BB-412A-BB8E-9B831F0A8651}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{5940E984-BC8E-413B-BFEC-C07D45C1CA09}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{5A3B8547-49B8-4EC2-A1FE-86452A7AA06F}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{5B75DF06-4DBE-44F5-B035-71A2F14CA3D1}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{5C9AC161-2C68-4109-BC27-FD9B7BC56FDD}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{5DCB1DF8-C4AC-4F98-9DF2-C7C16D8EA9FD}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{5E1D5C6A-B481-40E2-8BE4-685C263FB64E}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{5F7E9DB0-A430-4964-B2BB-4A3F164DF05F}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{61C7B10C-5B84-4BD0-80FD-6384564BF798}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{629969C3-7E42-4DFC-9A40-2DCB8789E72B}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{62D5F046-273D-4E54-B786-653BABB33E43}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{6518C7E8-168E-4F96-8982-A568DD39457D}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{653009BB-7D83-4F57-A914-C2B3AF7AEFC1}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{653EC3CA-ECFC-4721-8E60-9F834B8643A3}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{657C7415-56FB-449F-AF72-981145462EEB}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{6586F64E-22CD-406C-8B75-A2FE1DE9DDE3}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{6588DD89-5B62-48B3-BFA6-4AC9B0BDD27E}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{65DEFBCE-A64A-41E6-9463-E3F3C7421DEB}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{66447088-208E-4F5B-A56E-97BEEC7B841C}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{670CFE02-5C24-48D0-80E4-4BE9B60680C9}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{6723435B-B588-4C53-9DFD-D410C281423B}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{67FA7761-E0F6-4A63-8F30-88AC5FE9340A}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{683CE762-10E1-4EB9-9C38-0E49F102E090}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{68893195-579A-4346-B22D-CF52C2F66FE5}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{68C03189-2230-4DEC-96EA-5498263552C1}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{6B3ACCD9-35BE-4A15-A602-6D030E77CB3E}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{6E7BFE0B-33BC-45BE-9BD7-F7DE287A54B3}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{6EFED313-4C9A-4C68-A6F1-C32B7BA23AFE}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{7033B61C-DB58-4336-B39C-6D3AA3C79355}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{707C3217-F59D-41C0-8E90-8DF440EACACB}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{70DB0360-A485-450D-AD80-8F4C69FDA65E}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{71B6E7F2-48DA-463C-B06A-98A1BCE1C97A}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{73E7FEE3-EBB5-4735-B4B1-21280B97CFA9}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{740C2E62-B967-48F7-BAB4-88C3EFF1E2F2}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{7451A416-F559-414E-B3E8-415179C1F2C7}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{7657E90D-7804-46F4-AC0F-A5CA61A0926F}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{76FEBCF8-9D22-4350-96AC-2453DC687FD8}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{7777A4F2-3F42-444A-8CF4-F6A43A578E3F}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{778F69F4-B820-4193-B8E4-DA1FCE468C7B}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{77F2C13F-EE23-4189-9536-1D732C767F6E}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{78128D1A-8947-4856-A6DB-ED8FA12A88BC}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{78B7AE8E-C873-43EA-ABDA-89246F232832}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{7918D525-0E05-4686-ABA6-308BD857DF85}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{7DC2C866-24DC-444C-A0B7-5C1543A868F4}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{7E4F091A-7E89-40C7-A289-6B708951B2E2}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{7E6402C8-3850-4BAD-A0CC-37D9AE578A5E}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{7F4D41F2-C282-489A-9A4F-44B46C6A6233}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{7F78D8E8-159F-4C0F-8249-9F99647F0393}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{7FCC2419-514F-40F1-8CB7-5BD40CBEF1AA}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{801B7610-5A12-4D33-858D-25AF95821586}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{8086E527-458F-44A1-86A3-6BB86D1047BD}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{80C37765-7563-48C2-9808-50255A780ADA}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{810DDA05-07C4-4EBE-BDA2-ED4724B595EB}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{817102AB-D4F2-485D-8D99-EE554F6283FC}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{819AF3A7-B35C-415B-B856-667D2590E797}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{81ED2EE3-5FFB-4F2D-BAE7-A2C8A0869035}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{83CB8C17-6842-4BCD-95E0-7B4FF0526CB3}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{844D2849-A75F-48AF-94DB-FBECFE2DEC1A}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{85B2CE70-0BDC-4A49-9E70-B56D5B8AE329}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{86206B67-0636-4339-9276-416E7D8B29EC}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{86FD3316-A550-4B75-B94B-0F2B51CF685D}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{87D8EAD7-8C8E-412E-ABB4-84FF8925C61F}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{88932B39-1F4C-4B0B-8B98-2D6FED02FCEF}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{890FDD55-A69E-4F1A-889C-6215B0C4CEC7}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{8A723D23-23CD-4BF9-A223-3A8840DE9760}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{8A92D44B-ADE6-4D16-AB17-F4758E841FC6}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{8AD838C0-251D-4A08-9EEA-926F2A0F5916}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{8C027D7C-5933-41EE-9DED-7E459C6C957F}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{8CDEC0EA-1F89-4724-B45D-E93AEFFEAA15}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{8D474A2F-7121-49D2-AD9D-F18FD789326C}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{8F71DFD8-F7DC-4A16-BAD2-20C9D822FC2B}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{8F8FA09D-5684-415D-ABC6-974FE7EDBAE3}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{90975B23-5E8D-48F4-9FB9-3EA288607F62}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{90D63E54-E4CC-47E4-9AB3-C35C7C048B4C}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{90E33C16-3626-4E8C-9A80-EFB89A7AC19F}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{91203673-4313-4958-BE27-F71931BA080E}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{921E554F-A32B-4F41-8920-FB29680F197D}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{92A4D77F-3C2A-4AAB-912B-4EACD6DD37CE}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{92D4AA0C-D57C-4E21-A1B2-FFED6572A099}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{92EA99F0-A20B-4D81-A290-17E313774B30}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{94300C87-203A-4551-A184-97321A46A474}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{958BD507-E764-4B44-82C0-21480A2168E3}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{96193E11-6B80-4BC2-A8F6-8DC0FAF0B925}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{97B1C750-A2D4-4627-A21E-F8D0905D7832}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{9813AA3E-8941-48EB-B4D8-E4CFA631AFF9}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{985777BB-52BC-47BD-997A-633B62FBABF0}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{98F824C2-BE54-4CB9-8CAB-61F381668055}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{99F671E0-A50C-4EC1-A122-B65016580F80}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{9A11B7F9-9A0C-497F-952A-B04C144DA784}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{9A21370C-3C18-4DE8-9D30-F41C44E56F06}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{9A5D95DA-F455-42C6-B8BA-5F51E4FB5B9E}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{9B36CEEE-FA84-443C-9B63-BE44BFFA7EA8}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{9BC89241-94C6-4676-8F2F-DE773D97CDC5}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{9BFCF946-E2A0-46D1-821F-6F2E4BC663CF}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{9CDAC1D0-AF99-4370-B2E7-DF3EE5830F31}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{9DC8A1A9-1000-4F25-AD57-877247A388CF}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{9E4A1DAB-DA60-4B36-8200-695DC4976FAF}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{9E6EB1EB-92C1-4951-9E2A-EDFD61C6A8CC}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{9FF654AA-CA42-458A-82CA-7FF11C4939DC}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A03CDDEF-53C9-4B96-A3C5-F32E7D7751DB}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A24F3A76-3613-4600-A1B2-845C2D2CABA0}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A3E1DAE5-08E4-4B53-8C3A-7890326C8BF5}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A48B31BD-994E-4BDD-808C-1C8E0888E84B}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A4AFFD63-BC88-4CE3-937C-687F38A41815}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A5172AA5-B8A7-4768-8996-AC7857AE381C}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A5C6E5FF-5041-49A8-A311-CCB46CDC939E}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A5EF2315-FF0E-47BA-90DE-C27C9F3165F8}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A6FE5EAD-F504-4B86-A99D-0519511B02E0}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A7A3A624-98F9-418F-909D-FD71AB36B6E7}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A9998377-06CC-4464-B51D-E53EC4AC75EF}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A9E8A448-73F2-4F15-99D8-923EE676B132}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{AA3E59B6-577B-4A08-A2A4-873FA8E8A806}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{AB917FF5-A568-4240-A13B-AAF9ADE83659}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{AC41E1EF-EC21-4CC3-9E24-6758BEA46E25}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{AD1CBC96-66B3-4383-94F0-7A60C63A373E}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{ADBC6635-6560-4E07-AB52-3FC0AF61CBD5}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{B00A8355-1C7F-407E-AF5E-A1AF6DEBF162}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{B0146E1E-57CC-4736-911E-CC90053507F6}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{B187FA47-E66C-454A-BFE6-615E829A287F}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{B1FF0A44-87B3-4A75-85C6-7687191F0069}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{B3AC75FF-EDC4-43CA-B8CF-5F413851D8DE}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{B411893E-C22C-4B05-9B8A-12A8E4BAEFBF}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{B95FDEEC-E6B3-4FD7-9586-853AF810AAFE}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{B9FCDE01-4544-4E25-9D06-AA6E3A3DD9A4}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{BA395823-B4C4-4C78-A341-71FA1738B475}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{BA476625-BA35-46E3-80B1-BEE361BFD7DF}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{BB0E3A32-EDCF-4DBB-A528-0DEBDEB8D42F}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{BB59D759-2BC4-476C-90D8-4A8464289C4D}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{BBE84428-9864-4F85-A732-6BA6CE72C504}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{BC1114FC-64AF-4B6B-BC25-0127EB959D64}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{BC18AD11-4C17-4793-AE91-CB4278C8DA86}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{BD0AB58E-EDF2-460F-8F21-2DE83EB33B53}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{BD3FB0C6-C7D7-4856-958D-9E06CB75848B}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{BD9EAF22-CCB7-46E3-8E3F-CD6239154BAF}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{BF1CF53F-25AB-4F16-BF5B-978AE3FE8682}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{BFEEF296-57F2-4F63-94E0-9DF6DF0627CD}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{C38A160C-D62F-4385-9088-8E88F416AEB5}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{C56D49B1-7F1F-419D-A5FD-841EE4AE9479}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{C5B62D6A-BD8A-4226-86FF-A69D1A67E0F5}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{C63B0F83-6797-49F1-9EA2-A82ADBAF2DD4}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{C9CE3C22-6CD0-4C80-945C-DA290CCB2F8C}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{C9E04760-9A30-4372-B4DE-882AA7B4EBFC}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{C9F3CDA2-7515-4878-BE51-0C5059F1055C}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{CA3D682E-949C-430E-B5A8-C82767F4213F}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{CB5002D9-C66E-458F-9DDB-65AD0EEE7239}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{CB88BFEA-C5E3-4EE4-8BC6-3A0A587C2687}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{CBC01C32-196B-4B66-BA0D-9188916A2D76}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{CC6A382F-7450-49EC-BFC8-B61A01D6D5B0}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{CC81C7DE-8C2E-4FD8-9A90-6757FB756E5C}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{CC94F686-FCF6-485E-9A94-3D2FCC7B7E25}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{CEDC1C22-81E9-4AC5-92CE-A2F88665449C}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{CF51A888-81B7-4A99-A147-161DEC2C5E97}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D053AE15-F727-45AE-B2F9-26F0CC6738E5}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D0F7085D-CA45-4552-966F-E72BE2BBD684}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D11D182B-1402-4C10-916F-3D09D3143F1F}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D21D91E8-5B98-48F4-B8C8-14BA0DA47BC1}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D2320452-AB2E-4D81-BD94-ED2CE3517B63}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D32F5634-F1CF-4FAF-90C7-CB320FA12962}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D44542D3-E863-4139-8138-24F1BD5743D1}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D48349FA-7851-4BAD-9593-E104969D361B}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D50F76B9-210B-411B-8D68-A86F2FFE3CB6}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D616A1E1-5E5B-407A-889A-0CAC58ED2BE4}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D61F5DAD-45EF-428A-9A72-53B5337881F0}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D7350731-7EB1-4A4B-8E6A-E440E6C7A85B}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D7CE3624-B9F4-4340-B54D-E549D190F461}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D92E2721-9BD1-461B-BEA6-698FEE17BCC6}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{DA69AB5C-3731-4DF3-A61C-653D1F7DBFA4}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{DA7D2B3E-019F-48FB-B888-8DC8ED16A939}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{DACFBFD6-B892-496F-A459-D8CBB00E2FE6}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{DAF591E1-EBE7-4E22-9A67-68E43BA60162}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{DB731382-629E-46C2-8EF1-ABE274E9D887}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{DC97135C-E41C-4D34-B426-F900E4C8C259}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{DCF651DA-7F3F-497A-85F5-6DF8D3D954AC}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{DEE8CD07-D320-4428-AD43-39C8968B7592}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{DEE976F8-CE82-44B3-B4CE-406BCEEB9484}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{DF5F05EB-F8C9-4281-AF7D-EFF3838DFC64}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E0323266-88FD-49F1-AB0D-6D467FFF41EC}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E204F484-337D-4CFA-83C0-9CA2D65D7000}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E2D4617A-F44B-4C3B-905C-7DC412EABA4A}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E37E6910-FAD4-4AA5-9D0B-CC719AC42AEB}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E395AC9F-3233-4F90-8787-3E2158B35017}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E409BE76-211D-44EF-8BED-DD0D5250B04D}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E4E835C5-7979-4BDB-8ADD-98B03036269E}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E6461715-4C00-4FEC-A882-E3F2F2D2127B}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E64C2A66-63A9-4423-A5F2-152BE10D57A2}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E7238A81-0535-48E0-8A1C-F34A9DB19FA8}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E7C97F68-CA03-42C8-9BA3-D27CF2379BEF}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E8B644D8-3E2D-48A8-86D7-585772712F72}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E9346E80-19D0-498D-80A0-C5C1460F9F37}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{EA52F72B-8C46-4732-BCBA-BC0F998CA0F0}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{EB223433-5D22-494B-B2FA-F8141C2F694F}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{EB96398B-B85B-40D2-A3CF-592D0E85E164}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{EBAE2A5F-2D20-4625-8AC9-BBF061519873}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{EC347A49-F397-4185-B1A7-4A24564BEA5B}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{EC34A816-756E-4909-8478-242E430CFFD3}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{EC38D02E-8D20-4788-A9C2-7B50A929BFF9}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{ECAE18A7-D48E-4CEB-967E-B8EB41A7DE2F}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{ECDE1EE7-F125-40C4-BEC1-CEC4F85A2536}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{EE808315-979D-48A0-9ACC-1583D93D445C}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{EE8C29E5-06A5-40B0-9B62-3405B3F535F4}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{EF7A7812-56D6-4899-87C5-CE4E20C0CC74}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F05B0233-B810-435D-9039-3017CBBF0392}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F096B8E9-EBE1-4AD0-9FAB-FDF88457117C}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F196FB9C-A9B3-4801-B192-9AD9EC1C1F97}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F22EF3F8-915D-4E48-A47B-FEB003536CBB}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F2A9CD24-1FD0-4A29-B51D-C25531938AA3}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F2CDA0E2-9D4D-490B-B286-4FC9FF7BBF00}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F36368CD-A694-4C29-8E3F-FFC440E2A4D4}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F3822306-D32B-4086-A0C9-55365F81E793}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F41B8519-23CC-48E1-8C29-EF76EB9DC101}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F559E46B-CA49-4CBB-AE41-7DB05F43E1D5}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F5765B39-4978-4E09-B323-4AD8213197D7}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F5C97EC2-CE17-442F-A9E0-7D9EF3B9B7B6}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F62EFC90-CFFA-4994-8271-8A036F6C5E90}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F6493166-F398-4C0A-97B9-19B50C0150DB}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F85061CF-D321-4583-98B5-C09AF01D9231}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F8CF38BF-C61E-4F20-99A9-48C962B95702}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F9015FDB-C017-44BA-936E-A345D5F8D86F}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F94FE6E6-FD76-48B2-94AD-B89ECE3554E0}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F951EEB7-82B6-480D-B26E-DD296606D5AD}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F987822F-9731-47A0-ABB0-4189C70B43C1}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{FA0A9782-2EDC-48C1-9C5F-A7A67B181003}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{FA52D3B4-F3F3-41A9-B270-4901D1824B1B}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{FA5E45A8-68BE-4E59-8673-134FD3277D3E}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{FAE70310-3E31-4040-ADEB-008E60957E06}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{FD08C757-4563-446D-B52C-66B1D742D50B}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{FE89D105-3980-4E5D-A741-D045306E8200}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{FFB3B458-9B7E-4D93-BBD5-5CFB81A29B6A}Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{FFE3ACCD-7608-4DD6-BB05-768E01E70E21}~~~ ChromeSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sun 28/09/2014 at 9:45:34.62End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites
mattyang Posted September 28, 2014 Author Share Posted September 28, 2014 Btw Juliet, I tried opening all three browsers, Firefox, IE and Chrome, noticed all three start homepage opens to the istartsurf page... Link to post Share on other sites
Juliet Posted September 28, 2014 Share Posted September 28, 2014 used to had Trend but have since stopped using as license expiredThen you need to remove it. scroll through the list of currently installed programs and uninstall any of these items listed below, if found. iStartSurf uninstaller, iStartSurf NewTab, Wsys Control WPM17.8.0.3159, Extended Protection, IePluginService, SupTab and any other recently installed unknown program from your computer. Open Internet Explorer, click on the gear icon in the upper right part of your browser, then click again on Internet Options. In the Internet Options dialog box, click on the Advanced tab, then click on the Reset button. In the Reset Internet Explorer settings section, select the Delete personal settings check box, then click on Reset button. When Internet Explorer has completed its task, click on the Close button in the confirmation dialogue box. You will now need to close your browser, Click on the Chrome menu buttonon the browser toolbar, select Tools, and then click on Extensions. In the Extensions tab, remove iStartSurf NewTab, Extended Protection 1.9, Lightning Newtab and any other unknown extensions by clicking the trash can. Basically, if you have not installed a Chrome extension, you should remove it from your web browser. NEXT Click the Chrome menu Chrome menu button, then select Settings and click on Manage search engines in the Search section. In the Search Engines dialog that appears, select Google and click the Make Default button that appears in the row. Search for iStartSurf in the Search Engines list, and click the X button that appears at the end of the row. Change Google Chrome homepage from iStartSurf.com to its default. iStartSurf has modified your Google settings to open their webpage whenever you start your browser, so we will need to revert this change. Click the Chrome menu Chrome menu button , then select Settings and click on One the New Tab page in the On Startup section. In Chrome you will need to reset your default search option manually. To do this: Click the Chrome menu on the browser toolbar Select Settings. In the Search section, click Manage search engines. Check if (Default) is displayed next to your preferred search engine (such as Google). If not, hover the mouse over it and click to make Google default. Hover the mouse over any other suspicious search engine entries istartsurf and any others that are not familiar and click X to remove them. Reboot ******************** Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advertisment. Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click on Scan. After the scan is complete click on "Clean" Confirm each time with Ok. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile with your next answer. You can find the logfile at C:\AdwCleaner[s1].txt as well. NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it. ~~~~~~~~~~~~~~~~~~~~~~~~~ Download Malwarebytes' Anti-Malware to your desktop. Windows XP : Double click on the icon to run it. Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"On the Dashboard click on Update Now Go to the Setting Tab Under Setting go to Detection and Protection Under PUP and PUM make sure both are set to show Treat Dections as Malware Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked Then on the Dashboard click on Scan Make sure to select THREAT SCAN Then click on Scan When the scan is finished and the log pops up...select Copy to Clipboard Please paste the log back into this thread for review Exit Malwarebytes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Shortcut Cleaner http://www.bleepingcomputer.com/download/shortcut-cleaner/ Shortcut Cleaner is a utility that will scan your computer for Windows shortcuts that have been hijacked by unwanted or malicious software. When Shortcut Cleaner finds bad shortcuts, it will automatically clean them so that they do not open unwanted programs. Please post: C:\AdwCleaner.txt Malwarebytes log sc-cleaner.txt Link to post Share on other sites
mattyang Posted September 28, 2014 Author Share Posted September 28, 2014 (edited) Then you need to remove it. scroll through the list of currently installed programs and uninstall any of these items listed below, if found. iStartSurf uninstaller, iStartSurf NewTab, Wsys Control WPM17.8.0.3159, Extended Protection, IePluginService, SupTab and any other recently installed unknown program from your computer. Ok I can see how this is going to be a long drawn out process of cleaning up my notebook. So far I did uninstalled Trend from my notebook from the list of programs installed. Have gone through the list again but its not found there, am I missing a step somewhere? Also did a search for the mentioned programs to be uninstalled but did not find any. Browsers issued solved after running Adwcleaner. Result as follows: # AdwCleaner v3.310 - Report created 28/09/2014 at 12:26:14 # Updated 12/09/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits) # Username : Matt - MATT-PC # Running from : C:\Users\Matt\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\AVG Secure Search Folder Deleted : C:\ProgramData\AVG Security Toolbar Folder Deleted : C:\Program Files\globalUpdate Folder Deleted : C:\Program Files\Common Files\AVG Secure Search Folder Deleted : C:\Users\Matt\AppData\Local\globalUpdate ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk Shortcut Disinfected : C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Shortcut Disinfected : C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Shortcut Disinfected : C:\Users\Matt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Shortcut Disinfected : C:\Users\Matt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk Shortcut Disinfected : C:\Users\Matt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0 Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1 Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SAFARI.EXE\shell\open\command Key Deleted : HKCU\Software\GlobalUpdate Key Deleted : HKCU\Software\InstalledBrowserExtensions Key Deleted : HKCU\Software\vShare.tv Key Deleted : HKLM\SOFTWARE\GlobalUpdate Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17280 -\\ Mozilla Firefox v32.0.3 (x86 en-GB) [ File : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\p3dkmt60.default-1411826126322\prefs.js ] -\\ Google Chrome v37.0.2062.124 [ File : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://startsear.ch/?aff=1&q={searchTerms} Deleted [search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1411813995&from=ild&uid=HitachiXHTS545050B9A300_100309PBN40617CMHYMEX&q={searchTerms} Deleted [startup_urls] : hxxp://www.istartsurf.com/?type=hp&ts=1411813995&from=ild&uid=HitachiXHTS545050B9A300_100309PBN40617CMHYMEX ************************* AdwCleaner[R0].txt - [11034 octets] - [28/09/2014 12:13:17] AdwCleaner[s0].txt - [10050 octets] - [28/09/2014 12:26:14] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10111 octets] ########## Malwarebyte scan results: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 28/9/2014 Scan Time: 3:46:19 PM Logfile: malware scan.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.09.28.02 Rootkit Database: v2014.09.19.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Matt Scan Type: Threat Scan Result: Completed Objects Scanned: 300461 Time Elapsed: 13 min, 42 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) SC Cleaner scan result: Shortcut Cleaner 1.3.3 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Shortcut Cleaner can be found at this link: http://www.bleepingcomputer.com/download/shortcut-cleaner/ Windows Version: Windows 7 Home Premium Service Pack 1 Program started at: 09/28/2014 04:02:33 PM. Scanning for registry hijacks: * No issues found in the Registry. Searching for Hijacked Shortcuts: Searching C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\ Searching C:\ProgramData\Microsoft\Windows\Start Menu\ Searching C:\Users\Matt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ Searching C:\Users\Public\Desktop\ Searching C:\Users\Matt\Desktop 0 bad shortcuts found. Program finished at: 09/28/2014 04:02:37 PM Execution time: 0 hours(s), 0 minute(s), and 3 seconds(s) Edited September 28, 2014 by mattboy Link to post Share on other sites
Juliet Posted September 28, 2014 Share Posted September 28, 2014 Browsers issued solved after running Adwcleaner. Result as follows: yeah! OK, this last scan should be the last one we have to do. What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner. Most reliable and thorough. The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find. This scanner can take quite a bit of time to run, depending of course how full your computer is. Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator Note:For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts. Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how. Click the blue Run ESET Online Scanner button Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications Click on Advanced Settings Make sure that the option Remove found threats is unticked. Ensure these options are tickedScan archives Scan for potentially unsafe applications Enable Anti-Stealth technology Click Start Wait for the scan to finish When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..." Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic. Close the ESET online scan. Link to post Share on other sites
mattyang Posted September 29, 2014 Author Share Posted September 29, 2014 Hi Juliet, result of ESET Online scan as follows: C:\$Recycle.Bin\S-1-5-21-2988392325-1286642985-2377832700-1005\$RZCNRZM\4s4eywhw.default\extensions\[email protected]\uninstall.exe Win32/Toolbar.Montiera.B potentially unwanted applicationC:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmEng.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted applicationC:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmsrv.exe a variant of Win32/Toolbar.Montiera.A potentially unwanted applicationC:\Program Files\CheckPoint\Install\CUninstallerZA.exe Win32/Toolbar.Conduit potentially unwanted applicationC:\Users\Matt\AppData\Roaming\DJZBF JS/Toolbar.Crossrider.C potentially unwanted applicationC:\Users\Matt\AppData\Roaming\FWVJSTT JS/Toolbar.Crossrider.C potentially unwanted applicationC:\Users\Matt\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall.exe Win32/Toolbar.Montiera.B potentially unwanted applicationC:\Users\Matt\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall_d.exe Win32/Toolbar.Montiera.B potentially unwanted applicationC:\Users\Matt\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm4ffx.exe Win32/Toolbar.Montiera.E potentially unwanted applicationC:\Users\Matt\Downloads\ccsetup413.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Matt\Downloads\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Matt\Downloads\ccsetup415.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Matt\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Matt\Downloads\ccsetup417.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Matt\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe applicationC:\Users\Matt\Downloads\zafwSetupWeb_133_052_000.exe Win32/Toolbar.Conduit potentially unwanted applicationC:\Windows\Installer\MSI2076.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe applicationC:\Windows\Installer\MSI2434.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application Link to post Share on other sites
Juliet Posted September 29, 2014 Share Posted September 29, 2014 Good deal Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. save it to the Desktop as fixlist.txt NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. It It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow) start CloseProcesses: C:\$Recycle.Bin\S-1-5-21-2988392325-1286642985-2377832700-1005\$RZCNRZM\4s4eywhw.default\extensions\[email protected]\uninstall.exe C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmEng.dll C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmsrv.exe C:\Program Files\CheckPoint\Install\CUninstallerZA.exe C:\Users\Matt\AppData\Roaming\DJZBF C:\Users\Matt\AppData\Roaming\FWVJSTT C:\Users\Matt\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall.exe C:\Users\Matt\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall_d.exe C:\Users\Matt\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm4ffx.exe C:\Users\Matt\Downloads\ccsetup413.exe C:\Users\Matt\Downloads\ccsetup414.exe C:\Users\Matt\Downloads\ccsetup415.exe C:\Users\Matt\Downloads\ccsetup416.exe C:\Users\Matt\Downloads\ccsetup417.exe C:\Users\Matt\Downloads\CuteWriter.exe C:\Users\Matt\Downloads\zafwSetupWeb_133_052_000.exe C:\Windows\Installer\MSI2076.tmp C:\Windows\Installer\MSI2434.tmp EmptyTemp: End Open FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. ****************** Please run this security check. Download Security Check by screen317 from here. Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document. Post these 2 logs please How's your computer now? Link to post Share on other sites
mattyang Posted September 30, 2014 Author Share Posted September 30, 2014 (edited) Hi Juliet, please find the result of both scans: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-09-2014Ran by Matt at 2014-09-30 18:56:53 Run:2Running from C:\Users\Matt\DesktopLoaded Profile: Matt (Available profiles: Matt)Boot Mode: Normal==============================================Content of fixlist:*****************startCloseProcesses:C:\$Recycle.Bin\S-1-5-21-2988392325-1286642985-2377832700-1005\$RZCNRZM\4s4eywhw.default\extensions\[email protected]\uninstall.exeC:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmEng.dllC:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmsrv.exeC:\Program Files\CheckPoint\Install\CUninstallerZA.exeC:\Users\Matt\AppData\Roaming\DJZBFC:\Users\Matt\AppData\Roaming\FWVJSTTC:\Users\Matt\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall.exeC:\Users\Matt\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall_d.exeC:\Users\Matt\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm4ffx.exeC:\Users\Matt\Downloads\ccsetup413.exeC:\Users\Matt\Downloads\ccsetup414.exeC:\Users\Matt\Downloads\ccsetup415.exeC:\Users\Matt\Downloads\ccsetup416.exeC:\Users\Matt\Downloads\ccsetup417.exeC:\Users\Matt\Downloads\CuteWriter.exeC:\Users\Matt\Downloads\zafwSetupWeb_133_052_000.exeC:\Windows\Installer\MSI2076.tmpC:\Windows\Installer\MSI2434.tmpEmptyTemp:End*****************Processes closed successfully.C:\$Recycle.Bin\S-1-5-21-2988392325-1286642985-2377832700-1005\$RZCNRZM\4s4eywhw.default\extensions\[email protected]\uninstall.exe => Moved successfully.C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmEng.dll => Moved successfully.C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmsrv.exe => Moved successfully.C:\Program Files\CheckPoint\Install\CUninstallerZA.exe => Moved successfully.C:\Users\Matt\AppData\Roaming\DJZBF => Moved successfully.C:\Users\Matt\AppData\Roaming\FWVJSTT => Moved successfully.C:\Users\Matt\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall.exe => Moved successfully.C:\Users\Matt\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall_d.exe => Moved successfully.C:\Users\Matt\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm4ffx.exe => Moved successfully.C:\Users\Matt\Downloads\ccsetup413.exe => Moved successfully.C:\Users\Matt\Downloads\ccsetup414.exe => Moved successfully.C:\Users\Matt\Downloads\ccsetup415.exe => Moved successfully.C:\Users\Matt\Downloads\ccsetup416.exe => Moved successfully.C:\Users\Matt\Downloads\ccsetup417.exe => Moved successfully.C:\Users\Matt\Downloads\CuteWriter.exe => Moved successfully.C:\Users\Matt\Downloads\zafwSetupWeb_133_052_000.exe => Moved successfully.C:\Windows\Installer\MSI2076.tmp => Moved successfully.C:\Windows\Installer\MSI2434.tmp => Moved successfully.EmptyTemp: => Removed 449.5 MB temporary data.The system needed a reboot. Results of screen317's Security Check version 0.99.87 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! AVG AntiVirus Free Edition 2014 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy AVG Web TuneUp CCleaner Java 7 Update 67 Adobe Flash Player 15.0.0.152 Adobe Reader XI Mozilla Firefox (32.0.3) Google Chrome 37.0.2062.120 Google Chrome 37.0.2062.124 ````````Process Check: objlist.exe by Laurent```````` Spybot Teatimer.exe is disabled! AVG avgwdsvc.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe CheckPoint ZoneAlarm vsmon.exe CheckPoint ZoneAlarm zatray.exe CheckPoint ZoneAlarm ZaPrivacyService.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1%````````````````````End of Log`````````````````````` So far everything looks ok but my main concern now is that since I am actually using free ware from AVG, would it mean my level of protection will be less "pro-active" in that sense? Edited September 30, 2014 by mattboy Link to post Share on other sites
Juliet Posted September 30, 2014 Share Posted September 30, 2014 Many people use AVG and feel very secure. Securing a computer is done in layered applications that handle different jobs in 'holding down the fort.' In this reply I'll give options in security programs that explain how and why. Let's remove tools and quarantine folders now since we're done here. Download Delfix from here Ensure Remove disinfection tools is ticked Also tick: Create registry backup Click Run Purge system restore Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc. ~~~~~~~~~~~~~~~~~~~~~~~~` Your good to go, good job! Please take the time to read over a few of my preventive tips. Computer Security http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Be prepared for CryptoLocker: Cryptolocker Ransomware: What You Need To Know CryptoLocker Ransomware Information Guide and FAQ to help protect your computer in the future I recommend that you get the following free programmes: CryptoPrevent install this programme to lock down and prevent crypto ransome ware ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows. Firefox 3 The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both. *NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points. AdblockPlus AdblockPlus, Surf the web without annoying ads! Blocks banners, pop-ups and video ads - even on Facebook and YouTube Protects your online privacy Two-click installation, It's free! click the icon that corresponds to your browser and download. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE. Green should be good to go Yellow for caution Red to stop ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ How to prevent Malware: Created by Miekiemoes WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/ and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755 I would recommend that you completely uninstall Java unless you need it to run an important software. In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/)) Avoid P2P P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. Please read these short reports on the dangers of peer-2-peer programs and file sharing. FBI Cyber Education Letter USAToday infoworld ********************************************* Please read the following safe computing articles.. Secure My Computer: A Layered Approach Free Antivirus-AntiSpyware-Firewall SoftwareKeep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions. It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC Link to post Share on other sites
mattyang Posted October 1, 2014 Author Share Posted October 1, 2014 Thank you very much Juliet for your patience in guarding me through the process of cleaning up my notebook. Indeed you are a beacon of light to guide lost souls like me in this rapid changing tech world.... Link to post Share on other sites
caintry_boy Posted October 1, 2014 Share Posted October 1, 2014 Thank you very much Juliet for your patience in guarding me through the process of cleaning up my notebook. Indeed you are a beacon of light to guide lost souls like me in this rapid changing tech world.... Link to post Share on other sites
Juliet Posted October 1, 2014 Share Posted October 1, 2014 Thank you very much Juliet for your patience in guarding me through the process of cleaning up my notebook. Indeed you are a beacon of light to guide lost souls like me in this rapid changing tech world. lol we're glad to help. thank you Roger Link to post Share on other sites
Juliet Posted October 4, 2014 Share Posted October 4, 2014 Glad we could help. Since this issue appears resolved ... this Topic is closed. Link to post Share on other sites
Recommended Posts