Jump to content
☆!Click here for PC Matic product support!☆ ×

Change Mode

FARBAR SCAN RESULT

mattyang

By mattyang,
in Solved Malware Logs

 Share Followers 0

Recommended Posts

mattyang

mattyang

Posted
Posted (edited)

Firstly resetted Firefox to default setting didn't work. On opening the browser, home page shown is www.istartsurf.com, different from what I had set. However, when I press on homepage it does bring me back to my original homepage.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2014
Ran by Matt (administrator) on MATT-PC on 27-09-2014 22:01:06
Running from C:\Users\Matt\Downloads
Loaded Profile: Matt (Available profiles: Matt)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
() C:\Windows\System32\GFNEXSrv.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgscanx.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(HDPlus-01TotalV27.09) C:\Program Files\TotalPlus01-3.1V27.09\f7ed0e0a-16d8-4542-9ba7-870140e413fe.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TkBellExe] => C:\Program Files\real\realplayer\update\realsched.exe [296056 2011-12-16] (RealNetworks, Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [134624 2014-07-23] (Check Point Software Technologies Ltd.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [2680344 2014-09-04] ()
HKLM\...\Run: [sDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-22] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2988392325-1286642985-2377832700-1005\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-10-06] (Google Inc.)
HKU\S-1-5-21-2988392325-1286642985-2377832700-1005\...\MountPoints2: {bb44bce0-7344-11e1-ae64-001fc6f8d958} - E:\AUTORun.exe autorun
ShellIconOverlayIdentifiers: ATFPUOverlayIcon -> {3239DBC1-B76D-4dc7-8B29-D99CBA3C7336} => C:\Program Files\TOSHIBA\TFPU\TFPUOverlayIcon.dll (TOSHIBA)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1411813995&from=ild&uid=HitachiXHTS545050B9A300_100309PBN40617CMHYMEX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {75703935-5E50-4089-AB69-54BE1131A1BF} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=304
SearchScopes: HKCU - {75703935-5E50-4089-AB69-54BE1131A1BF} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAS_enSG384SG384
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://sg.search.yahoo.com/search?p={searchTerms}
BHO: TFPUPWDBankBHO Class -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\TFPU\TFPUPWDBankBHO.dll (TODO: <Company name>)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\p3dkmt60.default-1411826126322
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\3.2.0\\npsitesafety.dll No File
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF Plugin: @real.com/nppl3260;version=15.0.1.13 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.1.13 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.1.13 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.17 -> C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\libdivx.dll (The OpenSSL Project, http://www.openssl.org/)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ssldivx.dll (The OpenSSL Project, http://www.openssl.org/)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-25]
FF HKLM\...\Firefox\Extensions: [{C1CA7765-44E4-452e-9D00-A04F3D434281}] - C:\Program Files\TOSHIBA\TFPU\FirefoxAddin
FF Extension: Automatic password input in Fx - C:\Program Files\TOSHIBA\TFPU\FirefoxAddin [2010-04-13]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-12-16]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG Web TuneUp\FireFoxExt\3.1.0.8
FF Extension: AVG Web TuneUp - C:\ProgramData\AVG Web TuneUp\FireFoxExt\3.1.0.8 [2014-08-28]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hp&ts=1411813995&from=ild&uid=HitachiXHTS545050B9A300_100309PBN40617CMHYMEX"
CHR DefaultSearchKeyword: Default -> istartsurf
CHR DefaultSearchProvider: Default -> istartsurf
CHR CustomProfile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-23]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2010-06-23]
CHR Extension: (Skype Click to Call) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-12-30]
CHR Extension: (Go away MDA - Bypass MDA blocked sites) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lledpflfnanamkogoclkgaggfdgoalok [2013-12-30]
CHR Extension: (Google Wallet) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-12-16]
CHR HKLM\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files\vShare.tv plugin\vshareplg.crx [2011-12-16]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-08-13]
CHR StartMenuInternet: Google Chrome - Chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1811704 2009-10-24] (AuthenTec, Inc.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-10-28] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-11] (TOSHIBA CORPORATION)
R2 FsUsbExService; C:\windows\system32\FsUsbExService.Exe [233472 2009-07-15] (Teruten) [File not signed]
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [238328 2009-08-28] (WildTangent, Inc.)
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [132408 2009-10-23] ()
R2 LMS; C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-08-13] (Skype Technologies S.A.)
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-10-07] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-09-29] (TOSHIBA Corporation)
S3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-09-18] (TOSHIBA Corporation)
S3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [677232 2009-10-31] (TOSHIBA Corporation)
R2 UNS; C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3596240 2014-07-23] (Check Point Software Technologies Ltd.)
R2 vToolbarUpdater3.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [1843736 2014-09-04] (AVG Secure Search)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [93712 2014-07-03] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U0 ataa; C:\windows\System32\drivers\upsiuoj.sys [52440 2014-09-27] (Malwarebytes Corporation)
R1 Avgdiskx; C:\windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [42784 2014-09-04] (AVG Technologies)
R3 FsUsbExDisk; C:\windows\system32\FsUsbExDisk.SYS [36608 2009-07-15] () [File not signed]
R2 NPF; C:\windows\System32\DRIVERS\aztech_npf32.sys [42000 2009-08-19] (CACE Technologies)
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-23] (TOSHIBA Corporation)
R2 risdpcie; C:\windows\System32\DRIVERS\risdpe86.sys [49152 2009-07-29] (REDC)
R2 rixdpcie; C:\windows\System32\DRIVERS\rixdpe86.sys [38400 2009-07-05] (REDC)
R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-20] (TOSHIBA Corporation)
R1 Vsdatant; C:\windows\System32\DRIVERS\vsdatant.sys [456088 2014-07-23] (Check Point Software Technologies Ltd.)
U2 TMAgent; No ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-05] () [File not signed]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-27 22:01 - 2014-09-27 22:01 - 00024888 _____ () C:\Users\Matt\Downloads\FRST.txt
2014-09-27 22:00 - 2014-09-27 22:01 - 00000000 ____D () C:\FRST
2014-09-27 22:00 - 2014-09-27 22:00 - 01100288 _____ (Farbar) C:\Users\Matt\Downloads\FRST.exe
2014-09-27 21:55 - 2014-09-27 21:55 - 00000000 ____D () C:\Users\Matt\Desktop\Old Firefox Data
2014-09-27 19:36 - 2014-09-27 19:36 - 00052440 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\upsiuoj.sys
2014-09-27 19:35 - 2014-09-27 19:35 - 00131621 _____ () C:\Users\Matt\Desktop\malware scan 27 sep 14.txt
2014-09-27 19:04 - 2014-09-27 19:04 - 00005042 _____ () C:\windows\PFRO.log
2014-09-27 18:37 - 2014-09-27 19:15 - 00001336 _____ () C:\windows\Tasks\FWVJSTT.job
2014-09-27 18:36 - 2014-09-27 19:15 - 00001332 _____ () C:\windows\Tasks\DJZBF.job
2014-09-27 18:35 - 2014-09-27 19:36 - 00000000 ____D () C:\Program Files\TotalPlus01-3.1V27.09
2014-09-27 18:35 - 2014-09-27 19:36 - 00000000 ____D () C:\Program Files\globalUpdate
2014-09-27 18:35 - 2014-09-27 18:35 - 00000000 ____D () C:\Users\Matt\AppData\Local\globalUpdate
2014-09-27 18:34 - 2014-09-27 19:36 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-09-27 18:34 - 2014-09-27 18:34 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\BandExtend
2014-09-25 20:56 - 2014-09-27 19:15 - 00000560 _____ () C:\windows\setupact.log
2014-09-25 20:56 - 2014-09-25 20:56 - 00000000 _____ () C:\windows\setuperr.log
2014-09-25 19:15 - 2014-09-25 19:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-24 18:42 - 2014-09-10 05:47 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-09-18 06:43 - 2014-09-18 18:39 - 00000366 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_Matt.job
2014-09-18 06:43 - 2014-09-18 18:39 - 00000362 _____ () C:\windows\Tasks\ReclaimerUpdateXML_Matt.job
2014-09-13 08:45 - 2014-09-13 08:45 - 00001764 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-13 08:45 - 2014-09-13 08:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-13 08:44 - 2014-09-13 08:45 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-13 08:44 - 2014-09-13 08:45 - 00000000 ____D () C:\Program Files\iTunes
2014-09-13 08:44 - 2014-09-13 08:44 - 00000000 ____D () C:\Program Files\iPod
2014-09-12 18:32 - 2014-09-05 09:52 - 00445952 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-12 18:32 - 2014-09-05 09:47 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-11 21:45 - 2014-08-20 01:39 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-11 21:45 - 2014-08-19 06:26 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-11 21:45 - 2014-08-19 06:08 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-11 21:45 - 2014-08-19 05:57 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-11 21:45 - 2014-08-19 05:57 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-11 21:45 - 2014-08-19 05:46 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-11 21:45 - 2014-08-19 05:45 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-11 21:45 - 2014-08-19 05:44 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-11 21:45 - 2014-08-19 05:44 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-11 21:45 - 2014-08-19 05:42 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-11 21:45 - 2014-08-19 05:39 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-11 21:45 - 2014-08-19 05:39 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-11 21:45 - 2014-08-19 05:37 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-11 21:45 - 2014-08-19 05:36 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-11 21:45 - 2014-08-19 05:36 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-11 21:45 - 2014-08-19 05:35 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-11 21:45 - 2014-08-19 05:30 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-11 21:45 - 2014-08-19 05:27 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-11 21:45 - 2014-08-19 05:22 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 21:45 - 2014-08-19 05:19 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-11 21:45 - 2014-08-19 05:17 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-11 21:45 - 2014-08-19 05:17 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-11 21:45 - 2014-08-19 05:15 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-11 21:45 - 2014-08-19 05:09 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-11 21:45 - 2014-08-19 05:08 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-11 21:45 - 2014-08-19 05:08 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-11 21:45 - 2014-08-19 05:07 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-11 21:45 - 2014-08-19 04:46 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-11 21:45 - 2014-08-19 04:38 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-11 21:45 - 2014-08-19 04:36 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-11 21:44 - 2014-06-27 09:45 - 02285056 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-09-11 18:45 - 2014-08-01 19:35 - 00793600 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-09-11 18:45 - 2014-07-07 09:40 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-11 18:45 - 2014-07-07 09:40 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-11 18:45 - 2014-06-24 10:59 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-01 16:18 - 2014-09-01 16:18 - 00002086 _____ () C:\Users\Matt\AppData\Roaming\FWVJSTT
2014-09-01 16:18 - 2014-09-01 16:18 - 00001248 _____ () C:\Users\Matt\AppData\Roaming\DJZBF
2014-08-31 19:43 - 2014-08-31 19:43 - 00004477 _____ () C:\windows\system32\jupdate-1.7.0_67-b01.log
2014-08-31 19:43 - 2014-08-31 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-31 19:43 - 2014-08-31 19:43 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-31 19:43 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-08-31 19:43 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-08-31 19:43 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-08-31 19:43 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-08-31 19:41 - 2014-08-31 19:41 - 00918952 _____ (Oracle Corporation) C:\Users\Matt\Downloads\jxpiinstall.exe
2014-08-28 18:58 - 2014-08-23 09:46 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-28 18:58 - 2014-08-23 08:42 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-27 21:14 - 2012-04-29 09:59 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-27 21:13 - 2010-06-19 19:14 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-27 19:47 - 2014-04-18 20:47 - 00000000 ____D () C:\Users\Matt\Desktop\mbar
2014-09-27 19:47 - 2014-04-18 20:47 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-27 19:36 - 2014-08-19 20:00 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-27 19:23 - 2009-07-14 12:34 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-27 19:23 - 2009-07-14 12:34 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-27 19:19 - 2013-06-01 13:51 - 01873193 _____ () C:\windows\WindowsUpdate.log
2014-09-27 19:17 - 2014-08-19 20:00 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-27 19:17 - 2010-07-03 10:39 - 00000000 ____D () C:\Users\Matt\AppData\Local\CrashDumps
2014-09-27 19:15 - 2010-06-19 19:14 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-27 19:15 - 2009-07-14 12:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-27 18:38 - 2014-08-19 20:39 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-27 18:33 - 2011-08-27 15:08 - 00001335 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-27 18:33 - 2011-08-27 15:08 - 00001323 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-27 18:33 - 2010-06-23 21:31 - 00002517 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-27 18:33 - 2010-06-19 19:08 - 00001644 _____ () C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-27 18:11 - 2014-08-06 19:25 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-27 11:22 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\rescache
2014-09-27 10:29 - 2012-05-05 17:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-25 20:18 - 2009-12-24 15:02 - 00933686 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-25 19:12 - 2013-11-02 12:39 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-25 19:12 - 2009-12-24 15:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-24 20:14 - 2012-04-29 09:59 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-09-24 20:14 - 2011-05-16 09:15 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-24 18:59 - 2013-08-01 18:52 - 00000000 ____D () C:\Users\Matt\AppData\Local\CutePDF Writer
2014-09-17 19:14 - 2010-12-01 16:39 - 00000000 ____D () C:\Users\Matt\Documents\PERSONAL
2014-09-13 08:44 - 2010-09-19 09:58 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-12 23:11 - 2014-05-06 22:30 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-12 18:36 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-09-11 21:45 - 2010-04-13 15:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 21:44 - 2013-08-14 09:17 - 00000000 ____D () C:\windows\system32\MRT
2014-09-11 21:36 - 2010-06-20 11:10 - 98758480 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-07 20:09 - 2012-01-24 21:17 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\vlc
2014-09-04 19:44 - 2014-08-06 19:28 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-04 19:43 - 2014-08-08 19:03 - 00042784 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx86.sys
2014-09-04 19:43 - 2014-08-08 19:03 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2014-09-03 19:20 - 2014-08-06 19:28 - 00000865 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-03 19:20 - 2014-08-06 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-31 19:44 - 2013-09-24 21:07 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-31 19:43 - 2009-12-24 14:58 - 00000000 ____D () C:\Program Files\Java
2014-08-29 18:42 - 2009-07-14 12:33 - 00416896 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-28 19:50 - 2014-08-08 19:03 - 00000000 _____ () C:\Program Files\Mozilla Firefoxwtu-secure-search.xml

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-27 11:14

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-09-2014
Ran by Matt at 2014-09-27 22:01:52
Running from C:\Users\Matt\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec Fingerprint Software (HKLM\...\{83F136F0-2AE5-420C-A0B6-A440AD42591C}) (Version: 8.5.4.46 - AuthenTec, Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4025 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 3.1.0.8 - AVG Technologies)
Bejeweled 2 Deluxe (Version: 2.2.0.82 - WildTangent) Hidden
Bing Bar (HKLM\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Desktop (HKLM\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
BlackVue (HKLM\...\BlackVue) (Version: - )
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.00(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Chinese Simplified Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-2447-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Chuzzle Deluxe (Version: 2.2.0.82 - WildTangent) Hidden
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft)
DivX Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.5.0.11 - DivX, LLC)
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.5.0 - DivX,Inc.)
Dolby Control Center (HKLM\...\{87725CEF-1BC6-47C5-B2CD-96DD6D392EE3}) (Version: 2.2.1 - Dolby)
DVD Flick 1.3.0.7 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
FATE (Version: 2.2.0.82 - WildTangent) Hidden
FileASSASSIN (HKLM\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Gmask 1.70 English (HKLM\...\Gmask 1.70 English) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HDMI Control Manager (HKLM\...\{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}) (Version: 2.0 - TOSHIBA CORPORATION)
HomePlug AV Ethernet Adapter (HKLM\...\{2DFC446B-8A6E-4EF3-99DF-C89E37DB156D}) (Version: - )
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 5520 series Basic Device Software (HKLM\...\{E8ED5ADB-3EB5-4890-85F6-0FEA13A47EEE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5520 series Help (HKLM\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)
HP Photosmart 5520 series Product Improvement Study (HKLM\...\{B58FBD4F-C69A-41C1-94AC-1A47AD946C91}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Magic Match - The Genie's Journey (Version: 2.2.0.82 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft redistributable runtime DLLs VS2005(x86) (HKLM\...\{C0DB380B-97B5-4BB8-AC8D-1835E61439B6}) (Version: 1.0.0.0 - SAP)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
Monopoly (Version: 2.2.0.82 - WildTangent) Hidden
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-GB) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-GB)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
Peggle (Version: 2.2.0.82 - WildTangent) Hidden
Photo Gallery (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (Version: 2.2.0.82 - WildTangent) Hidden
Polar Golfer (Version: 2.2.0.82 - WildTangent) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version: - RealNetworks)
Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5923 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RICOH R5U230 Media Driver ver.2.07.03.02 (HKLM\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.07.03.02 - RICOH)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SDFormatter (HKLM\...\{A5355F15-F98B-4704-9BAE-E53B9FE48F48}) (Version: 3.1.0 - SD Association)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.2.10687 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SopCast 3.8.3 (HKLM\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TFPU (Version: 1.0.0 - TOSHIBA) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.11 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM\...\InstallShield_{6B81F4D9-A640-4081-A01D-7CB37F5DF4A4}) (Version: 1.5.05.32 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.5.05.32 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.25 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.1.04-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.1.12.0 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.1.12.0 - TOSHIBA Corporation) Hidden
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.3.32 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.32 - TOSHIBA Corporation) Hidden
TOSHIBA Fingerprint Utility (HKLM\...\TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}) (Version: 1.0.2.18 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0005 - TOSHIBA)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.0.3 - TOSHIBA Corporation) Hidden
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.5.0.0 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM\...\InstallShield_{921F22A4-290B-4B6C-9E8E-B50B58F18ED0}) (Version: 1.5.07.32 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.5.07.32 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0002 - TOSHIBA)
TOSHIBA USB Sleep and Charge Utility (HKLM\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.3.2.0 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.32 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.2.32 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.9 - TOSHIBA Corporation)
TVUPlayer 2.5.3.1 (HKLM\...\TVUPlayer) (Version: 2.5.3.1 - TVU networks)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6

Edited by mattboy
Link to post
Share on other sites
Juliet

Juliet

Posted
Posted

OK

 

C:\Program Files\Trend Micro\Internet Security

AVG

 

Which antivirus program are you using? We ask that only 1 be present on a computer at a time.

 

*****************************************************

(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\

Yahoo! Search Protection

The above 2 items need to be uninstalled.

 

*******

 

Running from C:\Users\Matt\Downloads

This wont work. To allow the fix to run and execute as it should Farbar (FRST) needs to be on desktop.

 

Please go to your downloads folder. Find FRSTicon.jpg

Right click on the icon and select CUT

Next, go to an open spot on your desktop and select Paste. This should place Farbar's Recovery Scan Tool on your desktop.

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

start

CloseProcesses:

Folder:C:\ProgramData\WindowsMangerProtect

HKLM\...\Run: [] => [X]

HKU\S-1-5-21-2988392325-1286642985-2377832700-1005\...\MountPoints2: {bb44bce0-7344-11e1-ae64-001fc6f8d958} - E:\AUTORun.exe autorun

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1411813995&from=ild&uid=HitachiXHTS545050B9A300_100309PBN40617CMHYMEX&q={searchTerms}

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hp&ts=1411813995&from=ild&uid=HitachiXHTS545050B9A300_100309PBN40617CMHYMEX"

CHR DefaultSearchKeyword: Default -> istartsurf

CHR DefaultSearchProvider: Default -> istartsurf

Task: {F013C274-C2D0-4405-9FAB-32E91EDD8E98} - System32\Tasks\FWVJSTT => C:\Users\Matt\AppData\Roaming\FWVJSTT.exe

Task: {F8B704BD-EF59-4046-BCB7-A78A135C8B69} - System32\Tasks\DJZBF => C:\Users\Matt\AppData\Roaming\DJZBF.exe

C:\Users\Matt\AppData\Roaming\DJZBF.exe

C:\Users\Matt\AppData\Roaming\FWVJSTT.exe

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

Hosts:

End

NEST

Open FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

**************

 

thisisujrt.gif

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
please post

Fixlog.txt

JRT.txt

 

Tell me if you see any improvements.

Link to post
Share on other sites
mattyang

mattyang

Posted
  • Author
Posted

Hi Juliet, in replying to the AV software, used to had Trend but have since stopped using as license expired. Currently having AVG Free Edition installed.

 

Following is FARBAR Fixlog result:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-09-2014
Ran by Matt at 2014-09-28 09:33:47 Run:1
Running from C:\Users\Matt\Desktop
Loaded Profile: Matt (Available profiles: Matt)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
Folder:C:\ProgramData\WindowsMangerProtect
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2988392325-1286642985-2377832700-1005\...\MountPoints2: {bb44bce0-7344-11e1-ae64-001fc6f8d958} - E:\AUTORun.exe autorun
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsur...q={searchTerms}
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hp&ts=1411813995&from=ild&uid=HitachiXHTS545050B9A300_100309PBN40617CMHYMEX"
CHR DefaultSearchKeyword: Default -> istartsurf
CHR DefaultSearchProvider: Default -> istartsurf
Task: {F013C274-C2D0-4405-9FAB-32E91EDD8E98} - System32\Tasks\FWVJSTT => C:\Users\Matt\AppData\Roaming\FWVJSTT.exe
Task: {F8B704BD-EF59-4046-BCB7-A78A135C8B69} - System32\Tasks\DJZBF => C:\Users\Matt\AppData\Roaming\DJZBF.exe
C:\Users\Matt\AppData\Roaming\DJZBF.exe
C:\Users\Matt\AppData\Roaming\FWVJSTT.exe
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
Hosts:
End
*****************

Processes closed successfully.

========================= Folder:C:\ProgramData\WindowsMangerProtect ========================

Directory Not Found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-2988392325-1286642985-2377832700-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb44bce0-7344-11e1-ae64-001fc6f8d958}" => Key deleted successfully.
"HKCR\CLSID\{bb44bce0-7344-11e1-ae64-001fc6f8d958}" => Key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultSearchProvider: Default -> istartsurf ==> The Chrome "Settings" can be used to fix the entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F013C274-C2D0-4405-9FAB-32E91EDD8E98}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F013C274-C2D0-4405-9FAB-32E91EDD8E98}" => Key deleted successfully.
C:\Windows\System32\Tasks\FWVJSTT => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FWVJSTT" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F8B704BD-EF59-4046-BCB7-A78A135C8B69}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8B704BD-EF59-4046-BCB7-A78A135C8B69}" => Key deleted successfully.
C:\Windows\System32\Tasks\DJZBF => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DJZBF" => Key deleted successfully.
"C:\Users\Matt\AppData\Roaming\DJZBF.exe" => File/Directory not found.
"C:\Users\Matt\AppData\Roaming\FWVJSTT.exe" => File/Directory not found.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.


The system needed a reboot.

==== End of Fixlog ====

 

Following is JRT Log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.3 (09.27.2014:1)
OS: Windows 7 Home Premium x86
Ran by Matt on Sun 28/09/2014 at 9:41:37.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0103610F-18D0-4181-878E-376319A95ACC}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{012A1B1F-363B-47AF-A2EF-346FE3FFF5EC}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{01C57775-9A8C-4433-9A9D-1DA36F81639E}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0211F482-C958-490F-9521-BB1F999296C6}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{02600436-FD8C-4B74-8E2F-ADAC857404FF}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0286B544-B8EF-4213-BDB5-E1CD30303CF1}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{02D3B025-BA4B-4FB4-9C0D-4D26AF19E571}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{034988B9-19E5-46C9-813B-F5D83A62F942}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0353CD39-4880-417A-B3BD-C05861464DA4}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0386384A-B8DF-457F-94F9-854434C08D11}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{03F8AEA8-62F2-46C6-BE52-E277EF17A207}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{041C0E69-1F5D-4D95-AAF0-A47ADF4F81E8}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{04B68668-3C54-49CF-B2D2-7C6919B392CD}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{05DEAC63-331C-44A3-BAE1-A0CA00B0EFC3}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{063CD621-2312-4EA4-9BC8-4CBA6219F658}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{06573032-603C-44D5-B2EC-2C64C70EE3FB}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0749E6AF-A27F-47CB-B522-EA85DCFBCCA2}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0807CECA-B188-4AD2-9799-67FC1C4C6EA4}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{09FC6167-9686-44A4-AEC7-4F5AB757E013}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0A1151FD-6831-4852-A7AB-83FE02ACB74D}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0A11D492-30F4-4CE2-B2EC-4CB6CDCF32BE}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0B4D9049-E4A2-4113-9C2D-65AE1C606DA9}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0C2E94F0-6F50-4580-89ED-AB52F101B06C}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0C630F41-8BFB-46F7-A24D-F1E774C1E09D}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0CCEC521-2A98-4F37-BD1F-A124BD4E4E91}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0DE0FA98-5D21-44B1-8D56-39746997B4F3}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0E34B8C1-6FAE-4E86-821E-357E0E57B28E}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0E4E9E43-8E66-44B2-AEEB-5D3F6BE0A921}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0F49AE7E-9564-4F2E-A84E-730629A65F21}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{0F836A48-1647-474F-BE6E-347DF41A77AC}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{10617C82-9D8A-4670-BD6E-C40FBEE1E08A}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{10B76DB5-9014-4CB7-B518-47995327F336}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{10BC4FB9-16D7-4F03-B754-2468335EAEF7}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{10F5C3E6-5721-424A-BD94-D8460DF9CD07}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{125B0BE8-6AC2-4EAD-90AF-88E2FA2A1D70}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{138902BC-114F-49D5-8B83-9A7E4ED0E6DC}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{14CA637D-817B-4426-ACCC-CCB32E16973D}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{14EB1875-F077-4CAF-BCC2-261913557DA8}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{14EF3069-DD6D-4235-A33B-60AAB54CBAEE}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{187FF5C9-69A5-4D54-B859-40BC79270686}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{19E019FE-D209-4ACB-8BC0-4A10F5096FA2}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{1A2424BC-3C26-4885-B6B5-FCD4EAD7489E}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{1A3B7000-58A7-4317-9562-1C8FE294289C}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{1A806100-E642-4653-8C6F-611F64F9744A}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{1BC3F5CB-EE31-488B-8130-0F2D13DE5390}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{1CDF5015-D7AB-45D1-9DC2-4474AC583844}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{1E3025B0-64B6-4938-8547-35FE1913B8BD}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{1EAC0F0D-4081-480F-80CA-B688E1F6CE02}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{20372DCC-472B-452D-95B6-37FC74AF31A9}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{21BD2FE9-AC07-4ED5-B27A-918578AFB2D8}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{22222D66-3AC2-477A-B7B0-C3334CB4509C}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{22CEBDC4-1928-4035-B2BA-5AFC46244590}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{23081BF4-ECDA-4E05-A772-5CD618843BAB}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2318079A-2D5C-4D1D-8BD1-990F38B572A8}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{236681BB-94C9-4B0D-B101-5BA270C4B4F3}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{23A314F4-400E-4FEB-9B25-F52BD21325E9}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{244F250D-83C6-4C62-92F5-4A17BF58851F}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{247EA3D8-087E-423B-8999-BBE598C079F0}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{24973656-36C6-43AC-AAAA-1A92EBA1428E}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{25E9A4F4-B511-4222-9452-0D75DADCEEBD}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2622A8E2-CB67-4FAB-8BE0-59374C05CE3D}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{271A8479-FF0E-43FE-ADB2-119CD52743FE}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{29802EBF-1462-4B2C-ABFF-86B2D43F3429}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2AB640B0-3BC9-4CBD-8E30-3890E6CB7CB0}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2AEC3947-76F5-4944-A8F2-E21B5F014972}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2B01A73B-2681-4BEE-B7E8-BD9B387EEF0F}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2B19FFCE-88AB-4015-84D9-0FA7D6235DFF}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2C269C91-73F6-46AA-864B-659BCDC6A149}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2C9AE38A-29EA-4525-BB44-6AD0B3F61E30}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2CB207EC-BB90-4380-8569-EAA69DFA9F5B}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2CBB2F23-0807-450A-ADEA-D3DC1E56F9A4}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2D27E991-6E4A-45AF-9B1F-77BC9F9932F5}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2D2D8573-6196-48D6-983E-AE836FF84D2E}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2D5B3D3A-877A-44D1-8F2F-654CF883B3DD}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2E0CE17E-2D7C-4E2E-8BAA-4F0DD4EB00C3}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2E477545-8508-474D-89E5-750A4206A351}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{307312E7-4547-4C70-A9F1-335D094F4852}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{31111668-8A3D-495B-B8D8-095976C833C0}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{31F3F775-165C-4F01-A785-DA5446C79619}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{356C255D-0F01-4C77-8E85-3CC95A68DD11}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{360147AF-2A13-4590-B146-4B01556BCF46}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{36791A2E-CE6F-42EF-BA68-0AB2A64B8979}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{36D0BEA8-731D-40B9-AB26-0CFF2DCEA39A}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{379BC36D-BC9D-4958-8682-E71EA121B622}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{38136471-21C3-4E3D-9485-9A6F7FF0AEDA}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{38C0F7D0-CCCD-4D98-8588-4734E67A2BAF}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{390C1E9F-1F8F-491D-8A96-48F4BD03DEF4}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{392FDDD6-B35B-44ED-B521-EEE037DECF8B}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{399F56F7-F64B-46A7-B8DC-4327090AE1F7}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{39FE66BD-699E-444C-9D4A-69527FD3A1AC}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{3A3B38B9-B5F3-44FE-9D83-39352591B76D}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{3A69DB40-FAE5-46FA-ACAD-A14E17D510E0}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{3AADF8FA-3641-4CB5-82F6-25C06B28B7C4}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{3AD331C2-21D0-4E52-9F70-231840B9E160}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{3AE365F0-5F20-4D82-A2CE-BB8D273D80DA}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{3C7F86D6-D0BF-4465-98E5-A74314CAE2D5}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{3CC9D6CD-F0C1-4EDE-BEBA-8516A914203E}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{3CD5E5BD-8F71-4222-86BC-3753071D8CDF}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{3D5CF262-7DB6-4B14-8FC9-8A208D6C3CE1}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{3EB85CFF-1C7E-40F1-ACEC-10CBCCA24D4F}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{3EEA9E1F-C035-4D71-AE70-9CECB056F27D}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{40259F41-482B-48A7-A582-1FCCBBC142FA}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{40AE4146-4DD5-4EB2-9A8B-FAEDF6FF36F6}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{41D100D3-7CA7-4D55-9185-76A14ADF02B1}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{4242F997-4892-4E17-A038-BCC1973E0C19}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{424ED7F0-0FA7-4B0F-B1AB-E83C5998BC1D}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{425A53BE-3A42-493A-9781-9520DC2C56CA}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{43927AF1-005D-4045-AE56-2F9F7F53FCBB}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{440C0208-4902-4273-8C35-0B111910A12D}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{4475C490-2F3C-4DAF-A7B8-A37B41EA5F43}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{464E967C-A8B6-4C88-9B89-B45D711C6A3C}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{471651FE-D4C6-4268-A4BA-F7D934568180}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{47F10EB1-B68E-4D11-AD56-6BB8A8ACD263}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{483F1513-7945-4001-8BD6-8AA17EED83B2}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{486614CE-AB56-448D-87CD-13B2757CC3AC}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{488BFD99-6C40-4EDB-8245-A105FF3A9D0A}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{48B119D9-0D37-49F9-833C-69107DA72330}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{490FA37D-C9B8-4ABA-8123-E065CDCFCA03}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{4A94AD6E-DAFD-4460-B429-289969663782}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{4D363D01-B805-43F1-BA85-A5A97600C0A3}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{4D48A3F6-6A42-4FDC-B6B6-B8C85B1F9D88}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{4E249ED8-BA16-4E29-A282-789B882505A9}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{4EFA3B26-100F-4416-80BC-940F434DA426}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{4EFC01C1-E43E-4101-A2DC-512ED380329F}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{4F1B2E44-FEDF-408D-902C-9D85FBF67E5A}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{4FBB3A7D-F1CC-4B5F-9C1C-7A56698A22AB}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{4FEB6C52-283A-487C-8853-EC126C286ACC}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{500AFC85-1230-4030-9756-03AE7D034308}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{50B2E073-EC03-4DB1-B7C7-4AB38D3F3B86}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{50D64316-669B-4DD4-AF75-632917C2A2E7}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{515831D2-B1A7-46ED-8AC6-106E112FDA19}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{51B66E84-6BE5-43FC-8133-A2D28958F31B}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{52AA4CF7-3678-4501-9D5B-8329CF44BEC4}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{52B5B406-092D-4B85-9358-7EDBCEBDB9E1}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{52CAF52C-F1C9-473C-90D8-4B0B21CFF083}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{549A8E66-0F91-4C21-AFF4-AD8F051F676E}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{557301D4-7918-456D-BE1E-45C684ECF16F}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{567C91A3-9DFA-42B5-BF68-3FCCE78A2AA7}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{56C17D08-E6B8-4C78-A428-DD95FAE15606}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{579B36BA-1479-4570-977B-0CD083E421B2}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{58B12B4B-64BB-412A-BB8E-9B831F0A8651}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{5940E984-BC8E-413B-BFEC-C07D45C1CA09}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{5A3B8547-49B8-4EC2-A1FE-86452A7AA06F}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{5B75DF06-4DBE-44F5-B035-71A2F14CA3D1}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{5C9AC161-2C68-4109-BC27-FD9B7BC56FDD}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{5DCB1DF8-C4AC-4F98-9DF2-C7C16D8EA9FD}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{5E1D5C6A-B481-40E2-8BE4-685C263FB64E}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{5F7E9DB0-A430-4964-B2BB-4A3F164DF05F}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{61C7B10C-5B84-4BD0-80FD-6384564BF798}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{629969C3-7E42-4DFC-9A40-2DCB8789E72B}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{62D5F046-273D-4E54-B786-653BABB33E43}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{6518C7E8-168E-4F96-8982-A568DD39457D}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{653009BB-7D83-4F57-A914-C2B3AF7AEFC1}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{653EC3CA-ECFC-4721-8E60-9F834B8643A3}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{657C7415-56FB-449F-AF72-981145462EEB}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{6586F64E-22CD-406C-8B75-A2FE1DE9DDE3}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{6588DD89-5B62-48B3-BFA6-4AC9B0BDD27E}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{65DEFBCE-A64A-41E6-9463-E3F3C7421DEB}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{66447088-208E-4F5B-A56E-97BEEC7B841C}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{670CFE02-5C24-48D0-80E4-4BE9B60680C9}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{6723435B-B588-4C53-9DFD-D410C281423B}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{67FA7761-E0F6-4A63-8F30-88AC5FE9340A}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{683CE762-10E1-4EB9-9C38-0E49F102E090}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{68893195-579A-4346-B22D-CF52C2F66FE5}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{68C03189-2230-4DEC-96EA-5498263552C1}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{6B3ACCD9-35BE-4A15-A602-6D030E77CB3E}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{6E7BFE0B-33BC-45BE-9BD7-F7DE287A54B3}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{6EFED313-4C9A-4C68-A6F1-C32B7BA23AFE}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{7033B61C-DB58-4336-B39C-6D3AA3C79355}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{707C3217-F59D-41C0-8E90-8DF440EACACB}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{70DB0360-A485-450D-AD80-8F4C69FDA65E}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{71B6E7F2-48DA-463C-B06A-98A1BCE1C97A}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{73E7FEE3-EBB5-4735-B4B1-21280B97CFA9}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{740C2E62-B967-48F7-BAB4-88C3EFF1E2F2}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{7451A416-F559-414E-B3E8-415179C1F2C7}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{7657E90D-7804-46F4-AC0F-A5CA61A0926F}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{76FEBCF8-9D22-4350-96AC-2453DC687FD8}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{7777A4F2-3F42-444A-8CF4-F6A43A578E3F}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{778F69F4-B820-4193-B8E4-DA1FCE468C7B}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{77F2C13F-EE23-4189-9536-1D732C767F6E}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{78128D1A-8947-4856-A6DB-ED8FA12A88BC}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{78B7AE8E-C873-43EA-ABDA-89246F232832}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{7918D525-0E05-4686-ABA6-308BD857DF85}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{7DC2C866-24DC-444C-A0B7-5C1543A868F4}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{7E4F091A-7E89-40C7-A289-6B708951B2E2}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{7E6402C8-3850-4BAD-A0CC-37D9AE578A5E}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{7F4D41F2-C282-489A-9A4F-44B46C6A6233}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{7F78D8E8-159F-4C0F-8249-9F99647F0393}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{7FCC2419-514F-40F1-8CB7-5BD40CBEF1AA}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{801B7610-5A12-4D33-858D-25AF95821586}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{8086E527-458F-44A1-86A3-6BB86D1047BD}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{80C37765-7563-48C2-9808-50255A780ADA}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{810DDA05-07C4-4EBE-BDA2-ED4724B595EB}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{817102AB-D4F2-485D-8D99-EE554F6283FC}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{819AF3A7-B35C-415B-B856-667D2590E797}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{81ED2EE3-5FFB-4F2D-BAE7-A2C8A0869035}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{83CB8C17-6842-4BCD-95E0-7B4FF0526CB3}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{844D2849-A75F-48AF-94DB-FBECFE2DEC1A}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{85B2CE70-0BDC-4A49-9E70-B56D5B8AE329}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{86206B67-0636-4339-9276-416E7D8B29EC}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{86FD3316-A550-4B75-B94B-0F2B51CF685D}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{87D8EAD7-8C8E-412E-ABB4-84FF8925C61F}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{88932B39-1F4C-4B0B-8B98-2D6FED02FCEF}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{890FDD55-A69E-4F1A-889C-6215B0C4CEC7}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{8A723D23-23CD-4BF9-A223-3A8840DE9760}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{8A92D44B-ADE6-4D16-AB17-F4758E841FC6}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{8AD838C0-251D-4A08-9EEA-926F2A0F5916}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{8C027D7C-5933-41EE-9DED-7E459C6C957F}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{8CDEC0EA-1F89-4724-B45D-E93AEFFEAA15}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{8D474A2F-7121-49D2-AD9D-F18FD789326C}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{8F71DFD8-F7DC-4A16-BAD2-20C9D822FC2B}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{8F8FA09D-5684-415D-ABC6-974FE7EDBAE3}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{90975B23-5E8D-48F4-9FB9-3EA288607F62}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{90D63E54-E4CC-47E4-9AB3-C35C7C048B4C}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{90E33C16-3626-4E8C-9A80-EFB89A7AC19F}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{91203673-4313-4958-BE27-F71931BA080E}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{921E554F-A32B-4F41-8920-FB29680F197D}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{92A4D77F-3C2A-4AAB-912B-4EACD6DD37CE}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{92D4AA0C-D57C-4E21-A1B2-FFED6572A099}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{92EA99F0-A20B-4D81-A290-17E313774B30}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{94300C87-203A-4551-A184-97321A46A474}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{958BD507-E764-4B44-82C0-21480A2168E3}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{96193E11-6B80-4BC2-A8F6-8DC0FAF0B925}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{97B1C750-A2D4-4627-A21E-F8D0905D7832}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{9813AA3E-8941-48EB-B4D8-E4CFA631AFF9}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{985777BB-52BC-47BD-997A-633B62FBABF0}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{98F824C2-BE54-4CB9-8CAB-61F381668055}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{99F671E0-A50C-4EC1-A122-B65016580F80}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{9A11B7F9-9A0C-497F-952A-B04C144DA784}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{9A21370C-3C18-4DE8-9D30-F41C44E56F06}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{9A5D95DA-F455-42C6-B8BA-5F51E4FB5B9E}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{9B36CEEE-FA84-443C-9B63-BE44BFFA7EA8}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{9BC89241-94C6-4676-8F2F-DE773D97CDC5}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{9BFCF946-E2A0-46D1-821F-6F2E4BC663CF}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{9CDAC1D0-AF99-4370-B2E7-DF3EE5830F31}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{9DC8A1A9-1000-4F25-AD57-877247A388CF}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{9E4A1DAB-DA60-4B36-8200-695DC4976FAF}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{9E6EB1EB-92C1-4951-9E2A-EDFD61C6A8CC}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{9FF654AA-CA42-458A-82CA-7FF11C4939DC}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A03CDDEF-53C9-4B96-A3C5-F32E7D7751DB}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A24F3A76-3613-4600-A1B2-845C2D2CABA0}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A3E1DAE5-08E4-4B53-8C3A-7890326C8BF5}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A48B31BD-994E-4BDD-808C-1C8E0888E84B}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A4AFFD63-BC88-4CE3-937C-687F38A41815}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A5172AA5-B8A7-4768-8996-AC7857AE381C}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A5C6E5FF-5041-49A8-A311-CCB46CDC939E}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A5EF2315-FF0E-47BA-90DE-C27C9F3165F8}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A6FE5EAD-F504-4B86-A99D-0519511B02E0}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A7A3A624-98F9-418F-909D-FD71AB36B6E7}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A9998377-06CC-4464-B51D-E53EC4AC75EF}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A9E8A448-73F2-4F15-99D8-923EE676B132}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{AA3E59B6-577B-4A08-A2A4-873FA8E8A806}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{AB917FF5-A568-4240-A13B-AAF9ADE83659}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{AC41E1EF-EC21-4CC3-9E24-6758BEA46E25}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{AD1CBC96-66B3-4383-94F0-7A60C63A373E}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{ADBC6635-6560-4E07-AB52-3FC0AF61CBD5}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{B00A8355-1C7F-407E-AF5E-A1AF6DEBF162}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{B0146E1E-57CC-4736-911E-CC90053507F6}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{B187FA47-E66C-454A-BFE6-615E829A287F}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{B1FF0A44-87B3-4A75-85C6-7687191F0069}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{B3AC75FF-EDC4-43CA-B8CF-5F413851D8DE}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{B411893E-C22C-4B05-9B8A-12A8E4BAEFBF}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{B95FDEEC-E6B3-4FD7-9586-853AF810AAFE}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{B9FCDE01-4544-4E25-9D06-AA6E3A3DD9A4}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{BA395823-B4C4-4C78-A341-71FA1738B475}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{BA476625-BA35-46E3-80B1-BEE361BFD7DF}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{BB0E3A32-EDCF-4DBB-A528-0DEBDEB8D42F}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{BB59D759-2BC4-476C-90D8-4A8464289C4D}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{BBE84428-9864-4F85-A732-6BA6CE72C504}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{BC1114FC-64AF-4B6B-BC25-0127EB959D64}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{BC18AD11-4C17-4793-AE91-CB4278C8DA86}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{BD0AB58E-EDF2-460F-8F21-2DE83EB33B53}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{BD3FB0C6-C7D7-4856-958D-9E06CB75848B}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{BD9EAF22-CCB7-46E3-8E3F-CD6239154BAF}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{BF1CF53F-25AB-4F16-BF5B-978AE3FE8682}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{BFEEF296-57F2-4F63-94E0-9DF6DF0627CD}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{C38A160C-D62F-4385-9088-8E88F416AEB5}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{C56D49B1-7F1F-419D-A5FD-841EE4AE9479}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{C5B62D6A-BD8A-4226-86FF-A69D1A67E0F5}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{C63B0F83-6797-49F1-9EA2-A82ADBAF2DD4}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{C9CE3C22-6CD0-4C80-945C-DA290CCB2F8C}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{C9E04760-9A30-4372-B4DE-882AA7B4EBFC}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{C9F3CDA2-7515-4878-BE51-0C5059F1055C}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{CA3D682E-949C-430E-B5A8-C82767F4213F}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{CB5002D9-C66E-458F-9DDB-65AD0EEE7239}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{CB88BFEA-C5E3-4EE4-8BC6-3A0A587C2687}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{CBC01C32-196B-4B66-BA0D-9188916A2D76}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{CC6A382F-7450-49EC-BFC8-B61A01D6D5B0}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{CC81C7DE-8C2E-4FD8-9A90-6757FB756E5C}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{CC94F686-FCF6-485E-9A94-3D2FCC7B7E25}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{CEDC1C22-81E9-4AC5-92CE-A2F88665449C}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{CF51A888-81B7-4A99-A147-161DEC2C5E97}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D053AE15-F727-45AE-B2F9-26F0CC6738E5}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D0F7085D-CA45-4552-966F-E72BE2BBD684}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D11D182B-1402-4C10-916F-3D09D3143F1F}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D21D91E8-5B98-48F4-B8C8-14BA0DA47BC1}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D2320452-AB2E-4D81-BD94-ED2CE3517B63}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D32F5634-F1CF-4FAF-90C7-CB320FA12962}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D44542D3-E863-4139-8138-24F1BD5743D1}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D48349FA-7851-4BAD-9593-E104969D361B}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D50F76B9-210B-411B-8D68-A86F2FFE3CB6}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D616A1E1-5E5B-407A-889A-0CAC58ED2BE4}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D61F5DAD-45EF-428A-9A72-53B5337881F0}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D7350731-7EB1-4A4B-8E6A-E440E6C7A85B}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D7CE3624-B9F4-4340-B54D-E549D190F461}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D92E2721-9BD1-461B-BEA6-698FEE17BCC6}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{DA69AB5C-3731-4DF3-A61C-653D1F7DBFA4}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{DA7D2B3E-019F-48FB-B888-8DC8ED16A939}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{DACFBFD6-B892-496F-A459-D8CBB00E2FE6}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{DAF591E1-EBE7-4E22-9A67-68E43BA60162}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{DB731382-629E-46C2-8EF1-ABE274E9D887}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{DC97135C-E41C-4D34-B426-F900E4C8C259}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{DCF651DA-7F3F-497A-85F5-6DF8D3D954AC}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{DEE8CD07-D320-4428-AD43-39C8968B7592}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{DEE976F8-CE82-44B3-B4CE-406BCEEB9484}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{DF5F05EB-F8C9-4281-AF7D-EFF3838DFC64}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E0323266-88FD-49F1-AB0D-6D467FFF41EC}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E204F484-337D-4CFA-83C0-9CA2D65D7000}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E2D4617A-F44B-4C3B-905C-7DC412EABA4A}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E37E6910-FAD4-4AA5-9D0B-CC719AC42AEB}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E395AC9F-3233-4F90-8787-3E2158B35017}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E409BE76-211D-44EF-8BED-DD0D5250B04D}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E4E835C5-7979-4BDB-8ADD-98B03036269E}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E6461715-4C00-4FEC-A882-E3F2F2D2127B}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E64C2A66-63A9-4423-A5F2-152BE10D57A2}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E7238A81-0535-48E0-8A1C-F34A9DB19FA8}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E7C97F68-CA03-42C8-9BA3-D27CF2379BEF}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E8B644D8-3E2D-48A8-86D7-585772712F72}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E9346E80-19D0-498D-80A0-C5C1460F9F37}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{EA52F72B-8C46-4732-BCBA-BC0F998CA0F0}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{EB223433-5D22-494B-B2FA-F8141C2F694F}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{EB96398B-B85B-40D2-A3CF-592D0E85E164}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{EBAE2A5F-2D20-4625-8AC9-BBF061519873}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{EC347A49-F397-4185-B1A7-4A24564BEA5B}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{EC34A816-756E-4909-8478-242E430CFFD3}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{EC38D02E-8D20-4788-A9C2-7B50A929BFF9}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{ECAE18A7-D48E-4CEB-967E-B8EB41A7DE2F}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{ECDE1EE7-F125-40C4-BEC1-CEC4F85A2536}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{EE808315-979D-48A0-9ACC-1583D93D445C}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{EE8C29E5-06A5-40B0-9B62-3405B3F535F4}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{EF7A7812-56D6-4899-87C5-CE4E20C0CC74}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F05B0233-B810-435D-9039-3017CBBF0392}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F096B8E9-EBE1-4AD0-9FAB-FDF88457117C}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F196FB9C-A9B3-4801-B192-9AD9EC1C1F97}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F22EF3F8-915D-4E48-A47B-FEB003536CBB}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F2A9CD24-1FD0-4A29-B51D-C25531938AA3}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F2CDA0E2-9D4D-490B-B286-4FC9FF7BBF00}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F36368CD-A694-4C29-8E3F-FFC440E2A4D4}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F3822306-D32B-4086-A0C9-55365F81E793}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F41B8519-23CC-48E1-8C29-EF76EB9DC101}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F559E46B-CA49-4CBB-AE41-7DB05F43E1D5}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F5765B39-4978-4E09-B323-4AD8213197D7}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F5C97EC2-CE17-442F-A9E0-7D9EF3B9B7B6}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F62EFC90-CFFA-4994-8271-8A036F6C5E90}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F6493166-F398-4C0A-97B9-19B50C0150DB}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F85061CF-D321-4583-98B5-C09AF01D9231}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F8CF38BF-C61E-4F20-99A9-48C962B95702}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F9015FDB-C017-44BA-936E-A345D5F8D86F}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F94FE6E6-FD76-48B2-94AD-B89ECE3554E0}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F951EEB7-82B6-480D-B26E-DD296606D5AD}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F987822F-9731-47A0-ABB0-4189C70B43C1}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{FA0A9782-2EDC-48C1-9C5F-A7A67B181003}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{FA52D3B4-F3F3-41A9-B270-4901D1824B1B}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{FA5E45A8-68BE-4E59-8673-134FD3277D3E}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{FAE70310-3E31-4040-ADEB-008E60957E06}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{FD08C757-4563-446D-B52C-66B1D742D50B}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{FE89D105-3980-4E5D-A741-D045306E8200}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{FFB3B458-9B7E-4D93-BBD5-5CFB81A29B6A}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{FFE3ACCD-7608-4DD6-BB05-768E01E70E21}



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 28/09/2014 at 9:45:34.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites
Juliet

Juliet

Posted
Posted

used to had Trend but have since stopped using as license expired

Then you need to remove it.

 

scroll through the list of currently installed programs and uninstall any of these items listed below, if found.

iStartSurf uninstaller,

iStartSurf NewTab,

Wsys Control

WPM17.8.0.3159,

Extended Protection,

IePluginService,

SupTab

and any other recently installed unknown program from your computer.

 

 

Open Internet Explorer, click on the gear icon in the upper right part of your browser, then click again on Internet Options.

In the Internet Options dialog box, click on the Advanced tab, then click on the Reset button.

In the Reset Internet Explorer settings section, select the Delete personal settings check box, then click on Reset button.

When Internet Explorer has completed its task, click on the Close button in the confirmation dialogue box. You will now need to close your browser,

 

 

Click on the Chrome menu buttonClipboard01_zps2e55f676.jpgon the browser toolbar, select Tools, and then click on Extensions.

In the Extensions tab, remove iStartSurf NewTab, Extended Protection 1.9, Lightning Newtab and any other unknown extensions by clicking the trash can.

Basically, if you have not installed a Chrome extension, you should remove it from your web browser.

 

NEXT

Click the Chrome menu Chrome menu button, Clipboard01_zps2e55f676.jpg then select Settings and click on Manage search engines in the Search section.

In the Search Engines dialog that appears, select Google and click the Make Default button that appears in the row.

Search for iStartSurf in the Search Engines list, and click the X button that appears at the end of the row.

 

Change Google Chrome homepage from iStartSurf.com to its default.

iStartSurf has modified your Google settings to open their webpage whenever you start your browser, so we will need to revert this change.

 

Click the Chrome menu Chrome menu button Clipboard01_zps2e55f676.jpg, then select Settings and click on One the New Tab page in the On Startup section.

 

 

 

 

In Chrome you will need to reset your default search option manually.

To do this:

Click the Chrome menu on the browser toolbar Clipboard01_zps2e55f676.jpg

Select Settings.

In the Search section, click Manage search engines.

Check if (Default) is displayed next to your preferred search engine (such as Google). If not, hover the mouse over it and click to make Google default.

Hover the mouse over any other suspicious search engine entries istartsurf and any others that are not familiar and click X to remove them.

Reboot

 

********************

 

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

 

Do not click on any links in the top Advertisment.

 

 

adwcleaner_download.png

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
  • NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
~~~~~~~~~~~~~~~~~~~~~~~~~

 

Download Malwarebytes' Anti-Malware to your desktop.

  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Dections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Shortcut Cleaner

    http://www.bleepingcomputer.com/download/shortcut-cleaner/

     

    Shortcut Cleaner is a utility that will scan your computer for Windows shortcuts that have been hijacked by unwanted or malicious software. When Shortcut Cleaner finds bad shortcuts, it will automatically clean them so that they do not open unwanted programs.

     

     

    Please post:

    C:\AdwCleaner.txt

    Malwarebytes log

    sc-cleaner.txt

Link to post
Share on other sites
mattyang

mattyang

Posted
  • Author
Posted (edited)

Then you need to remove it.

 

scroll through the list of currently installed programs and uninstall any of these items listed below, if found.

iStartSurf uninstaller,

iStartSurf NewTab,

Wsys Control

WPM17.8.0.3159,

Extended Protection,

IePluginService,

SupTab

and any other recently installed unknown program from your computer.

 

Ok I can see how this is going to be a long drawn out process of cleaning up my notebook.

 

So far I did uninstalled Trend from my notebook from the list of programs installed. Have gone through the list again but its not found there, am I missing a step somewhere?

 

Also did a search for the mentioned programs to be uninstalled but did not find any.

 

Browsers issued solved after running Adwcleaner. Result as follows:

 

# AdwCleaner v3.310 - Report created 28/09/2014 at 12:26:14

# Updated 12/09/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)

# Username : Matt - MATT-PC

# Running from : C:\Users\Matt\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\AVG Secure Search

Folder Deleted : C:\ProgramData\AVG Security Toolbar

Folder Deleted : C:\Program Files\globalUpdate

Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

Folder Deleted : C:\Users\Matt\AppData\Local\globalUpdate

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk

Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk

Shortcut Disinfected : C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Shortcut Disinfected : C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

Shortcut Disinfected : C:\Users\Matt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

Shortcut Disinfected : C:\Users\Matt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

Shortcut Disinfected : C:\Users\Matt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

 

***** [ Registry ] *****

 

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SAFARI.EXE\shell\open\command

Key Deleted : HKCU\Software\GlobalUpdate

Key Deleted : HKCU\Software\InstalledBrowserExtensions

Key Deleted : HKCU\Software\vShare.tv

Key Deleted : HKLM\SOFTWARE\GlobalUpdate

Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17280

 

 

-\\ Mozilla Firefox v32.0.3 (x86 en-GB)

 

[ File : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\p3dkmt60.default-1411826126322\prefs.js ]

 

 

-\\ Google Chrome v37.0.2062.124

 

[ File : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [search Provider] : hxxp://startsear.ch/?aff=1&q={searchTerms}

Deleted [search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1411813995&from=ild&uid=HitachiXHTS545050B9A300_100309PBN40617CMHYMEX&q={searchTerms}

Deleted [startup_urls] : hxxp://www.istartsurf.com/?type=hp&ts=1411813995&from=ild&uid=HitachiXHTS545050B9A300_100309PBN40617CMHYMEX

 

*************************

 

AdwCleaner[R0].txt - [11034 octets] - [28/09/2014 12:13:17]

AdwCleaner[s0].txt - [10050 octets] - [28/09/2014 12:26:14]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10111 octets] ##########

 

 

Malwarebyte scan results:

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 28/9/2014

Scan Time: 3:46:19 PM

Logfile: malware scan.txt

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.09.28.02

Rootkit Database: v2014.09.19.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x86

File System: NTFS

User: Matt

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 300461

Time Elapsed: 13 min, 42 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

SC Cleaner scan result:

 

Shortcut Cleaner 1.3.3 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2014 BleepingComputer.com

More Information about Shortcut Cleaner can be found at this link:

http://www.bleepingcomputer.com/download/shortcut-cleaner/

 

Windows Version: Windows 7 Home Premium Service Pack 1

Program started at: 09/28/2014 04:02:33 PM.

 

Scanning for registry hijacks:

 

* No issues found in the Registry.

 

Searching for Hijacked Shortcuts:

 

Searching C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\

 

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

 

Searching C:\Users\Matt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

 

Searching C:\Users\Public\Desktop\

 

Searching C:\Users\Matt\Desktop

 

 

0 bad shortcuts found.

 

Program finished at: 09/28/2014 04:02:37 PM

Execution time: 0 hours(s), 0 minute(s), and 3 seconds(s)

 

Edited by mattboy
Link to post
Share on other sites
Juliet

Juliet

Posted
Posted

 

Browsers issued solved after running Adwcleaner. Result as follows:

 

yeah!

 

OK, this last scan should be the last one we have to do.

 

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.

Most reliable and thorough.

The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.

This scanner can take quite a bit of time to run, depending of course how full your computer is.

 

 

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note:

    For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan.

 

Link to post
Share on other sites
mattyang

mattyang

Posted
  • Author
Posted

Hi Juliet, result of ESET Online scan as follows:

 

C:\$Recycle.Bin\S-1-5-21-2988392325-1286642985-2377832700-1005\$RZCNRZM\4s4eywhw.default\extensions\[email protected]\uninstall.exe Win32/Toolbar.Montiera.B potentially unwanted application
C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmEng.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmsrv.exe a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program Files\CheckPoint\Install\CUninstallerZA.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Users\Matt\AppData\Roaming\DJZBF JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\Matt\AppData\Roaming\FWVJSTT JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\Matt\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall.exe Win32/Toolbar.Montiera.B potentially unwanted application
C:\Users\Matt\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall_d.exe Win32/Toolbar.Montiera.B potentially unwanted application
C:\Users\Matt\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm4ffx.exe Win32/Toolbar.Montiera.E potentially unwanted application
C:\Users\Matt\Downloads\ccsetup413.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Matt\Downloads\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Matt\Downloads\ccsetup415.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Matt\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Matt\Downloads\ccsetup417.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Matt\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Matt\Downloads\zafwSetupWeb_133_052_000.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Windows\Installer\MSI2076.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Windows\Installer\MSI2434.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

Link to post
Share on other sites
Juliet

Juliet

Posted
Posted

Good deal

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

start

CloseProcesses:

C:\$Recycle.Bin\S-1-5-21-2988392325-1286642985-2377832700-1005\$RZCNRZM\4s4eywhw.default\extensions\[email protected]\uninstall.exe

C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmEng.dll

C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmsrv.exe

C:\Program Files\CheckPoint\Install\CUninstallerZA.exe

C:\Users\Matt\AppData\Roaming\DJZBF

C:\Users\Matt\AppData\Roaming\FWVJSTT

C:\Users\Matt\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall.exe

C:\Users\Matt\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall_d.exe

C:\Users\Matt\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm4ffx.exe

C:\Users\Matt\Downloads\ccsetup413.exe

C:\Users\Matt\Downloads\ccsetup414.exe

C:\Users\Matt\Downloads\ccsetup415.exe

C:\Users\Matt\Downloads\ccsetup416.exe

C:\Users\Matt\Downloads\ccsetup417.exe

C:\Users\Matt\Downloads\CuteWriter.exe

C:\Users\Matt\Downloads\zafwSetupWeb_133_052_000.exe

C:\Windows\Installer\MSI2076.tmp

C:\Windows\Installer\MSI2434.tmp

EmptyTemp:

End

Open FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

******************

 

Please run this security check.

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Post these 2 logs please

 

How's your computer now?

Link to post
Share on other sites
mattyang

mattyang

Posted
  • Author
Posted (edited)

Hi Juliet, please find the result of both scans:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-09-2014
Ran by Matt at 2014-09-30 18:56:53 Run:2
Running from C:\Users\Matt\Desktop
Loaded Profile: Matt (Available profiles: Matt)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\$Recycle.Bin\S-1-5-21-2988392325-1286642985-2377832700-1005\$RZCNRZM\4s4eywhw.default\extensions\[email protected]\uninstall.exe
C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmEng.dll
C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmsrv.exe
C:\Program Files\CheckPoint\Install\CUninstallerZA.exe
C:\Users\Matt\AppData\Roaming\DJZBF
C:\Users\Matt\AppData\Roaming\FWVJSTT
C:\Users\Matt\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall.exe
C:\Users\Matt\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall_d.exe
C:\Users\Matt\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm4ffx.exe
C:\Users\Matt\Downloads\ccsetup413.exe
C:\Users\Matt\Downloads\ccsetup414.exe
C:\Users\Matt\Downloads\ccsetup415.exe
C:\Users\Matt\Downloads\ccsetup416.exe
C:\Users\Matt\Downloads\ccsetup417.exe
C:\Users\Matt\Downloads\CuteWriter.exe
C:\Users\Matt\Downloads\zafwSetupWeb_133_052_000.exe
C:\Windows\Installer\MSI2076.tmp
C:\Windows\Installer\MSI2434.tmp
EmptyTemp:
End
*****************

Processes closed successfully.
C:\$Recycle.Bin\S-1-5-21-2988392325-1286642985-2377832700-1005\$RZCNRZM\4s4eywhw.default\extensions\[email protected]\uninstall.exe => Moved successfully.
C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmEng.dll => Moved successfully.
C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmsrv.exe => Moved successfully.
C:\Program Files\CheckPoint\Install\CUninstallerZA.exe => Moved successfully.
C:\Users\Matt\AppData\Roaming\DJZBF => Moved successfully.
C:\Users\Matt\AppData\Roaming\FWVJSTT => Moved successfully.
C:\Users\Matt\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall.exe => Moved successfully.
C:\Users\Matt\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall_d.exe => Moved successfully.
C:\Users\Matt\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm4ffx.exe => Moved successfully.
C:\Users\Matt\Downloads\ccsetup413.exe => Moved successfully.
C:\Users\Matt\Downloads\ccsetup414.exe => Moved successfully.
C:\Users\Matt\Downloads\ccsetup415.exe => Moved successfully.
C:\Users\Matt\Downloads\ccsetup416.exe => Moved successfully.
C:\Users\Matt\Downloads\ccsetup417.exe => Moved successfully.
C:\Users\Matt\Downloads\CuteWriter.exe => Moved successfully.
C:\Users\Matt\Downloads\zafwSetupWeb_133_052_000.exe => Moved successfully.
C:\Windows\Installer\MSI2076.tmp => Moved successfully.
C:\Windows\Installer\MSI2434.tmp => Moved successfully.
EmptyTemp: => Removed 449.5 MB temporary data.


The system needed a reboot.

Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG AntiVirus Free Edition 2014
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
AVG Web TuneUp
CCleaner
Java 7 Update 67
Adobe Flash Player 15.0.0.152
Adobe Reader XI
Mozilla Firefox (32.0.3)
Google Chrome 37.0.2062.120
Google Chrome 37.0.2062.124
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
CheckPoint ZoneAlarm ZaPrivacyService.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

So far everything looks ok but my main concern now is that since I am actually using free ware from AVG, would it mean my level of protection will be less "pro-active" in that sense?

Edited by mattboy
Link to post
Share on other sites
Juliet

Juliet

Posted
Posted

Many people use AVG and feel very secure. Securing a computer is done in layered applications that handle different jobs in 'holding down the fort.'

In this reply I'll give options in security programs that explain how and why.

 

Let's remove tools and quarantine folders now since we're done here.

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked

    Also tick:

  • Create registry backup
  • Click Run
  • Purge system restore

    delfix.jpg

  • Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.

     

    ~~~~~~~~~~~~~~~~~~~~~~~~`

     

    Your good to go, good job!

     

    Please take the time to read over a few of my preventive tips.

     

    Computer Security

    http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    Be prepared for CryptoLocker:

     

    Cryptolocker Ransomware: What You Need To Know

     

    CryptoLocker Ransomware Information Guide and FAQ

     

    to help protect your computer in the future I recommend that you get the following free programmes:

     

    CryptoPrevent install this programme to lock down and prevent crypto ransome ware

     

    CryptoPrevent.JPG

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.

     

     

    Firefox 3

    The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

    *NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

     

    AdblockPlus

  • AdblockPlus, Surf the web without annoying ads!
  • Blocks banners, pop-ups and video ads - even on Facebook and YouTube
  • Protects your online privacy
  • Two-click installation, It's free!
  • click the icon that corresponds to your browser and download.
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

  • Green should be good to go
  • Yellow for caution
  • Red to stop
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    How to prevent Malware: Created by Miekiemoes

     

     

    WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java

    See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/

    and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755

     

    I would recommend that you completely uninstall Java unless you need it to run an important software.

    In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/))

     

     

    Avoid P2P

     

    P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

     

    Please read these short reports on the dangers of peer-2-peer programs and file sharing.

  • FBI Cyber Education Letter

    USAToday

    infoworld

  • *********************************************

    Please read the following safe computing articles..

     

    Secure My Computer: A Layered Approach

     

     

    Free Antivirus-AntiSpyware-Firewall SoftwareKeep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

     

     

  • It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
  • Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
  • You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC
Link to post
Share on other sites
caintry_boy

caintry_boy

Posted
Posted

Thank you very much Juliet for your patience in guarding me through the process of cleaning up my notebook. Indeed you are a beacon of light to guide lost souls like me in this rapid changing tech world.... :clap:

 

:worship:

 

 

 

 

:geezer:

Link to post
Share on other sites
Juliet

Juliet

Posted
Posted

 

Thank you very much Juliet for your patience in guarding me through the process of cleaning up my notebook. Indeed you are a beacon of light to guide lost souls like me in this rapid changing tech world.

 

lol

we're glad to help.

 

thank you Roger :)

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Followers 0
Go to topic listing
×
×
  • Create New...