Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

http://uk.woofi.info/ [Closed]


  • This topic is locked This topic is locked

#1
hellomut

hellomut

    Member

  • Member
  • PipPip
  • 39 posts
Hi when I start my laptop instead of IE I get http://uk.woofi.info/ what is this and how do I get rid of it, I am using vista home. I have run microsoft scan and Malwarebytes anti-malware and found nothing.
  • 0

Advertisements


#2
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello hellomut :welcome:

My name is Nutloaf, and I will be helping you with your malware issues.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.

Please take time to read all instructions and fixes thoroughly.
  • I would advise printing any instructions for easy reference. Also, some of the fixes may require you to boot in Safe mode and access to the GeeksToGo website will be unavailable.
  • Any fixes provided by myself are for this log file only and cannot be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened if you still require assitance.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


Removing malware is a complicated multiple step process, please stay with me until I have declared your system clean.


Finally before we start:

It is impossible for me to foresee all interactions that may happen between the software on your computer and the tools used to clear you of infection. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

I strongly recommend to backup your personal files and folders before you start the malware removal process.


DOWNLOAD OTL
  • Using this link Download OTL and save it to your Desktop
  • If saved to another location, right click the OTL icon and Select Cut then right click on Desktop and select Paste
  • Right click the OTL icon and select Run as Administrator.
  • Make sure the following boxes are checked:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Purity Check
  • In the Extra Registry box select Use Safe List
  • Now Click Run Scan
  • OTL will now scan your computer and produce 2 log files. OTL.txt and Extras.txt.
  • Post both in your next reply

Things I want to see in your next post.
  • OTL.txt
  • Extras.txt

  • 0

#3
hellomut

hellomut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi Nutloaf thanks for your help, here are the reports from the scan you asked me for I think are are what you want.





OTL logfile created on: 11/06/2013 20:47:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\shadbolt\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.57 Gb Available Physical Memory | 38.05% Memory free
3.25 Gb Paging File | 1.15 Gb Available in Paging File | 35.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 64.37 Gb Free Space | 43.19% Space Free | Partition Type: NTFS

Computer Name: SHADBOLT-PC | User Name: shadbolt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/11 20:42:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe
PRC - [2013/06/03 10:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
PRC - [2013/05/16 17:20:32 | 000,029,976 | ---- | M] () -- C:\Program Files\sysTPL\sysTPLMonitor.exe
PRC - [2013/05/15 15:46:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
PRC - [2013/05/15 15:46:22 | 000,813,448 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe
PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/10 17:11:52 | 000,168,592 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/21 09:04:28 | 001,124,184 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/03/21 09:04:26 | 002,115,416 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/09/03 13:11:26 | 000,323,584 | ---- | M] (Inventec Corp.) -- C:\Program Files\FSC\Wireless Utility\Wireless Selector.exe
PRC - [2008/08/12 16:21:12 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/21 03:34:31 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2003/06/12 02:42:18 | 000,114,688 | ---- | M] () -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/03 10:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
MOD - [2013/06/03 10:57:01 | 002,521,552 | ---- | M] () -- c:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2013/04/03 11:50:23 | 000,557,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2003/06/12 02:42:18 | 000,114,688 | ---- | M] () -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe


========== Services (SafeList) ==========

SRV - [2013/06/03 10:57:49 | 003,085,264 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2013/05/16 17:20:32 | 000,032,024 | ---- | M] () [Auto | Stopped] -- C:\Program Files\sysTPL\sysTPLService.exe -- (sysTPLService.exe)
SRV - [2013/05/16 17:20:32 | 000,029,976 | ---- | M] () [Auto | Running] -- C:\Program Files\sysTPL\sysTPLMonitor.exe -- (sysTPLMonitor.exe)
SRV - [2013/05/15 15:46:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/10 17:11:52 | 000,168,592 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/21 09:04:28 | 001,124,184 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/03/01 13:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/13 23:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\SPIXNEW.SYS -- (SUNPLUS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\shadbolt\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/04/03 11:50:18 | 000,317,112 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_51755.sys -- (RapportCerberus_51755)
DRV - [2013/03/21 09:04:42 | 000,173,880 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/03/21 09:04:42 | 000,102,680 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/03/21 09:04:42 | 000,102,008 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/09/05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/01 08:19:18 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/07/22 10:21:08 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/07/15 17:00:06 | 000,016,384 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FSCSLII.sys -- (FSCSLII)
DRV - [2007/12/19 18:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007/10/31 11:23:00 | 000,124,960 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/10/31 11:23:00 | 000,115,744 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/09/29 13:30:52 | 000,065,024 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.woofi.info
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877

IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.co.uk/ [binary data]
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{24565CBD-AB93-48A0-AF1E-6416D26A4742}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{BBD50584-789C-4338-BD79-FDF22CD2C285}: "URL" = http://websearch.ask...E-6F0510AB8208
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2012/08/13 10:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [sysTPL] C:\Program Files\sysTPL\sysTPL.exe ()
O4 - HKLM..\Run: [Touchpad_Hotkey] C:\Program Files\FSC\Wireless Utility\Touchpad Hotkey.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Wireless_Selector] C:\Program Files\FSC\Wireless Utility\Wireless Selector.exe (Inventec Corp.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{947C342D-E596-4FCA-961C-2CF318C18106}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261339~1.144\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/11 20:42:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe
[2013/06/09 17:16:32 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Roaming\Malwarebytes
[2013/06/09 17:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/09 17:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/09 17:15:50 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/06/09 17:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/06/09 10:36:32 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Local\Apps
[2013/05/26 12:05:21 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Roaming\Rovio
[2013/05/26 12:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio
[2013/05/26 12:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Rovio
[2013/05/26 12:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\enginesysTPL
[2013/05/26 12:00:25 | 000,000,000 | -HSD | C] -- C:\Windows\System32\AI_RecycleBin
[2013/05/26 11:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\sysTPL
[2013/05/26 11:58:50 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Roaming\Tlapia
[2013/05/15 10:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop
[2013/05/15 10:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/11 20:48:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/11 20:48:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/11 20:42:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe
[2013/06/09 18:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/09 17:59:13 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/09 17:16:21 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/09 15:58:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/09 14:47:33 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/06/09 14:47:30 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/06/09 14:47:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/09 14:46:36 | 1608,900,608 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/09 14:45:23 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/05/31 18:14:45 | 000,002,637 | ---- | M] () -- C:\Users\shadbolt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2013/05/30 00:06:15 | 190,565,979 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/05/26 12:05:03 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds Rio.lnk
[2013/05/26 12:02:14 | 000,000,000 | ---- | M] () -- C:\Windows\System32\wget-log
[2013/05/24 15:25:36 | 000,001,995 | ---- | M] () -- C:\Users\shadbolt\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/24 15:25:36 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/23 08:50:36 | 000,612,100 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/23 08:50:36 | 000,109,516 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/15 10:57:40 | 000,372,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/13 08:55:46 | 000,030,916 | ---- | M] () -- C:\Users\shadbolt\Desktop\944280_10200970758821450_485151624_n[1].jpg
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/09 17:16:21 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/26 12:05:03 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds Rio.lnk
[2013/05/26 12:02:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wget-log
[2013/05/13 08:57:52 | 000,030,916 | ---- | C] () -- C:\Users\shadbolt\Desktop\944280_10200970758821450_485151624_n[1].jpg
[2012/09/01 18:00:37 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012/01/13 16:06:11 | 000,036,587 | ---- | C] () -- C:\Windows\unvpeye.ini
[2010/08/06 20:04:07 | 000,013,312 | ---- | C] () -- C:\Users\shadbolt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/04 20:18:37 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/08/04 20:14:40 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/29 20:51:13 | 000,000,680 | ---- | C] () -- C:\Users\shadbolt\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/08/13 10:11:15 | 000,000,000 | ---D | M] -- C:\Users\shadbolt\AppData\Roaming\Babylon
[2010/08/10 18:51:36 | 000,000,000 | ---D | M] -- C:\Users\shadbolt\AppData\Roaming\DriverCure
[2013/05/26 12:05:21 | 000,000,000 | ---D | M] -- C:\Users\shadbolt\AppData\Roaming\Rovio
[2013/05/26 12:03:05 | 000,000,000 | ---D | M] -- C:\Users\shadbolt\AppData\Roaming\Tlapia

========== Purity Check ==========



< End of report >

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\shadbolt\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.57 Gb Available Physical Memory | 38.05% Memory free
3.25 Gb Paging File | 1.15 Gb Available in Paging File | 35.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 64.37 Gb Free Space | 43.19% Space Free | Partition Type: NTFS

Computer Name: SHADBOLT-PC | User Name: shadbolt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E2C0250-7AE5-4151-9D15-A9C9638063C5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2279B924-6ECC-4CE9-BF51-7B652F4FC377}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{400345B6-B29E-4910-8246-BDADB92C181E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A9FE20C-1B30-4A8E-847F-A43A00F1AA93}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{579A72EB-59EC-46FD-A2B5-ECBA30771282}" = lport=2869 | protocol=6 | dir=in | app=system |
"{602DC809-86EB-44A4-8135-5BED17A8267F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7FBC7D60-5253-421C-9251-37C18545EB81}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F4A6644-71BB-4034-89F6-9E10527A417C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A3672045-1DBE-45F9-80B6-021638F0C5C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AD8E8D70-17DF-4681-B982-3F5A231E78E5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CDB0F1D8-C28B-477D-906C-BA6CCE90B56A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D00D35D1-9734-4288-986E-2DC7173960F4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{D26684FB-A868-44B5-8354-C2156AA5F434}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FF4581A9-4EE8-4710-97C5-7E9396E042A8}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C8121B-FCDC-419A-8154-EB3123B99851}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2CD9BDDB-8B78-4151-9EB3-5793FECAA73D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{392851F9-9A6A-4E74-ABA5-30A4807940D2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{43F11DEB-C794-4427-8F20-056A82FD7C2E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{446933C3-18A8-4C68-9C4A-518FE23CD91B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{456EE8C0-E3F7-47F2-80AD-02EAE34525F4}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{45F13DB1-72E3-428F-B0A7-7BDE3B2B4306}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{47763EDA-9041-40BC-910F-8E87C27B27A4}" = protocol=6 | dir=out | app=system |
"{58938025-154F-4CEC-9D59-C9B94B728E2D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{651F276D-F903-440F-8CC3-AED091E2D459}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D1EA845-3ADB-42EE-AEFE-A93511804F57}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7F11E426-706C-4075-B863-43FA027E31A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{92BFA062-E482-4E03-B749-552792D13A4E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A3AA04DA-A246-4820-8326-011BB147C350}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A898AA63-69E7-46C2-9C2E-1B0373E38027}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B9B87347-76AF-4289-A870-FCF9068BEAAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BE7B9C89-D908-4201-A37D-A24EED8CBC83}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E3849FF0-8057-4224-A7D0-F38E9AC23651}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{FC04C91A-7ADD-4224-B74A-CE3C70F56760}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59E3B807-2D5A-4AAE-A6C7-62F9A1615E84}" = sysTPL
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{A409B55C-DD9B-4157-86D7-FD6F4F0F2C1A}" = Angry Birds Rio
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CADA6C3C-C7B5-47F3-98C5-0900326B2E79}" = Wireless Utility
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE1FC5C3-6A09-4D3F-B084-6A5288AFE8F9}" = QuickEngine
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"QuickEngine 1.0.1" = QuickEngine
"Rapport_msi" = Rapport
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/06/2013 04:35:52 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

Error - 11/06/2013 04:37:15 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

Error - 11/06/2013 04:52:32 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

Error - 11/06/2013 04:53:51 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

Error - 11/06/2013 04:58:24 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

Error - 11/06/2013 05:02:58 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

Error - 11/06/2013 05:30:17 | Computer Name = shadbolt-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/06/2013 05:30:17 | Computer Name = shadbolt-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/06/2013 05:30:17 | Computer Name = shadbolt-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/06/2013 05:31:18 | Computer Name = shadbolt-PC | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 11/06/2013 16:01:26 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/06/2013 16:01:26 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 11/06/2013 16:01:30 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 11/06/2013 16:01:30 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/06/2013 16:01:37 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 11/06/2013 16:01:37 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/06/2013 16:02:41 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 11/06/2013 16:02:41 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/06/2013 16:02:41 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 11/06/2013 16:02:41 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\shadbolt\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.57 Gb Available Physical Memory | 38.05% Memory free
3.25 Gb Paging File | 1.15 Gb Available in Paging File | 35.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 64.37 Gb Free Space | 43.19% Space Free | Partition Type: NTFS

Computer Name: SHADBOLT-PC | User Name: shadbolt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E2C0250-7AE5-4151-9D15-A9C9638063C5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2279B924-6ECC-4CE9-BF51-7B652F4FC377}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{400345B6-B29E-4910-8246-BDADB92C181E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A9FE20C-1B30-4A8E-847F-A43A00F1AA93}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{579A72EB-59EC-46FD-A2B5-ECBA30771282}" = lport=2869 | protocol=6 | dir=in | app=system |
"{602DC809-86EB-44A4-8135-5BED17A8267F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7FBC7D60-5253-421C-9251-37C18545EB81}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F4A6644-71BB-4034-89F6-9E10527A417C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A3672045-1DBE-45F9-80B6-021638F0C5C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AD8E8D70-17DF-4681-B982-3F5A231E78E5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CDB0F1D8-C28B-477D-906C-BA6CCE90B56A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D00D35D1-9734-4288-986E-2DC7173960F4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{D26684FB-A868-44B5-8354-C2156AA5F434}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FF4581A9-4EE8-4710-97C5-7E9396E042A8}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C8121B-FCDC-419A-8154-EB3123B99851}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2CD9BDDB-8B78-4151-9EB3-5793FECAA73D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{392851F9-9A6A-4E74-ABA5-30A4807940D2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{43F11DEB-C794-4427-8F20-056A82FD7C2E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{446933C3-18A8-4C68-9C4A-518FE23CD91B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{456EE8C0-E3F7-47F2-80AD-02EAE34525F4}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{45F13DB1-72E3-428F-B0A7-7BDE3B2B4306}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{47763EDA-9041-40BC-910F-8E87C27B27A4}" = protocol=6 | dir=out | app=system |
"{58938025-154F-4CEC-9D59-C9B94B728E2D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{651F276D-F903-440F-8CC3-AED091E2D459}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D1EA845-3ADB-42EE-AEFE-A93511804F57}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7F11E426-706C-4075-B863-43FA027E31A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{92BFA062-E482-4E03-B749-552792D13A4E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A3AA04DA-A246-4820-8326-011BB147C350}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A898AA63-69E7-46C2-9C2E-1B0373E38027}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B9B87347-76AF-4289-A870-FCF9068BEAAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BE7B9C89-D908-4201-A37D-A24EED8CBC83}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E3849FF0-8057-4224-A7D0-F38E9AC23651}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{FC04C91A-7ADD-4224-B74A-CE3C70F56760}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59E3B807-2D5A-4AAE-A6C7-62F9A1615E84}" = sysTPL
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{A409B55C-DD9B-4157-86D7-FD6F4F0F2C1A}" = Angry Birds Rio
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CADA6C3C-C7B5-47F3-98C5-0900326B2E79}" = Wireless Utility
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE1FC5C3-6A09-4D3F-B084-6A5288AFE8F9}" = QuickEngine
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"QuickEngine 1.0.1" = QuickEngine
"Rapport_msi" = Rapport
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/06/2013 04:35:52 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

Error - 11/06/2013 04:37:15 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

Error - 11/06/2013 04:52:32 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

Error - 11/06/2013 04:53:51 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

Error - 11/06/2013 04:58:24 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

Error - 11/06/2013 05:02:58 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

Error - 11/06/2013 05:30:17 | Computer Name = shadbolt-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/06/2013 05:30:17 | Computer Name = shadbolt-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/06/2013 05:30:17 | Computer Name = shadbolt-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/06/2013 05:31:18 | Computer Name = shadbolt-PC | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 11/06/2013 16:01:26 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/06/2013 16:01:26 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 11/06/2013 16:01:30 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 11/06/2013 16:01:30 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/06/2013 16:01:37 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 11/06/2013 16:01:37 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/06/2013 16:02:41 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 11/06/2013 16:02:41 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/06/2013 16:02:41 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 11/06/2013 16:02:41 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\shadbolt\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.57 Gb Available Physical Memory | 38.05% Memory free
3.25 Gb Paging File | 1.15 Gb Available in Paging File | 35.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 64.37 Gb Free Space | 43.19% Space Free | Partition Type: NTFS

Computer Name: SHADBOLT-PC | User Name: shadbolt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E2C0250-7AE5-4151-9D15-A9C9638063C5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2279B924-6ECC-4CE9-BF51-7B652F4FC377}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{400345B6-B29E-4910-8246-BDADB92C181E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A9FE20C-1B30-4A8E-847F-A43A00F1AA93}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{579A72EB-59EC-46FD-A2B5-ECBA30771282}" = lport=2869 | protocol=6 | dir=in | app=system |
"{602DC809-86EB-44A4-8135-5BED17A8267F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7FBC7D60-5253-421C-9251-37C18545EB81}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F4A6644-71BB-4034-89F6-9E10527A417C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A3672045-1DBE-45F9-80B6-021638F0C5C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AD8E8D70-17DF-4681-B982-3F5A231E78E5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CDB0F1D8-C28B-477D-906C-BA6CCE90B56A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D00D35D1-9734-4288-986E-2DC7173960F4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{D26684FB-A868-44B5-8354-C2156AA5F434}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FF4581A9-4EE8-4710-97C5-7E9396E042A8}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C8121B-FCDC-419A-8154-EB3123B99851}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2CD9BDDB-8B78-4151-9EB3-5793FECAA73D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{392851F9-9A6A-4E74-ABA5-30A4807940D2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{43F11DEB-C794-4427-8F20-056A82FD7C2E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{446933C3-18A8-4C68-9C4A-518FE23CD91B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{456EE8C0-E3F7-47F2-80AD-02EAE34525F4}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{45F13DB1-72E3-428F-B0A7-7BDE3B2B4306}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{47763EDA-9041-40BC-910F-8E87C27B27A4}" = protocol=6 | dir=out | app=system |
"{58938025-154F-4CEC-9D59-C9B94B728E2D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{651F276D-F903-440F-8CC3-AED091E2D459}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D1EA845-3ADB-42EE-AEFE-A93511804F57}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7F11E426-706C-4075-B863-43FA027E31A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{92BFA062-E482-4E03-B749-552792D13A4E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A3AA04DA-A246-4820-8326-011BB147C350}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A898AA63-69E7-46C2-9C2E-1B0373E38027}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B9B87347-76AF-4289-A870-FCF9068BEAAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BE7B9C89-D908-4201-A37D-A24EED8CBC83}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E3849FF0-8057-4224-A7D0-F38E9AC23651}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{FC04C91A-7ADD-4224-B74A-CE3C70F56760}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59E3B807-2D5A-4AAE-A6C7-62F9A1615E84}" = sysTPL
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{A409B55C-DD9B-4157-86D7-FD6F4F0F2C1A}" = Angry Birds Rio
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CADA6C3C-C7B5-47F3-98C5-0900326B2E79}" = Wireless Utility
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE1FC5C3-6A09-4D3F-B084-6A5288AFE8F9}" = QuickEngine
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"QuickEngine 1.0.1" = QuickEngine
"Rapport_msi" = Rapport
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/06/2013 04:35:52 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

Error - 11/06/2013 04:37:15 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

Error - 11/06/2013 04:52:32 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

Error - 11/06/2013 04:53:51 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

Error - 11/06/2013 04:58:24 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

Error - 11/06/2013 05:02:58 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

Error - 11/06/2013 05:30:17 | Computer Name = shadbolt-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/06/2013 05:30:17 | Computer Name = shadbolt-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/06/2013 05:30:17 | Computer Name = shadbolt-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/06/2013 05:31:18 | Computer Name = shadbolt-PC | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 11/06/2013 16:01:26 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/06/2013 16:01:26 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 11/06/2013 16:01:30 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 11/06/2013 16:01:30 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/06/2013 16:01:37 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 11/06/2013 16:01:37 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/06/2013 16:02:41 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 11/06/2013 16:02:41 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/06/2013 16:02:41 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 11/06/2013 16:02:41 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >
  • 0

#4
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there, good job they are indeed what I needed to see :thumbsup:

I will review these now and get a fix together. It will need to be checked so tomorrow at the latest :)
  • 0

#5
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there got some stuff for you to do :)


Please complete the following in the order given.

1. Uninstall
You have an outdated version of Adobe and Chrome isn't present in the scan so I would like you to uninstall these along with Browser Manager.
  • Click Start then Control Panel and click Uninstall a Program or Programs and Features and uninstall the following:
  • Browser Manager
  • Adobe Reader X
  • Google Chrome

2. OTL Fix
Open OTL then Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

:COMMANDS
[CREATERESTOREPOINT]

:OTL
SRV - [2013/06/03 10:57:49 | 003,085,264 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.woofi.info
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{24565CBD-AB93-48A0-AF1E-6416D26A4742}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{BBD50584-789C-4338-BD79-FDF22CD2C285}: "URL" = http://websearch.ask...E-6F0510AB8208

O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261339~1.144\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()

[2012/08/13 10:11:15 | 000,000,000 | ---D | M] -- C:\Users\shadbolt\AppData\Roaming\Babylon
[2010/08/10 18:51:36 | 000,000,000 | ---D | M] -- C:\Users\shadbolt\AppData\Roaming\DriverCure

:FILES
ipconfig /flushdns /c
C:\ProgramData\Browser Manager

:COMMANDS
[RESETHOSTS]
[EMPTYTEMP]

  • Then click Run Fix
  • Click O.K to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste Fix Log into your next reply.

3. Security Check
Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

4. Run ADWcleaner

Things I want to see in your next post.
  • OTL fix.txt
  • checkup.txt
  • ADWcleaner log

  • 0

#6
hellomut

hellomut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi thanks again for your help
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named Browser Manager was found to stop!
Service\Driver key Browser Manager not found.
File move failed. C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe scheduled to be moved on reboot.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_USERS\S-1-5-21-1354192852-3371487025-2257261009-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1354192852-3371487025-2257261009-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1354192852-3371487025-2257261009-1000\Software\Microsoft\Internet Explorer\SearchScopes\{24565CBD-AB93-48A0-AF1E-6416D26A4742}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24565CBD-AB93-48A0-AF1E-6416D26A4742}\ not found.
Registry key HKEY_USERS\S-1-5-21-1354192852-3371487025-2257261009-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-1354192852-3371487025-2257261009-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BBD50584-789C-4338-BD79-FDF22CD2C285}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBD50584-789C-4338-BD79-FDF22CD2C285}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully.
Starting removal of ActiveX control {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
C:\Windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\browse~1\261339~1.144\{16cdf~1\browse~1.dll deleted successfully.
File move failed. c:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll scheduled to be moved on reboot.
C:\Users\shadbolt\AppData\Roaming\Babylon folder moved successfully.
C:\Users\shadbolt\AppData\Roaming\DriverCure folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >

Results of screen317's Security Check version 0.99.64
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
JavaFX 2.1.1
Java 7 Update 21
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

# AdwCleaner v2.303 - Logfile created 06/13/2013 at 09:34:11
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : shadbolt - SHADBOLT-PC
# Boot Mode : Normal
# Running from : C:\Users\shadbolt\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\user.js
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\DriverCure
Folder Found : C:\Users\shadbolt\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\shadbolt\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager

***** [Registry] *****

Key Found : HKCU\Software\5d2d88be13dee14
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\BrowserMngr
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\5d2d88be13dee14
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BrowserMngr
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Found : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Found : HKLM\Software\PIP
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=111813&tt=120812_bandext_3312_4&babsrc=NT_ss&mntrId=646be12e00000000000000225f0f668e

*************************
  • 0

#7
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there, well some of the baddies have been cleaned so lets get some more :)


1. Run ADWcleaner
  • Double click ADWcleaner and select Search
  • The search will complete and a log produced I do not need to see this log.
  • Back to ADWcleaner and click Delete and O.K to remove malware.
  • A reboot will be asked for click O.K
  • On reboot a log is produced. I need to see this log

2. Junkware Removal Tool
Posted Image 1. Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Right-mouse click JRT.exe and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Things I want to see in your next post.
  • ADWcleaner log
  • JRT.txt
  • How is the PC running now?

  • 1

#8
hellomut

hellomut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi things seem to be a lot better, but I seem to have another two problems I keep getting windows opening one says sysTPL has stopped working the other says google installer has stopped working. Here are the reports
# AdwCleaner v2.303 - Logfile created 06/13/2013 at 17:11:23
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : shadbolt - SHADBOLT-PC
# Boot Mode : Normal
# Running from : C:\Users\shadbolt\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\DriverCure
Folder Deleted : C:\Users\shadbolt\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\shadbolt\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager

***** [Registry] *****

Key Deleted : HKCU\Software\5d2d88be13dee14
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\5d2d88be13dee14
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\Software\PIP
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=111813&tt=120812_bandext_3312_4&babsrc=NT_ss&mntrId=646be12e00000000000000225f0f668e --> hxxp://www.google.com

*************************

AdwCleaner[R1].txt - [2522 octets] - [13/06/2013 09:34:11]
AdwCleaner[R2].txt - [2582 octets] - [13/06/2013 17:10:50]
AdwCleaner[S1].txt - [2606 octets] - [13/06/2013 17:11:23]

########## EOF - C:\AdwCleaner[S1].txt - [2666 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista ™ Home Basic x86
Ran by shadbolt on 13/06/2013 at 17:43:52.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{015DD16B-7592-4040-BB66-1E8F22851FE7}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{0185E8FF-834C-4C52-BC23-F09C4468B3BD}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{0249BE1E-A845-4FBE-8059-F1648B7B8644}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{026ACA83-D523-477F-BB96-471388329F67}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{028DFC82-4131-4CAB-B592-6DD90B8842C0}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{029CB130-FA6C-447B-B645-AE81710E645E}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{03127389-1E92-4C07-8695-C7E770A8938D}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{0379FB6C-6E1A-4556-B309-F208A94BD59B}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{0403F90F-054B-4873-81E1-844BCF8E81D3}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{0449CC37-BCE3-40EC-9ED4-BBDEB88120BA}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{052B8CC4-1C18-4E21-AE05-7FD0898B28B1}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{05343D70-EE84-449A-949A-98CD87F55021}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{0609BA3D-9FDE-451E-831F-A0CFB08C6601}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{06A2437C-13A4-45AF-BC6E-6EFE04A78839}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{078100FF-AD9A-4601-AE73-04AB9962527A}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{079DB76B-1213-448F-AAE0-61C5C5034FED}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{07AB24BA-FDBF-45C9-9E26-6E3BD9F7EC41}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{087D2780-F379-4C9E-BE25-2BE70E44E4CA}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{0A30ED01-C3E3-4452-AC61-0736C29B1897}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{0A731300-A38B-4E92-8197-ACB60FBABFB2}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{0AC99C31-4A06-44BC-8FCD-3400F8B480C7}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{0B533103-A926-42E4-9711-17CEC34C3B32}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{0C145AF7-A2D1-454C-B4FC-B70CA0C5002F}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{0C58A803-ABC7-4FE1-94EB-B628D526BAB5}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{0C971F3D-C29C-401D-9036-0D950E6DB067}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{0C9AFF78-0907-4251-8EEA-3351F66D78E4}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{0C9B30E7-8809-4DC8-9A4E-A769974F1121}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{0CE3E7BF-FDE3-43CB-9540-4936B2CB6319}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{0D489F5D-E408-4179-81D2-FE1EE22C548A}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{0D55211B-E2D0-423D-8562-E5F1DD7D0BB0}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{0D7CD713-BD38-44DA-819E-5F290A1355A7}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{0DBFEE45-2411-4634-B473-B7D9F0146A4B}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{0E682857-E0F6-49EE-A56D-DB8D731BFB03}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{1056907E-54A0-411D-ABE1-EED761C0ED2C}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{106D9A89-5821-4831-892D-9BE96698B221}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{108F665B-A16A-4054-B95F-663DAA5997AB}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{10D08C1B-D468-401A-B4A6-F57E248BF932}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{1119AB6F-F0FD-47C5-82FB-20007CE5E91D}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{122408F0-4822-4D31-98D2-2A015093D8EF}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{12DCA36B-F022-4F21-963E-5E481FBF21AD}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{13645538-3137-40E2-A6B3-58E15ECD7AF6}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{1386AA3F-C847-4271-8770-EFB2C27C4107}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{1394C1B5-4EAA-4A6D-AEBD-807E5F1FF4D6}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{15074D81-2467-4FDC-BB8D-33E45CDDCB15}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{1616B977-4552-4EC1-B542-EE0CB83696AF}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{1648262F-A2C8-4640-BAB6-A1741A7398E6}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{1682C38A-56E0-499F-BE29-232F1E215311}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{16AD669C-3BAE-4AEF-9564-880629EA5830}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{17E32BA9-C717-4B1F-9BF1-F0BBEF837ABD}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{18E6764C-A76B-4506-8454-85FA784D85F6}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{18F1A3EF-B594-4186-900B-DE08CD911BC4}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{191486C7-162F-49B2-A432-406A76E5F1AD}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{196D31C1-464A-4EE3-8278-BCA8DB27D84C}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{19782F1F-93A3-4207-8E1D-2B5BAA881532}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{1A6B77F8-65AE-4797-830E-6A2242FCF083}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{1AD24F0C-15EA-41F3-BE8F-05AF7235734D}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{1AD5059F-B604-4B30-8629-E2DAB9C9F420}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{1B4FB213-4E8C-4F99-A4D8-5866437F5EA0}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{1BAD4050-5B99-43D0-99D2-FC97CDDDAE07}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{1BD74F94-1CB3-4C20-BE6B-6FD8CAC434FF}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{1BFE2C14-60D9-4280-97C9-AACB572E1E28}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{1C0250A0-65B3-4C56-A055-B328D55C23C5}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{1C7DBF80-F8FC-4E8F-8571-F8397D1A2966}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{1CCD5B57-F0D3-4909-A7CE-E5D75E597AB2}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{1CF6DC55-0DF1-4568-AF70-5F0635881AD9}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{1D075C84-56BB-4740-9894-23526A619978}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{1D20757A-24F2-4CCD-A7AB-A6BDA6934806}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{1D7255D7-AF0A-4574-99AC-DBC92068B419}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{1DB288A1-A7C6-4695-8BB0-85B580AAC193}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{1E635595-84F3-4AFB-AA4B-B9D075A39CFB}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{1E8A64C4-7154-437B-B519-4781C4E9CDE9}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{1ECEA9D7-605B-48D1-9DA1-816C423B8B25}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{1F258DF7-42B7-4DCD-BD80-E6DD7F4E8BD8}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{1FE8CF8D-4F20-4DAA-9C6B-0E0C686C0F8B}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{203E557A-C792-4451-A027-37675383C4FB}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{207F85AB-163B-4673-B747-CB3A5F9905C8}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{209DB232-227A-4CC6-96E6-C9651F77ADCF}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{20D736A4-96A9-4BCB-9E9D-7CCBD7CB2788}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{20E2EAFC-C5BE-4818-BE9B-BD85BF33D87A}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{21212ACC-B1BD-4948-80BE-FB1025ABB774}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{213458E9-572F-409E-86DA-76B3F626A154}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{2193A3DA-7791-48E1-8384-288E329B06E6}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{21B0999A-B824-4B3A-BFB0-DE83531196E3}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{21B1CCEB-F611-43EA-8814-4697DE7D979C}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{21E1549D-BA45-401E-A6A1-077F8359EC51}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{21E22288-48D1-4704-A32E-65B60AB89A71}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{22336AF0-3372-4310-B2BC-A274C41C12AF}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{22AAA391-9663-4D75-AFAD-243EDB1E85B6}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{22BF7AB1-B12F-4F5A-8D2D-C21BD362AF17}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{22E6A206-3BA5-4B97-B6AE-D9E6C8891400}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{23278ADE-AE4D-475A-BA0C-D1845FB42678}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{2379FACB-D7B4-49D7-BE9E-FB1C31E36630}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{2452ABD4-C959-41C8-B2AC-0C0DDDC7EF3E}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{245667B7-FC31-4FD2-9CFA-1BA7DFA4F9E8}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{258AF0CA-E4A3-4D2E-B9B7-317906E318A6}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{2651351E-1596-49AF-BAD0-7C175A3143E2}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{26CFC332-64F6-4C5F-BB87-5A7FA94A4376}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{26D03172-206A-419D-95F4-20DC1B236629}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{2730F039-30F7-4D26-B98B-DADA1A2A0E2E}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{2972F9C7-CE2B-4616-A618-69E2BFE564C0}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{29865C55-89FD-4471-A1FA-C8C0464CBEBE}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{29E84E20-F989-445A-A930-AA430864A869}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{2A40C609-EBF2-4B76-9D6D-CDB313127AC7}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{2A88ED00-2DDC-47EE-BF02-26891E1B5AB6}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{2A961329-C532-4ADA-8639-16BCD55C13F9}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{2BA00491-8BDB-4C45-8EDC-7F32DD0EBA3E}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{2BB942D5-8C5B-4728-908D-7251A5428596}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{2BC2C161-63AA-4A9A-8BF9-5165780CFD6D}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{2BC65155-9D5A-4515-BB81-79DAE530EC8D}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{2C0F2FBF-6229-48FE-8386-34803D40ADE8}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{2E360C21-D5D7-436F-87D8-480197B3A8BD}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{2EE2569F-8780-447E-B341-7128FC5C30AA}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{30557456-4D89-474D-BD79-68ADA7F9D178}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{30BB7F66-AFED-4940-9809-2D1035DFECC8}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{30C3E86C-BED1-41AE-8E62-46736CC70449}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{32004EB3-5153-4A18-895E-009BC55678E3}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{32B564F7-1601-4007-A5F3-7871C1BFAD78}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{330B1AFE-7683-406B-BB96-D4DA42DF38E2}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{33262F46-85A6-4076-A6B8-0840BCEA1B00}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{343B8305-D381-4953-825B-14648215D1B3}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{34C6CD4A-6980-4151-87AB-810D3EAA7478}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{34D080F7-C9BF-4166-AB6C-65BFBED45EDE}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{35B2EEF2-E1C8-4E4A-864F-009106C10BB4}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{3646B0DE-15B4-46DC-94F0-647E26D8D411}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{36DCB927-61EB-4144-990A-C816EEDF01AF}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{36E983A0-6611-4318-8637-80CEB7BC65C2}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{37B086A4-18B0-470D-B36D-F7340D637F0C}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{37D931A6-B14D-4110-8C54-60F66C91E958}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{381C104E-9A63-4CAF-99E4-E155EA5D7FE3}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{38B73524-868B-428F-B009-74981D7E3A02}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{38EBD31C-0AA1-4015-A6B1-DF18CC708967}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{39CBC1C5-6A53-4E97-876A-0B872D1D6293}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{3A5BC881-92E0-41D8-A5DB-3E1CBE0688BE}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{3A72B7FE-F6CF-4C85-8A30-0FB2F9E741AB}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{3A8FA3D8-0F7E-4530-B670-512A97E63931}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{3BC5C9E6-08E5-4AE3-A5EE-30C6C43CEDA1}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{3C3841AC-5D7F-4DCD-A3B4-80B67396EE6F}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{3C69C2DC-1ED9-4917-9461-D8FFC2F0CB1A}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{3CC61238-BA88-4C9B-95D0-F8C2C9F2BE87}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{3D531B45-A327-482A-A6A6-6600311A7B32}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{3DA70756-47A8-4A0A-A193-2543351A0063}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{3DBAFA1F-79DB-4562-9F1F-0EEDA2820186}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{3DDE341D-E9E4-430E-BF67-6D6D1B866243}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{3E4116D7-231B-4A46-83CC-FD35ACE67489}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{3E7314A9-0EB4-4FF3-8F32-B34757F1CB30}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{3E7F1C2E-6602-427F-87AA-4E97DD55CB03}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{3EF761A5-8FE9-4CC1-A80E-B4F4A4BD3EBC}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{3F656AD1-700C-4459-8B82-126D20832065}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{3F66F328-D68B-416D-9903-27C01D360439}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{3FAA215C-E7C1-470E-89E6-04FA6356F22F}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{3FDD5AA7-5036-49C6-972C-B4571E0E23CB}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{40BAF62A-3710-4B7C-8C8B-D4ACB9732419}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{4111A604-DF0E-49C7-ADA9-6039BB6F9E99}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{411BBADC-E5D4-4F54-ABD9-3433D86A472C}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{41268256-2F9E-4FB4-B810-1BEBEFD07326}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{41A345CF-3619-43BA-AC31-A91D5BFC9513}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{41D8EE74-1867-44F4-9347-E6B0A1ED977E}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{42BE9230-E12C-4CDA-8D6C-2380FCEDB379}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{42D9F196-E417-409B-9E2F-42F2F8460C5E}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{430FBE30-5736-4F2B-BC27-74CAD71AE36A}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{433B5F41-D5E7-4BEE-BE5A-EAF80136486B}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{445D1405-E9EA-46E3-98B4-C62D4ECE6CB2}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{4467CA86-4470-4EE1-B837-13644C07A588}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{44A57255-7FF5-4855-B7B8-D3A95659EFFD}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{44F498F3-A784-409A-A013-8E75EBC4BEAF}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{466B02F1-E1A3-4206-98F2-A6541C48A7E3}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{46938A6C-6CDC-4155-8465-31D41D84A877}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{46EE2E3B-7672-4A65-B5D4-4B9EA5B4AA6B}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{476262B9-B9E5-4D12-B9AE-5BCC42E82A7D}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{47713770-B81C-4A60-ACEA-4EA1AAC53B74}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{490C8E3F-86B2-4352-B043-ADDFF2C28BDC}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{49814E56-0323-4110-8F9A-B756574EFE6D}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{4A4A35BF-0396-4754-81AB-1B497FC43F21}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{4AB91FB8-46D6-4354-BF6B-FA5A727F0D7F}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{4B24762A-E971-48F7-80D4-6D003090258C}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{4B451A39-B03C-4682-81A7-3ED7BDC45D11}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{4B9DC99E-1D6C-415B-BCB8-1504AD1DC20A}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{4BE1F67F-A33C-4481-A6DA-A842A4F05EFE}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{4BE3D5AC-559F-4CD7-B079-648D563C801B}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{4BEC52F0-4372-4997-A30A-A38039F75802}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{4C04A2AE-6605-4B05-A351-9C440EF3ECA7}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{4C9EF402-EB64-48DB-B8E7-B82B69B9C7CF}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{4C9F22EF-F957-4539-8DF2-DE6E7EA8899A}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{4DA6214E-37BE-4A04-AA62-3D78DAB964D2}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{4DC5A31C-CC49-4A3E-AEB4-E79CABCE32A5}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{4E2486BF-6482-4DF7-8F36-7ECD2A3252B0}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{4E7AB463-C3DE-4D5A-9FDF-C85A8F133665}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{4EB725E1-D06E-490E-949A-5A98FDF7BA51}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{4EF5398C-E214-4F64-ABCC-16B2244E6FC9}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{4EFF7829-AF1F-43DF-9093-984A75A2BFA3}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{5038E685-2B37-4550-86F3-9138739E073A}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{503CEC62-6430-4E0E-B06B-677472184940}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{504203BD-E789-4E08-A79D-43C532784ECB}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{505D6DCE-3EB1-44E6-A3B3-3ECBAC7F691E}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{508C4D10-1C71-4BE3-B578-036E5526B568}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{50EAEFC2-84D9-4E34-9DC1-6BC2261E784F}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{51A865E1-6338-4CB8-8632-9697A462298A}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{523F70DA-EBF1-4FE4-8229-1E7DCC829A13}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{52547F19-2111-4AF0-9BEE-58D24697C8C2}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{52E03799-22A0-4043-9A8A-3157C2915010}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{52E285C4-C791-4D47-8AAB-3275E5D7F844}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{5314C50D-9CAD-47E1-A724-0BD0536BEC01}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{544D0F9C-50E4-4130-A26C-108153EA2E8B}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{549E04AD-8211-421C-A186-470D184459C4}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{54FA86D8-DB0C-4342-9E0E-59DDC272B046}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{553A97F7-9358-4260-9851-3F20E30F5505}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{5549F364-FD98-4769-9344-EBAC4E0A51C8}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{55C1289D-6BF2-4DC7-81C2-EDE100CA8D61}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{564728A4-E761-4725-9057-0E1E7F7EE730}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{56AF462A-249D-431E-BB1D-8EC5A0E45E90}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{57068CEE-D6F1-450F-AA33-382B6183CEEE}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{57A615C4-95CC-4689-84C6-EB6DAAB12F18}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{58C1848F-4FE6-44B9-B875-A3DEE1203402}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{5970A805-5A85-4518-B256-4F7575248D57}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{59AA2332-FFC1-42D0-A3EB-7FD9E5227D41}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{5AABF218-C858-4C65-9526-B3C80370CFA1}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{5AE5BE27-C879-4521-B6B2-F74BBD6575DF}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{5B26C4A6-A9D6-44C0-8B76-F04F3071E50D}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{5B5E85BC-ACA5-45A9-9C25-8EDA6B951008}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{5BF6FCCA-D00F-4E73-B291-0577373F4091}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{5C1714C9-130E-47BE-A20D-D1F79A9E4835}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{5CAF6AE3-3E70-42CC-A1DB-4866F8E86EC8}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{5CD107C6-9398-4166-9F9D-8D102479654B}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{5CFFE0D8-9D40-484B-873E-22C4C582CD9F}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{5D025717-3E43-4966-A549-8CD47B475DA4}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{5D4A5202-9A82-46FB-B970-95BD5D52F021}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{5DD91218-66A8-44F2-A123-78B5E5E67B32}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{5E292CA3-8FEF-436F-81FC-08D4C6CA109F}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{5E3D6B9D-0220-4D00-8476-318538F89EAF}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{5E9C9015-C670-4932-A07C-9AF13E2F3B19}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{5EACA7B8-985A-47D7-B496-31CD351B006B}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{5EDC115A-BE3C-4DFC-83E2-E8B430EAA392}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{5F9EC753-1398-4160-B750-C01ABE5EDA58}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{601F6873-A7A6-4182-9B15-ED197C20EB37}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{60A59761-7394-4CC5-8EAF-4ADF1079BA7D}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{60AA36E1-FAC6-43D4-9BFF-B0FB2A28E766}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{61055AE7-F9C2-4CC3-ADC7-828AB066456E}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{6155C08E-80BC-48CA-A3D2-78D6D462766B}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{619578E8-68BF-4C22-B9BE-A5A5F664CF45}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{628DA3B7-1B09-42AD-AD10-43CA23F56EC5}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{62A3D471-7D9E-4D79-B4AB-1FD8A0268E98}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{63C1B272-E7A9-4F27-828C-7049DBA22685}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{64244280-6C85-4358-A3D4-CF7C565C70A8}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{6427BF6E-AD97-49F2-B143-A25DB5443CFC}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{645AC757-5B2D-4CD5-BF3E-9DD73DD62451}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{645C6C64-DF50-472A-91B9-B3C84A136495}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{64B59DCD-2805-402F-B330-F5168D4E5AB7}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{652DE2B6-40D2-4B8E-8CE0-CE67B26A2904}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{6644E3EA-62A4-4F95-9F90-261FEE85618E}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{6658F3A0-16CE-43DE-A3C0-5BC902B709B6}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{66800B27-03CE-4B17-B23C-83D372F2FDC1}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{66A3BF0E-168B-452E-AE1A-9020F8710E74}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{69B2A707-E97B-467F-B243-63F09DD3C1F7}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{69EB562C-F5EB-4441-B590-706E7752CD28}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{6AFF181C-DC1E-4A2C-9C0C-965B9481EFF7}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{6BBC384B-69E1-4D40-B906-B4D79F630978}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{6BD4AFE6-0868-4F5B-BCEE-4E0AB8945FBC}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{6C5CFD70-154C-4E36-83B6-56A984DCA8D1}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{6C79CD61-E743-442F-9C04-6530E2494682}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{6CE4F437-D37D-48AE-956F-9B314790836F}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{6D560EA4-EAF3-41D7-A07F-F17FF328DFE6}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{6DD39047-FDF2-4BF4-B93C-B2E9FE84EF7E}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{6DE9F32D-B92E-406B-A316-8E104EFD8DC7}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{6E719DEE-1F30-4495-9392-026486CF1F59}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{6F2D5911-941C-4F4C-A04A-1BFC9A759A07}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{6F33DA2A-6A4F-4CEF-A21E-E0EDB22E6DF6}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{6FB42FDE-0C44-4B57-911A-8F343A25BE15}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{6FFE4E50-C8ED-4B55-B39E-8A3B8F3E3787}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{70341B33-CE66-4727-9C96-8ECB29B9FFCD}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{707C911B-ECCF-4126-A8F3-77F9B4F236F7}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{70C86582-6A89-4A6D-ACE5-4F7AE8E7E387}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{70DB2EE3-3BEF-4F50-980A-2FE00C7D1203}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{71822A66-F0FF-4124-ACC5-DA8BF40484F9}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{72E4CE8F-011E-4BA0-AF47-6F4327307970}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{73C0420D-600C-475A-93E1-8E38CC1522E7}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{7524DFCE-BE17-4846-8882-CFF2A79074ED}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{757D7784-E834-49BC-B1CE-032080BBD571}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{7653F5B0-447E-47DD-98F8-E6642B9FD2F2}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{76D0DA03-2D53-457A-9FC8-0CE357F28FD3}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{76E831D9-00CF-468B-B468-AC1945A3760B}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{7777E13B-B10C-481D-AC50-DBCA4E7C52AA}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{77C5A730-BC36-4DB9-9A0C-557122EBBA01}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{7815C459-0E0E-4785-BF28-82663521634D}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{789D086D-BEF3-4C20-AFBE-17066EB0DD78}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{78C33044-E132-43C0-9FD8-8452ECE258A6}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{7901A83E-989A-49BF-9186-53CB6E6D5EAF}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{7A4C5D32-BD4A-4A98-BBD4-66CC207C1072}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{7AC108D8-5277-4148-A321-E2B61FF11CF0}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{7B714A15-9E92-438D-9D02-B32D8A6700C5}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{7B96E32B-F31E-459B-96C0-46CD422630D6}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{7BE70DBB-E520-465E-B9E3-66B64EA83712}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{7D5FFC47-3D6D-44B0-AA9B-3C5318A542B2}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{7DA31BCB-DF95-4705-9E96-3BD5028792B3}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{7F0B701F-00C3-4088-9195-816AFAF917D8}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{7F2D64C6-57BF-4C66-B807-EE595680058C}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{7FE8DFE4-7A0A-4A7F-A9BA-2893C1CF746E}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{7FFADC83-029A-4749-96F9-81C33BF69594}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{80B7E811-4BF4-4369-8D54-F3E637CD7C14}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{80D455D9-8580-49F8-98BD-41D671551C31}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{80D7929D-65BA-4232-9953-A426AB4645FE}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{80EA589B-0EEB-429D-86C3-72623EBABF62}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{8162156F-7E73-4CEE-8248-0C8DC52F2EE0}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{81FBECDB-4AB2-4288-A27B-A4E903BB4B50}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{824D0BC5-E3B5-4892-8000-266F9C5A348F}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{826774CB-C6A4-4F53-9D34-0A4623718A76}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{8288304F-0CB7-4356-8F62-6DE58550C89F}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{833116B4-8323-4DE6-A5C9-6690444F2383}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{83DFA55F-7FD6-41DA-A2C9-8E1FA7B8E5F5}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{84244BE1-2A1C-47F5-9B21-66022E6EAF9A}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{844C0FA7-9B3C-4A6F-8A8C-1A3B6112A96E}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{84513D2B-48C7-4C2C-A3BC-8D528B83D9DB}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{8584AA0D-ED37-4695-A868-A64A493297F1}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{85EAE124-E9B6-4573-9A55-E389244618A1}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{86748CB7-FD1A-4EB2-AC54-34A3BBF96805}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{86AA516B-0005-4CD9-9945-A400C050D660}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{86F195C2-CB3D-40EF-9F7F-C3406C3A3ECF}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{87E27B50-8B4B-4C3E-AF6D-D2F713D4895F}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{88055AEF-E85F-45E9-923D-22B4CF3C3BB1}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{883B0331-14BF-44AA-BE59-32C7C7451102}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{887ECDB5-27E8-4308-9C19-AD541BDEC654}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{888C493E-BDB6-4BEC-80CC-0BEF5C3C5803}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{893906DC-30CE-48D6-8272-42EAD34FCEE4}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{894EE27C-FE97-45E7-8D73-95D501B10023}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{89A3EFF3-E4A5-403B-827C-1D1A1E4A7C94}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{89E24385-D5D7-42C2-8818-35C969282848}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{8A49E4E3-3502-4817-ABEA-DF63C858DEF9}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{8B28EA6E-BB07-425B-9C87-A2D00B189C50}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{8B725629-29EB-440D-AF0F-C8E82B78EEA7}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{8BE25DFE-EA96-4279-A9C2-ED3AA01FCB54}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{8C1D1CA8-23B0-437C-82FE-4E294682D5BF}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{8C3CCE6D-70F6-414F-BD1A-1FE9D6777A84}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{8C8164D4-90AB-4D43-8E24-C04A59F160A1}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{8CA141B3-9999-45FC-8A74-7AA25EAFCE0A}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{8CAE12C3-FAE8-49ED-B3A4-0D760864091A}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{8CD8E2B8-3933-4E29-931A-7DECB31ABC17}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{8E6357F3-D83A-4D11-9586-E4B8B89A34DE}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{8E8E1087-D250-45BE-9021-C065CE5CEB92}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{901B3E29-929B-4A71-B614-375274B016D3}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{902CA05F-662D-45D3-AECC-301C276250ED}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{91301BFA-9F6A-4322-B53C-7CE6A8911F06}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{921E4798-CD6A-4692-A51E-58F1EA80A299}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{92FFFCE2-46A1-48B3-AD6C-4AEF0E4902CA}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{93718DF5-E3E3-4DD0-B5EA-D8A5B21AB91D}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{948804BF-4961-4723-8A0C-E6403546A9F0}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{94D4580B-984C-4FB5-A316-69BD1B666648}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{9566C341-510D-4842-BF3E-7008C8EA2C36}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{96289A07-AA39-4B33-8A71-57C42D3DFD47}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{9631A35B-B249-466F-A9FD-C7D724AEE093}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{975EFCD9-AA61-44B5-9984-8B0801E2B59A}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{97776E73-DB84-4ACE-B273-4175687D0D56}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{98B8EAC5-EF86-4F46-B497-FA2E53021A5A}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{98DF69A4-3658-400F-9FC7-B508DFA505C9}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{99C02D32-E953-4F9F-A580-ADEAE93EFA22}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{9AA868AA-AF9B-48B1-BE4A-9A8F72593642}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{9B5FB165-C3A0-498F-8A22-870523256C34}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{9B8E4059-C22B-4907-B06D-F805B7F7846B}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{9C05B15F-1505-40F8-AFE0-A9E5F5D27478}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{9C28E9B5-2D38-4245-A057-B5A7DE54CF63}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{9C3E5B44-873D-4698-88A8-7E88A7697586}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{9C501119-E4F7-43B3-8D78-4C72171F86FA}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{9C7B1A37-9904-47E6-8578-C6B0F64A0847}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{9CD0CD09-6384-4C15-AE61-D989515F5D50}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{9CDE3A31-8A0C-4FAD-9264-555B956E1E87}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{9CE58A91-C8BC-4087-8B47-E718986C5F23}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{9CF1D730-AD0A-47D5-B156-A25E1F9AA1E5}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{9D0015E0-FF00-47AE-A0F1-969A856073BD}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{9D23EDED-69B6-4512-8EEF-3ABB239E53B2}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{9D329B55-7621-4A54-B0A8-AAFDA0C5C776}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{9E7A5507-978E-4A95-B193-6C86A3762AC6}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{9EA172FA-C4F4-40A0-A2E8-B7860168EB13}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{9F34195D-CC00-4488-A354-F319B1F964EF}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{9F3CA7F8-B50F-494F-937D-F9F087B21220}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{9F7A1C0A-5698-4BBA-B142-0092EE0AD735}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{9F8BABD9-23F8-4E24-9D67-16B96EC0F4CA}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{A035050C-996C-4286-913F-97BFD56A04A2}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{A0B761FF-C446-411D-9A13-E40568B80C3F}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{A15AF572-3810-47B8-A7B5-AE4EC4240CD1}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{A186DB23-9DC7-44CB-B0E5-1F79F61002C7}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{A1984C40-91A7-4913-818A-9F7C79027B47}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{A2E76803-702C-47F0-9E54-0C8E3E969EB6}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{A32394F0-B8AD-4303-BC42-A9E00CB25B75}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{A32728FE-2D05-4EE4-BB1C-6147ECB054C1}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{A3596D9C-E44D-4588-9A86-A9E8021FD3E6}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{A4C8188E-7E27-494E-8AAE-3A4DE32817D0}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{A50284EC-CDBD-43CE-AB76-1926DE93A992}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{A51DBD69-C8A6-424E-93EA-AB08E6284A02}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{A54D1C85-DCA6-42B7-A003-F7D7134D7B8E}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{A5AD0016-57E2-481D-B5D4-940A7DB14E94}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{A5C805F7-08CE-4259-9668-475D251C0F1A}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{A5E3B8D5-286F-4935-9081-ED46AD846EBD}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{A606C534-8431-4E06-BE20-0E036D05A22C}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{A645809F-E246-443C-A45D-86962168D0A8}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{A673DD5A-2105-4C71-8BE9-81872BE2E151}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{A6D3F4F2-28AC-48FB-B3B9-3AAB936F8439}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{A73E298F-7946-49BB-BFD3-02DA8687D596}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{A84EE4A9-CFA3-431F-B8DC-244EAA45D5D7}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{A871FEFA-9997-4AA9-BBB5-9C950ADF874C}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{A88305B0-3877-4CDE-AC43-603FDC340303}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{A8B4E4ED-E0E0-4983-B357-400C693C5946}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{A8C28BCE-EA41-4AD8-9D6A-085670CC25BA}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{A95C6921-3B55-4CEC-BC9C-EF0C6760DD7E}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{A9A3BFFA-643A-4B65-BD07-6C6F7706E434}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{AA03BD7E-560A-4C56-B727-0250AE450782}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{AA70881B-DEB8-4D96-9D55-8CB1CD03683E}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{AA8B1F87-101D-45FE-917B-216F2E33B0C0}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{AB011CD1-958A-46FD-80EF-F5042CF35528}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{AB2939F5-0A19-40CF-BBFF-1D1B689C48AF}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{AB58EC69-0C07-4779-AFB3-5C88DCBC0F2F}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{AB5EC042-4372-47D7-8A58-E2414709078C}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{AB885F36-664F-41E3-A20A-7E5435DEA671}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{ABEA5CF2-24E6-48D6-8B3E-53F71340C0A4}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{ABF82168-F354-4FEA-AD45-6A8070E26ACB}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{AC2C20F6-2387-459E-9DEB-0C81CD05B3B0}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{AC347F2E-3A70-45EA-B7D3-66C0DC3DB471}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{AC6E6227-6D3E-4B85-8788-10417AA337D0}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{AD1E0B4C-CEA1-4BB3-BFE7-9FC9C97FF9BE}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{ADA4444F-67B9-40B0-9284-385926FEA616}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{ADAD97A3-3072-45C3-8982-2AFCF5FD8B3E}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{AE3CC251-B739-4295-BAC0-2552061505D1}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{AE44E460-F24F-4868-BB90-947A53F2D825}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{AE99DF0F-72F0-4BA1-AE92-537403D1B8B2}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{AE9CD707-4F6E-483F-A2E6-28E91FCE2A7C}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{AF27A1D3-24E8-46C7-B162-E0AB8338DE72}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{AFD759AF-90B3-4D33-9B78-0DD176588180}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{AFDD72D5-3DFB-4D01-AF5F-831BD6A5CC09}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{AFDDD98A-D121-48C2-BFAC-FDFC8F081259}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{B0BD0E73-B2F2-4ADE-9791-EF7B69FA3F3C}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{B1B63FEC-B346-4CB9-8FEB-0B6CCBD7086A}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{B1F0AE30-FCC8-49BA-8121-6A593D0BB8CF}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{B32E5090-DBE1-4C01-AD82-9474CD1C2022}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{B3767F80-EFEC-4625-A9F9-636036D02065}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{B3C5B008-3FBA-46AD-B584-60CDC87FEFAE}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{B4203178-A694-4A39-AF6F-418675A625F2}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{B43D0CBD-C784-4082-B20B-BB9B6C5C3774}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{B4AEC558-01E9-4505-8026-F5668F3CC146}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{B52E72F4-C327-4FB7-AB98-66A6E07C329D}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{B55B8E80-737D-4DC4-B73A-0012253EAA98}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{B5A3EDFA-A960-40FF-94E6-ADFE7212B0E1}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{B6364CCC-0999-41D9-BE06-830BB4099503}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{B64D4BBE-60E2-44BD-A797-500F95F25D45}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{B66B7733-C86C-4D36-9576-80371F923E2A}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{B7383AFA-98AA-496C-A2C0-3C9488843A12}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{B7BEF51E-9ADD-4AAA-A688-848F1AA84DAA}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{B7ED5544-FB45-4CD6-A868-305A4EFC467C}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{B802A252-5ABC-4E0C-8D2E-1AB5DE25FC45}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{B8C2A2B6-3BFB-4944-9D99-199DDCB89994}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{BA7340B5-F73F-435E-8745-D9B6A1F78EE4}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{BAA381E7-E57F-4878-AF14-8220A4CB5BEB}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{BB1876BA-AEFF-4733-9B7D-A956AFE82FFD}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{BB3BF1A0-22E1-4188-A6FA-1799DAE7C9C5}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{BB973CAF-0C0C-49A9-8CF5-1AE63650926B}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{BC065A2B-EB8B-47C5-9EA3-6A7AB4ACC992}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{BC112FF2-DE6A-4D55-B98B-6F0303717EAB}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{BC16352C-4E0B-4326-A33F-F49A372B9CF2}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{BCB28295-C11A-469E-A8B1-DE23AD38F312}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{BD3E6A04-8338-4401-831A-A3204A8C8864}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{BD589C33-B095-40ED-AC63-1327D5BA8AFA}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{BD688908-EB0F-4593-A9E0-A2FB04651955}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{BDB233FE-AD0E-45A6-97F5-FD22F9F57031}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{BDBA37F9-8941-444D-B57F-6B420984BD13}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{BE5D08B1-2756-41A0-8EFD-16E408A85A24}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{BE7D2005-0D6A-4909-A1F8-DDC39A4124EF}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{BEB8D84B-D87A-4C54-BFEF-FF51D9AB239A}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{BF3BC1CB-1657-40AA-AB07-07AD1AEECE3D}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{BFB232C2-0FB8-4D55-B96A-1DC7358D1153}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{BFC888D3-FD6B-4FE0-BFD5-49BC33B7F233}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{BFE98C23-1EA5-4258-BDFE-D7BDD1D169D9}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{C00F16AE-549B-4357-8D16-32078E9E0B0A}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{C0340D51-DC9E-4A48-9AA1-C148F3B6CE55}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{C068D539-5920-4B15-B883-DE413765CD94}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{C0EACC7A-9676-4DBB-94E4-773389845B59}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{C1673FA5-FB96-4956-983B-62DA0B1592DE}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{C204A705-C654-44F6-A5F5-69BABA5BCFFD}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{C22E7A89-BC1B-4263-AF28-7CF77C3D0D3B}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{C26A5070-0874-433E-934B-A9482F278191}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{C3377688-0F52-4DC6-8298-3D84A76739F3}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{C3626A0C-8463-417E-8A93-5681FAC3D801}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{C3645A23-704B-4956-B1D4-27141E9E8C0C}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{C371785E-1F3D-48FA-95FA-4AA695820213}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{C3901AF0-849E-45E7-AAFB-4A3364A1DB65}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{C39F8846-AAFF-43D0-8536-60F46E548AE9}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{C4486A69-3FE6-4429-911B-036F35125040}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{C55D377B-ABA3-4FF3-BAAC-903FFD11A0E5}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{C70C3428-C15E-44E2-99EC-C8C02E4A6067}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{C74DB5DE-1125-47E6-89E1-149E7E51E6C8}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{C7E27068-887A-4636-B105-1596B3E953BA}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{C8254EE7-5408-4C89-90EE-569E9F2DB1C6}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{C838287B-5EC5-4AA7-8F60-A4364C615C6E}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{C8CED7C1-3035-43FF-870F-0E2BE6FAD0E3}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{CA0F8136-9B93-403C-A791-1092069B5C9B}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{CA8CEC51-C3FC-4AF8-9246-971BA015F336}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{CB3DB66C-E1E0-4AF2-BB17-4DF8343147CD}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{CBC9EFDE-C188-4437-94C0-CD16B572F173}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{CBD76352-5916-4D04-8B59-B50C36516B04}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{CC4ACB4E-4CE9-4346-B5F2-F06EA65D581E}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{CC8CBF3B-7559-45EC-A8A5-F425E558DADA}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{CC9454BA-3371-45FF-B8E2-96640C4B4B22}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{CD04DF86-D338-4434-812B-ADCF0093B793}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{CD296640-F398-44A9-AD02-750EE0822F75}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{CD6007C8-B656-43F8-A802-0C62891F52E1}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{CD60B169-B7EF-41E4-9A39-E836166B24DE}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{CD788879-88F0-433A-AD5D-5A3D98C12A69}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{CDE1E424-1F00-4797-B078-53A5A66D5FF0}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{CE66D15C-F651-4567-AE60-E85B583FAF39}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{CEA85C36-390F-4B63-9B3E-8A0F3717B2DF}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{CECD888A-07F8-4873-8E77-DCA88D8E7E04}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{CF1529C3-542D-4CA4-A2ED-A8AC67E316E3}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{CFDACEDA-BC92-4D07-BAA0-1CED525E03F9}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{CFDEEC6B-6216-4600-9D04-50F470E0C57F}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D0405F2D-B918-4F54-AF32-08EAA85559DA}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D0735EFC-1E05-4E78-B89E-0C088A50223A}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D11F63F7-C737-43D1-A4E6-6408BBE039F9}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D140DBBC-54DC-48E1-BF6B-FD1411BAEC88}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D16FD8B5-9A6A-4DE1-9C95-8C610132C247}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D17DB641-3A83-49F6-B3DB-5C709E94F1FE}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D1C7CB4C-89DD-4A57-8315-065969FF5913}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D1D1AA9F-DA3F-44BC-9049-6F9C2644B901}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D26AF922-F80A-4800-B091-E908DC1D1D17}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D28175F9-1DD3-4935-82EC-364304A1C698}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D2BF1FA9-CCD4-449D-9997-491DBAA53B07}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D2C9A752-ACC2-47D2-A9FA-4515D6043104}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D2EF33EC-0DD3-40DF-B601-566D14EA1863}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D309C489-D6A5-4DA8-9F5A-E34210C2FB42}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D38E63FD-EA83-4115-868B-61E22F9289A0}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D41D9816-981D-45D4-A7AC-EDF973C76058}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D4321997-FFE3-4A08-9C56-59057E665E46}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D4AF3921-56B9-479F-A094-BEDC129DFF30}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D4E973EE-1697-4184-8145-973BF2AAADCA}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D4FAC32F-90C1-4562-96EC-DEEE5F84CCE4}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D4FF35D3-B95C-4BBA-98BC-32E677107230}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D504193F-B67D-47C4-AA22-A9CB2E8EDFC2}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D56E9D04-C0D7-4907-B23E-AEDECE6A137C}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D64FD8F4-46CF-4060-AD76-F75BA5A2A99B}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D6D67BB6-1B90-4B79-9829-5717C92ECB77}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D72041DC-22AD-4B2D-95C3-B35BB4C78132}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D72401D9-18B7-4A70-907F-8F892875492B}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D744CD19-5A3B-438C-82FB-4DF4A4FBB94F}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D7EA5484-FB9D-4696-BDA3-BB70B30B1E67}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D88879C3-368C-4FF0-BC00-B46A78123389}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D90C7675-1BCC-4BA2-8BE9-BC3DE35B4867}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D979F7DD-C725-4422-B837-5C13A763F8CE}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D99C6AE8-EA70-44F8-BB69-3C46686244BE}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{D9E08F76-7E3D-4980-8443-6B935F96F61F}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{DA18AA5B-F5C6-420F-B1D2-B58C3B404E3A}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{DA19AE08-DF42-487C-B8E9-4F05761D6D26}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{DA1CD98E-5FA5-4779-B35A-80AC868F54C2}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{DA2B5341-0777-4260-A073-E4523BB8B1B3}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{DAE43137-4DAD-459F-B4B9-8B3203EFE8DB}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{DB0EAFCA-273C-44D0-8B09-8B2F5640EE27}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{DB223025-1206-4B84-96CD-B4BD4BB83758}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{DB40E6ED-0081-40D8-A113-2DCBE1AE9737}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{DB49D98D-022C-457A-9638-A1A239C62D2E}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{DBA32946-4153-4D57-B69F-1EF29F019EDC}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{DC15E247-2AC4-4F6B-BDD1-51261608985D}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{DC530E35-FB70-4B6A-8862-1DDB3441A3E6}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{DDEECB60-24F4-428A-89D6-EDDAE4932BD6}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{DE68906F-A0B7-47EB-83E1-C22A59A446F1}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{DED3D7AF-5B01-4A82-9144-98E6BE503F8B}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{DEFEB504-7932-4CFF-A13F-E7E461A4F317}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{DF58E0BE-1FD5-4D1B-AC46-EA73BB72324F}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{DF58F7A4-9BFC-49DA-AC77-AD885F4B1422}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{DF6731C3-43D1-4B7E-B44C-242582522841}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{E05369BA-03F4-496E-871B-EB1B6248BD69}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{E05B9D7F-7866-486E-BAB4-9433065F4CB1}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{E08431B4-EF2B-4F07-855C-BA8CD4B85477}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{E173A235-CA35-497B-B6FC-BB9661CB32E4}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{E24CF07B-58FC-4F89-A067-54A2B5D0BC6A}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{E338DA8E-E058-4BBC-9418-D1E086C262BE}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{E34AB42C-4F66-4096-A23C-8A5DBF0F1E41}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{E3AD1691-518C-422A-8508-8564A9FDA20B}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{E40964E6-A1D8-4E41-8B5A-3EEEF165E7C3}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{E48AE171-7EF8-43AF-859B-1DC045AA4EFD}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{E4BED16C-ED08-4330-A830-3D9E638F69FD}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{E52764A1-A0C1-4C40-90D1-B19AC1200CB8}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{E56775E1-64A3-4176-9D94-8F4CDDEB0A83}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{E60E99E4-2A59-4916-AC0A-E5DA1097B0AB}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{E6300E8A-4D9E-442C-817D-8551898B4AEB}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{E6CE6616-4549-4FAC-B490-7B12B9ECB454}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{E7CA330A-11ED-4941-96FD-B372C6C1490B}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{E7FACF0B-A67A-4AEA-B522-80724EDE11CE}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{E81C7A65-008D-4E3E-89B5-FD3127ED25AC}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{E83106C0-1333-4806-A759-7E07B2FDAC1D}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{E985EA41-6E53-4126-AE4C-968C1F06933D}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{E9A9B6E7-8FEB-42A7-A54B-F682E47E60D7}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{E9C7551B-A248-4000-B3C7-B4606527130D}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{E9FEBE88-4DA4-499A-83F9-337515A9B4DB}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{EAAAF62F-7A4F-499A-BA41-036D18711357}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{EB536A66-DB3E-4094-952F-3D67D4BD4C7B}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{EBBEF61C-22C5-4FF3-A3BB-9CD188E8ECE6}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{EBEE7D1B-089E-448C-875E-F1439CFAA824}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{EBFE0B70-3040-458B-BE60-60D3E34B47C2}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{ECDD4E91-B1A0-4BB9-8EC9-61E97132143B}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{EE89C5A9-54FB-4E82-A8A5-04AB11C09254}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{EED59655-6164-4175-A210-0174AAB56EBE}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{EF866577-0C56-4CF5-AC15-C77DA269156A}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{EFCEC6E4-BA4E-4D35-90EB-A61A1231A735}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{F01B0C5A-DF89-4FCA-BA7A-00B0E37A9B3B}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{F04ABFF7-BB1D-4F6D-9D23-598F9923AC98}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{F26B412E-4C7E-4E22-823A-9A8DE651F338}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{F29CFD9A-231D-4AA6-B26D-6169A9013E4F}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{F3340B07-0569-451F-8F88-39CCC77E3866}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{F3E161EC-DB86-4785-8C03-EFD2FD43009D}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{F4B0D31E-4F24-4F3B-AE26-C23B14561C93}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{F63CC773-FB7A-48B9-B409-CEEAC2EA53F3}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{F65598F6-4CBD-4674-A0F6-66B0A5AD0F66}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{F659D389-16CA-4CED-ABD9-8A7A3539DFA9}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{F7047434-4DE9-42F3-A945-F9699D4410D6}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{F76BAFEC-A8ED-4597-B914-A376D26B698E}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{F779CA1E-2F3D-4C20-9E54-875513B1AEF9}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{F872865E-4916-4927-816E-A4CAE0253EE7}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{F8C27C96-470D-45D6-A748-401E2BE89B88}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{F8E43F8F-F737-4104-89A6-24F6B3509DAC}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{F9186FC4-6E9A-45C2-94FF-89B33879CA47}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{F9F637BD-34F0-4D9F-A19B-40EDF881E6E7}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{FA2D037C-D0D3-45FF-95E4-6FA72A58BD91}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{FA2F739D-66C1-415C-833B-263F05E15064}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{FA57D7C4-8EBF-4CF8-BBDC-0E99C1AC2C38}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{FA9BB3C7-36DF-49DF-9F2E-962255B0D4DD}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{FAE7CA1F-F6C9-462C-85BF-FB5F3E49E470}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{FB35BA0A-5589-44C8-AD9C-D85ABC7D6509}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{FBDD3D1C-58BF-4F46-82ED-FF7EDB0A42A0}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{FC15CFA6-966D-44D6-BFF1-4276CE352B04}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{FC1FB30B-E735-44F8-979B-299EE1D291D8}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{FC89168F-4AF3-43C8-9FA1-2306BAAEAE3E}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{FC8BD054-D86B-40A2-ACFD-CA1F60F4E059}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{FC935B21-E67B-49FF-903C-11008020070B}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{FE3843C0-8E5D-4829-92C8-EF99819361FA}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{FE813F0F-4FA8-40A8-97DD-0661A33B1585}
Successfully deleted: [Empty Folder] C:\Users\shadbolt\appdata\local\{FFAA62F3-1C2E-46D8-83B5-0972CBD019EE}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/06/2013 at 17:46:40.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Regards
  • 0

#9
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello to you. I am pleased things are running better. I did expect an error with Chrome we will fix that now and make sure all malware is clear. SysTPL may have been installed along with a Rovio download. I have asked for an OTL scan also to see what is happening.

Follow in the order given


1. INSTALL CHROME

2. UPDATE AND RUN MALWAREBYTES
  • Malwarebytes is installed on your machine
  • Open Malwarebytes select the Updates Tab - Select Check for Updates and click O.K
  • Once complete click the Scanner Tab and select Perform quick scan
  • The scan will take a few minutes. Once complete click O.K and Show Results
  • Make sure anything found is checked and click Remove Selected
  • A reboot may be needed please proceed if asked.
  • If a reboot was needed the log is automatically saved by MBAM and can be viewed by clicking the Logs Tab then Open Log I need to see this.

    3. RUN ESET SCAN

    Please run a free online scan with the ESET Online Scanner

    Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

    Note: This scan works with Internet Explorer or Mozilla FireFox.

    If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    • Click the green ESET Online Scanner box
    • Tick the box next to YES, I accept the Terms of Use
      then click on: Start
    • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
    • Make sure that the Remove Found Threats and Scan archives boxes are checked.
    • Now click on Advanced Settings and select the following:
      [list]
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

4. OTL CUSTOM SCAN
  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Purity Check
  • Copy and paste the following into Custom Scans\Fixes box without the word Quote.

    dir C:\ /S /A:L /C

  • Now Click Run Scan
  • OTL will now scan your computer and produce 1 log file. OTL.txt
  • Post both in your next reply

Things I want to see in your next post.
  • Malwarebytes log.
  • ESET scan results
  • OTL scan.

  • 0

#10
hellomut

hellomut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi that took a long time the reports are below, when I installed CHROME http://uk.woofi.info/ came back in the task bar! many thanks
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.14.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
shadbolt :: SHADBOLT-PC [administrator]

Protection: Disabled

14/06/2013 14:57:28
mbam-log-2013-06-14 (14-57-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199016
Time elapsed: 10 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

C:\Windows.old\Documents and Settings\shadbolt\Downloads\gtk2125-setup.exe a variant of Win32/1AntiVirus application
C:\Windows.old.000\Documents and Settings\shadbolt\Downloads\gtk2125-setup.exe a variant of Win32/1AntiVirus application
C:\Users\shadbolt\Downloads\gtk2125-setup.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06132013_074607\C_ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll a variant of Win32/bProtector.A application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06132013_074607\C_ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe a variant of Win32/bProtector.A application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06132013_074607\C_ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\uninstall.exe a variant of Win32/bProtector.A application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06132013_074607\C_ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\bprotector.js Win32/bProtector.F application cleaned by deleting - quarantined

OTL logfile created on: 15/06/2013 09:23:30 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\shadbolt\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.40 Gb Available Physical Memory | 26.88% Memory free
3.25 Gb Paging File | 1.03 Gb Available in Paging File | 31.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 67.20 Gb Free Space | 45.09% Space Free | Partition Type: NTFS

Computer Name: SHADBOLT-PC | User Name: shadbolt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/11 21:59:49 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013/06/11 20:42:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe
PRC - [2013/05/16 17:20:32 | 000,029,976 | ---- | M] () -- C:\Program Files\sysTPL\sysTPLMonitor.exe
PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/04/10 17:11:52 | 000,168,592 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/21 09:04:28 | 001,124,184 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/03/21 09:04:26 | 002,115,416 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/09/03 13:11:26 | 000,323,584 | ---- | M] (Inventec Corp.) -- C:\Program Files\FSC\Wireless Utility\Wireless Selector.exe
PRC - [2008/08/12 16:21:12 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2003/06/12 02:42:18 | 000,114,688 | ---- | M] () -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
  • 0

Advertisements


#11
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there Hellomut I have some questions for you :)

1. Is there any difficulty posting the OTL results? You have only copy and pasted the beginning of the OTL results here, the log is a lot longer. Leave that one for now as I have a new OTL scan for you to do. Please ensure you copy and paste the full log - < End of report > is the last entry in the log. If there is still a problem then you could attach the logs in your reply instead.

2. You have upgraded form XP or Vista to Windows 7 correct? An infection was found in the Windows.old folder. If you are happy with how the Upgrade went and have all the items you need from the other OS, (XP\Vista) then there is no need for this folder and I would recommend you delete this. If you are happy to do so then complete step 1 below.

1. Windows.old folder
  • Click Start and in the search box type Disk Cleanup and press Enter
  • Disk Cleanup will calculate space then open.
  • Click Clean up system files. Disk Cleanup will calculate space then open. Now select Previous Windows installation check box.
  • Click O.K In the message that appears, click Delete Files.

2. Shortcut Cleaner

3. OTL Custom Scan
  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Copy and paste the following into Custom Scans\Fixes box without the word Quote.

    dir C:\ /S /A:L /C
    hklm\software\clients\startmenuinternet|command /rs
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*

  • Now Click Run Scan
  • OTL will now scan your computer and produce 1 log file. OTL.txt.
  • Post complete log in your next reply

Things I want to see in your next post.
  • OTL.txt
  • sc-cleaner.txt
  • Do you know anything about SysTPL and a folder named Tlapia?
  • Have you paid for the Angry Birds game or is it a demo?


P.S If you are having difficulties then please ask, that's what I am here for :thumbsup:
  • 0

#12
hellomut

hellomut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi sorry I must have miss part of the report, with regards to up grades no the machine came with Vista home and it is still running vista home.
I have not completed any of the action you sent in your last mail, I will wait until you have seen the report.
Thanks
OTL logfile created on: 15/06/2013 09:23:30 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\shadbolt\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.40 Gb Available Physical Memory | 26.88% Memory free
3.25 Gb Paging File | 1.03 Gb Available in Paging File | 31.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 67.20 Gb Free Space | 45.09% Space Free | Partition Type: NTFS

Computer Name: SHADBOLT-PC | User Name: shadbolt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/11 21:59:49 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013/06/11 20:42:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe
PRC - [2013/05/16 17:20:32 | 000,029,976 | ---- | M] () -- C:\Program Files\sysTPL\sysTPLMonitor.exe
PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/04/10 17:11:52 | 000,168,592 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/21 09:04:28 | 001,124,184 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/03/21 09:04:26 | 002,115,416 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/09/03 13:11:26 | 000,323,584 | ---- | M] (Inventec Corp.) -- C:\Program Files\FSC\Wireless Utility\Wireless Selector.exe
PRC - [2008/08/12 16:21:12 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2003/06/12 02:42:18 | 000,114,688 | ---- | M] () -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/03 11:50:23 | 000,557,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2003/06/12 02:42:18 | 000,114,688 | ---- | M] () -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe


========== Services (SafeList) ==========

SRV - [2013/05/16 17:20:32 | 000,032,024 | ---- | M] () [Auto | Stopped] -- C:\Program Files\sysTPL\sysTPLService.exe -- (sysTPLService.exe)
SRV - [2013/05/16 17:20:32 | 000,029,976 | ---- | M] () [Auto | Running] -- C:\Program Files\sysTPL\sysTPLMonitor.exe -- (sysTPLMonitor.exe)
SRV - [2013/05/15 15:46:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/04/10 17:11:52 | 000,168,592 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/21 09:04:28 | 001,124,184 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/03/01 13:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/13 23:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\SPIXNEW.SYS -- (SUNPLUS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\shadbolt\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/04/03 11:50:18 | 000,317,112 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_51755.sys -- (RapportCerberus_51755)
DRV - [2013/03/21 09:04:42 | 000,173,880 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/03/21 09:04:42 | 000,102,680 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/03/21 09:04:42 | 000,102,008 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/09/05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/01 08:19:18 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/07/22 10:21:08 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/07/15 17:00:06 | 000,016,384 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FSCSLII.sys -- (FSCSLII)
DRV - [2007/12/19 18:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007/10/31 11:23:00 | 000,124,960 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/10/31 11:23:00 | 000,115,744 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/09/29 13:30:52 | 000,065,024 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.co.uk/ [binary data]
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)


[2012/08/13 10:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2013/06/13 07:46:51 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [sysTPL] C:\Program Files\sysTPL\sysTPL.exe ()
O4 - HKLM..\Run: [Touchpad_Hotkey] C:\Program Files\FSC\Wireless Utility\Touchpad Hotkey.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Wireless_Selector] C:\Program Files\FSC\Wireless Utility\Wireless Selector.exe (Inventec Corp.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{947C342D-E596-4FCA-961C-2CF318C18106}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/14 15:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/06/13 17:43:46 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/06/13 17:43:02 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/13 17:25:18 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\shadbolt\Desktop\JRT.exe
[2013/06/13 09:28:39 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\reply2
[2013/06/13 09:10:06 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\New Folder
[2013/06/13 07:46:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/11 20:42:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe
[2013/06/09 17:16:32 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Roaming\Malwarebytes
[2013/06/09 17:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/09 17:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/09 17:15:50 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/06/09 17:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/06/09 10:36:32 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Local\Apps
[2013/05/26 12:05:21 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Roaming\Rovio
[2013/05/26 12:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio
[2013/05/26 12:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Rovio
[2013/05/26 12:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\enginesysTPL
[2013/05/26 11:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\sysTPL
[2013/05/26 11:58:50 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Roaming\Tlapia

========== Files - Modified Within 30 Days ==========

[2013/06/15 08:59:41 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/15 08:46:25 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/15 08:01:53 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/15 08:01:53 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/14 15:58:21 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/14 14:00:39 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/06/14 14:00:33 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/06/14 14:00:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/14 13:59:42 | 1608,871,936 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/14 01:10:39 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/06/13 17:25:20 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\shadbolt\Desktop\JRT.exe
[2013/06/13 09:32:49 | 000,648,201 | ---- | M] () -- C:\Users\shadbolt\Desktop\AdwCleaner.exe
[2013/06/13 08:44:44 | 000,890,839 | ---- | M] () -- C:\Users\shadbolt\Desktop\SecurityCheck.exe
[2013/06/13 07:46:51 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/06/11 20:42:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe
[2013/06/09 17:16:21 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/31 18:14:45 | 000,002,637 | ---- | M] () -- C:\Users\shadbolt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2013/05/30 00:06:15 | 190,565,979 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/05/26 12:05:03 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds Rio.lnk
[2013/05/26 12:02:14 | 000,000,000 | ---- | M] () -- C:\Windows\System32\wget-log
[2013/05/24 15:25:36 | 000,001,995 | ---- | M] () -- C:\Users\shadbolt\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/23 08:50:36 | 000,612,100 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/23 08:50:36 | 000,109,516 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2013/06/13 09:32:48 | 000,648,201 | ---- | C] () -- C:\Users\shadbolt\Desktop\AdwCleaner.exe
[2013/06/13 08:44:43 | 000,890,839 | ---- | C] () -- C:\Users\shadbolt\Desktop\SecurityCheck.exe
[2013/06/09 17:16:21 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/26 12:05:03 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds Rio.lnk
[2013/05/26 12:02:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wget-log
[2012/09/01 18:00:37 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012/01/13 16:06:11 | 000,036,587 | ---- | C] () -- C:\Windows\unvpeye.ini
[2010/08/06 20:04:07 | 000,013,312 | ---- | C] () -- C:\Users\shadbolt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/04 20:18:37 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/08/04 20:14:40 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/29 20:51:13 | 000,000,680 | ---- | C] () -- C:\Users\shadbolt\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/05/26 12:05:21 | 000,000,000 | ---D | M] -- C:\Users\shadbolt\AppData\Roaming\Rovio
[2013/05/26 12:03:05 | 000,000,000 | ---D | M] -- C:\Users\shadbolt\AppData\Roaming\Tlapia

========== Purity Check ==========



========== Custom Scans ==========

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 646B-E12E
Directory of C:\
02/11/2006 13:59 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
02/11/2006 13:59 <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 13:59 <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 13:59 <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 13:59 <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 13:59 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 13:59 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
02/11/2006 13:59 <SYMLINKD> All Users [C:\ProgramData]
02/11/2006 13:59 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
02/11/2006 13:59 <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 13:59 <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 13:59 <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 13:59 <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 13:59 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 13:59 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
02/11/2006 13:59 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
02/11/2006 13:59 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
02/11/2006 13:59 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
02/11/2006 13:59 <JUNCTION> My Documents [C:\Users\Default\Documents]
02/11/2006 13:59 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/11/2006 13:59 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/11/2006 13:59 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/11/2006 13:59 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
02/11/2006 13:59 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/11/2006 13:59 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
02/11/2006 13:59 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
02/11/2006 13:59 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 13:59 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
02/11/2006 13:59 <JUNCTION> My Music [C:\Users\Default\Music]
02/11/2006 13:59 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
02/11/2006 13:59 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
02/11/2006 13:59 <JUNCTION> My Music [C:\Users\Public\Music]
02/11/2006 13:59 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
02/11/2006 13:59 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\shadbolt
29/07/2010 20:51 <JUNCTION> Application Data [C:\Users\shadbolt\AppData\Roaming]
29/07/2010 20:51 <JUNCTION> Cookies [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Cookies]
29/07/2010 20:51 <JUNCTION> Local Settings [C:\Users\shadbolt\AppData\Local]
29/07/2010 20:51 <JUNCTION> My Documents [C:\Users\shadbolt\Documents]
29/07/2010 20:51 <JUNCTION> NetHood [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
29/07/2010 20:51 <JUNCTION> PrintHood [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
29/07/2010 20:51 <JUNCTION> Recent [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Recent]
29/07/2010 20:51 <JUNCTION> SendTo [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\SendTo]
29/07/2010 20:51 <JUNCTION> Start Menu [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Start Menu]
29/07/2010 20:51 <JUNCTION> Templates [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\shadbolt\AppData\Local
29/07/2010 20:51 <JUNCTION> Application Data [C:\Users\shadbolt\AppData\Local]
29/07/2010 20:51 <JUNCTION> History [C:\Users\shadbolt\AppData\Local\Microsoft\Windows\History]
29/07/2010 20:51 <JUNCTION> Temporary Internet Files [C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\shadbolt\AppData\LocalLow
27/08/2010 21:34 <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\shadbolt\Documents
29/07/2010 20:51 <JUNCTION> My Music [C:\Users\shadbolt\Music]
29/07/2010 20:51 <JUNCTION> My Pictures [C:\Users\shadbolt\Pictures]
29/07/2010 20:51 <JUNCTION> My Videos [C:\Users\shadbolt\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old
02/11/2006 13:59 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings
02/11/2006 13:59 <SYMLINKD> All Users [C:\ProgramData]
02/11/2006 13:59 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\All Users
02/11/2006 13:59 <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 13:59 <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 13:59 <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 13:59 <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 13:59 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 13:59 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default
02/11/2006 13:59 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
02/11/2006 13:59 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
02/11/2006 13:59 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
02/11/2006 13:59 <JUNCTION> My Documents [C:\Users\Default\Documents]
02/11/2006 13:59 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/11/2006 13:59 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/11/2006 13:59 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/11/2006 13:59 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
02/11/2006 13:59 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/11/2006 13:59 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\AppData\Local
02/11/2006 13:59 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
02/11/2006 13:59 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 13:59 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\Documents
02/11/2006 13:59 <JUNCTION> My Music [C:\Users\Default\Music]
02/11/2006 13:59 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
02/11/2006 13:59 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Public\Documents
02/11/2006 13:59 <JUNCTION> My Music [C:\Users\Public\Music]
02/11/2006 13:59 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
02/11/2006 13:59 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\shadbolt
29/07/2010 20:51 <JUNCTION> Application Data [C:\Users\shadbolt\AppData\Roaming]
29/07/2010 20:51 <JUNCTION> Cookies [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Cookies]
29/07/2010 20:51 <JUNCTION> Local Settings [C:\Users\shadbolt\AppData\Local]
29/07/2010 20:51 <JUNCTION> My Documents [C:\Users\shadbolt\Documents]
29/07/2010 20:51 <JUNCTION> NetHood [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
29/07/2010 20:51 <JUNCTION> PrintHood [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
29/07/2010 20:51 <JUNCTION> Recent [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Recent]
29/07/2010 20:51 <JUNCTION> SendTo [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\SendTo]
29/07/2010 20:51 <JUNCTION> Start Menu [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Start Menu]
29/07/2010 20:51 <JUNCTION> Templates [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\shadbolt\AppData\Local
29/07/2010 20:51 <JUNCTION> Application Data [C:\Users\shadbolt\AppData\Local]
29/07/2010 20:51 <JUNCTION> History [C:\Users\shadbolt\AppData\Local\Microsoft\Windows\History]
29/07/2010 20:51 <JUNCTION> Temporary Internet Files [C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\shadbolt\AppData\LocalLow
27/08/2010 21:34 <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\shadbolt\Documents
29/07/2010 20:51 <JUNCTION> My Music [C:\Users\shadbolt\Music]
29/07/2010 20:51 <JUNCTION> My Pictures [C:\Users\shadbolt\Pictures]
29/07/2010 20:51 <JUNCTION> My Videos [C:\Users\shadbolt\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData
02/11/2006 13:59 <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 13:59 <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 13:59 <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 13:59 <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 13:59 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 13:59 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Application Data
02/11/2006 13:59 <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 13:59 <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 13:59 <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 13:59 <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 13:59 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 13:59 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Documents
02/11/2006 13:59 <JUNCTION> My Music [C:\Users\Public\Music]
02/11/2006 13:59 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
02/11/2006 13:59 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users
02/11/2006 13:59 <SYMLINKD> All Users [C:\ProgramData]
02/11/2006 13:59 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users
02/11/2006 13:59 <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 13:59 <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 13:59 <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 13:59 <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 13:59 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 13:59 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default
02/11/2006 13:59 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
02/11/2006 13:59 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
02/11/2006 13:59 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
02/11/2006 13:59 <JUNCTION> My Documents [C:\Users\Default\Documents]
02/11/2006 13:59 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/11/2006 13:59 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/11/2006 13:59 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/11/2006 13:59 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
02/11/2006 13:59 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/11/2006 13:59 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\AppData\Local
02/11/2006 13:59 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
02/11/2006 13:59 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 13:59 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\AppData\Local\Application Data
02/11/2006 13:59 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
02/11/2006 13:59 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 13:59 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\Documents
02/11/2006 13:59 <JUNCTION> My Music [C:\Users\Default\Music]
02/11/2006 13:59 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
02/11/2006 13:59 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\Local Settings
02/11/2006 13:59 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
02/11/2006 13:59 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 13:59 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\My Documents
02/11/2006 13:59 <JUNCTION> My Music [C:\Users\Default\Music]
02/11/2006 13:59 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
02/11/2006 13:59 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User
02/11/2006 13:59 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
02/11/2006 13:59 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
02/11/2006 13:59 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
02/11/2006 13:59 <JUNCTION> My Documents [C:\Users\Default\Documents]
02/11/2006 13:59 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/11/2006 13:59 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/11/2006 13:59 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/11/2006 13:59 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
02/11/2006 13:59 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/11/2006 13:59 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\AppData\Local
02/11/2006 13:59 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
02/11/2006 13:59 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 13:59 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\Documents
02/11/2006 13:59 <JUNCTION> My Music [C:\Users\Default\Music]
02/11/2006 13:59 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
02/11/2006 13:59 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\PC User
14/04/2009 11:25 <JUNCTION> Application Data [C:\Users\PC User\AppData\Roaming]
14/04/2009 11:25 <JUNCTION> Cookies [C:\Users\PC User\AppData\Roaming\Microsoft\Windows\Cookies]
14/04/2009 11:25 <JUNCTION> Local Settings [C:\Users\PC User\AppData\Local]
14/04/2009 11:25 <JUNCTION> My Documents [C:\Users\PC User\Documents]
14/04/2009 11:25 <JUNCTION> NetHood [C:\Users\PC User\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/04/2009 11:25 <JUNCTION> PrintHood [C:\Users\PC User\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/04/2009 11:25 <JUNCTION> Recent [C:\Users\PC User\AppData\Roaming\Microsoft\Windows\Recent]
14/04/2009 11:25 <JUNCTION> SendTo [C:\Users\PC User\AppData\Roaming\Microsoft\Windows\SendTo]
14/04/2009 11:25 <JUNCTION> Start Menu [C:\Users\PC User\AppData\Roaming\Microsoft\Windows\Start Menu]
14/04/2009 11:25 <JUNCTION> Templates [C:\Users\PC User\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\PC User\AppData\Local
14/04/2009 11:25 <JUNCTION> Application Data [C:\Users\PC User\AppData\Local]
14/04/2009 11:25 <JUNCTION> History [C:\Users\PC User\AppData\Local\Microsoft\Windows\History]
14/04/2009 11:25 <JUNCTION> Temporary Internet Files [C:\Users\PC User\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\PC User\Documents
14/04/2009 11:25 <JUNCTION> My Music [C:\Users\PC User\Music]
14/04/2009 11:25 <JUNCTION> My Pictures [C:\Users\PC User\Pictures]
14/04/2009 11:25 <JUNCTION> My Videos [C:\Users\PC User\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Public\Documents
02/11/2006 13:59 <JUNCTION> My Music [C:\Users\Public\Music]
02/11/2006 13:59 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
02/11/2006 13:59 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Windows\System32\config\systemprofile
16/05/2010 20:55 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
16/05/2010 20:55 <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
16/05/2010 20:55 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
0 File(s) 0 bytes
Directory of C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local
16/05/2010 20:55 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
16/05/2010 20:55 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
16/05/2010 20:55 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old.000
02/11/2006 13:59 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\Documents and Settings
02/11/2006 13:59 <SYMLINKD> All Users [C:\ProgramData]
02/11/2006 13:59 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\Documents and Settings\All Users
02/11/2006 13:59 <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 13:59 <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 13:59 <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 13:59 <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 13:59 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 13:59 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\Documents and Settings\Default
02/11/2006 13:59 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
02/11/2006 13:59 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
02/11/2006 13:59 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
02/11/2006 13:59 <JUNCTION> My Documents [C:\Users\Default\Documents]
02/11/2006 13:59 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/11/2006 13:59 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/11/2006 13:59 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/11/2006 13:59 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
02/11/2006 13:59 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/11/2006 13:59 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\Documents and Settings\Default\AppData\Local
02/11/2006 13:59 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
02/11/2006 13:59 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 13:59 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\Documents and Settings\Default\Documents
02/11/2006 13:59 <JUNCTION> My Music [C:\Users\Default\Music]
02/11/2006 13:59 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
02/11/2006 13:59 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\Documents and Settings\Public\Documents
02/11/2006 13:59 <JUNCTION> My Music [C:\Users\Public\Music]
02/11/2006 13:59 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
02/11/2006 13:59 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\Documents and Settings\shadbolt
29/07/2010 20:51 <JUNCTION> Application Data [C:\Users\shadbolt\AppData\Roaming]
29/07/2010 20:51 <JUNCTION> Cookies [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Cookies]
29/07/2010 20:51 <JUNCTION> Local Settings [C:\Users\shadbolt\AppData\Local]
29/07/2010 20:51 <JUNCTION> My Documents [C:\Users\shadbolt\Documents]
29/07/2010 20:51 <JUNCTION> NetHood [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
29/07/2010 20:51 <JUNCTION> PrintHood [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
29/07/2010 20:51 <JUNCTION> Recent [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Recent]
29/07/2010 20:51 <JUNCTION> SendTo [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\SendTo]
29/07/2010 20:51 <JUNCTION> Start Menu [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Start Menu]
29/07/2010 20:51 <JUNCTION> Templates [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\Documents and Settings\shadbolt\AppData\Local
29/07/2010 20:51 <JUNCTION> Application Data [C:\Users\shadbolt\AppData\Local]
29/07/2010 20:51 <JUNCTION> History [C:\Users\shadbolt\AppData\Local\Microsoft\Windows\History]
29/07/2010 20:51 <JUNCTION> Temporary Internet Files [C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\Documents and Settings\shadbolt\AppData\LocalLow
27/08/2010 21:34 <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\Documents and Settings\shadbolt\Documents
29/07/2010 20:51 <JUNCTION> My Music [C:\Users\shadbolt\Music]
29/07/2010 20:51 <JUNCTION> My Pictures [C:\Users\shadbolt\Pictures]
29/07/2010 20:51 <JUNCTION> My Videos [C:\Users\shadbolt\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\ProgramData
02/11/2006 13:59 <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 13:59 <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 13:59 <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 13:59 <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 13:59 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 13:59 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\ProgramData\Application Data
02/11/2006 13:59 <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 13:59 <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 13:59 <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 13:59 <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 13:59 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 13:59 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\ProgramData\Documents
02/11/2006 13:59 <JUNCTION> My Music [C:\Users\Public\Music]
02/11/2006 13:59 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
02/11/2006 13:59 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\Users
02/11/2006 13:59 <SYMLINKD> All Users [C:\ProgramData]
02/11/2006 13:59 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\Users\All Users
02/11/2006 13:59 <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 13:59 <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 13:59 <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 13:59 <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 13:59 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 13:59 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\Users\Default
02/11/2006 13:59 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
02/11/2006 13:59 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
02/11/2006 13:59 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
02/11/2006 13:59 <JUNCTION> My Documents [C:\Users\Default\Documents]
02/11/2006 13:59 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/11/2006 13:59 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/11/2006 13:59 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/11/2006 13:59 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
02/11/2006 13:59 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/11/2006 13:59 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\Users\Default\AppData\Local
02/11/2006 13:59 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
02/11/2006 13:59 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 13:59 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\Users\Default\AppData\Local\Application Data
02/11/2006 13:59 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
02/11/2006 13:59 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 13:59 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\Users\Default\Documents
02/11/2006 13:59 <JUNCTION> My Music [C:\Users\Default\Music]
02/11/2006 13:59 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
02/11/2006 13:59 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\Users\Default\Local Settings
02/11/2006 13:59 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
02/11/2006 13:59 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 13:59 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\Users\Default\My Documents
02/11/2006 13:59 <JUNCTION> My Music [C:\Users\Default\Music]
02/11/2006 13:59 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
02/11/2006 13:59 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\Users\Default User
02/11/2006 13:59 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
02/11/2006 13:59 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
02/11/2006 13:59 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
02/11/2006 13:59 <JUNCTION> My Documents [C:\Users\Default\Documents]
02/11/2006 13:59 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/11/2006 13:59 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/11/2006 13:59 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/11/2006 13:59 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
02/11/2006 13:59 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/11/2006 13:59 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\Users\Default User\AppData\Local
02/11/2006 13:59 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
02/11/2006 13:59 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 13:59 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\Users\Default User\Documents
02/11/2006 13:59 <JUNCTION> My Music [C:\Users\Default\Music]
02/11/2006 13:59 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
02/11/2006 13:59 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\Users\Public\Documents
02/11/2006 13:59 <JUNCTION> My Music [C:\Users\Public\Music]
02/11/2006 13:59 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
02/11/2006 13:59 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\Users\shadbolt
29/07/2010 17:44 <JUNCTION> Application Data [C:\Users\shadbolt\AppData\Roaming]
29/07/2010 17:44 <JUNCTION> Cookies [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Cookies]
29/07/2010 17:44 <JUNCTION> Local Settings [C:\Users\shadbolt\AppData\Local]
29/07/2010 17:44 <JUNCTION> My Documents [C:\Users\shadbolt\Documents]
29/07/2010 17:44 <JUNCTION> NetHood [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
29/07/2010 17:44 <JUNCTION> PrintHood [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
29/07/2010 17:44 <JUNCTION> Recent [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Recent]
29/07/2010 17:44 <JUNCTION> SendTo [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\SendTo]
29/07/2010 17:44 <JUNCTION> Start Menu [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Start Menu]
29/07/2010 17:44 <JUNCTION> Templates [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\Users\shadbolt\AppData\Local
29/07/2010 17:44 <JUNCTION> Application Data [C:\Users\shadbolt\AppData\Local]
29/07/2010 17:44 <JUNCTION> History [C:\Users\shadbolt\AppData\Local\Microsoft\Windows\History]
29/07/2010 17:44 <JUNCTION> Temporary Internet Files [C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\Users\shadbolt\AppData\Local\Application Data
29/07/2010 20:51 <JUNCTION> Application Data [C:\Users\shadbolt\AppData\Local]
29/07/2010 20:51 <JUNCTION> History [C:\Users\shadbolt\AppData\Local\Microsoft\Windows\History]
29/07/2010 20:51 <JUNCTION> Temporary Internet Files [C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\Users\shadbolt\Documents
29/07/2010 17:44 <JUNCTION> My Music [C:\Users\shadbolt\Music]
29/07/2010 17:44 <JUNCTION> My Pictures [C:\Users\shadbolt\Pictures]
29/07/2010 17:44 <JUNCTION> My Videos [C:\Users\shadbolt\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\Users\shadbolt\Local Settings
29/07/2010 20:51 <JUNCTION> Application Data [C:\Users\shadbolt\AppData\Local]
29/07/2010 20:51 <JUNCTION> History [C:\Users\shadbolt\AppData\Local\Microsoft\Windows\History]
29/07/2010 20:51 <JUNCTION> Temporary Internet Files [C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old.000\Users\shadbolt\My Documents
29/07/2010 20:51 <JUNCTION> My Music [C:\Users\shadbolt\Music]
29/07/2010 20:51 <JUNCTION> My Pictures [C:\Users\shadbolt\Pictures]
29/07/2010 20:51 <JUNCTION> My Videos [C:\Users\shadbolt\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
322 Dir(s) 72,159,219,712 bytes free

< End of report >
  • 0

#13
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there thanks for the OTL log :)

You have a folder on your Local Disk (C:) called Windows.old This folder is created when upgrading an Operating System. Have you any idea how this folder got there? Was the Laptop bought brand new or reconditioned? If you have no knowledge of this folder then I suggest completing Step 1 and delete it as there were infections found there :thumbsup:

You also stated that the Woofi shortcut was on your taskbar did you mean within Chrome or as a separate Icon?

Have you uninstalled Chrome? The settings are not present in the OTL scan.

I also asked about SysTPL and Tlapia and ideas on these?

Please get back to me regarding these questions. :thumbsup:
  • 0

#14
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there :)

Are you having any problems with the above?
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP