Jump to content

Jon Fleming

Members
  • Posts

    8
  • Joined

  • Last visited

Everything posted by Jon Fleming

  1. If I click a link in a Compiled HTML Help File opened in Microsoft's hh.exe Malwarebytes blocks it. Is there some way to avoid this?
  2. JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Fri Jun 27 12:02:25 2014 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: Applications\java.exe Found and removed: Applications\javaw.exe Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\Installer\Features\F60730A4A66673047777F5728467D401 Found and removed: SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\6C5ADB75C34456D42B338232391207FF Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\A5CCAAC40F5B69B47777ACF82566467C Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-applet Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-jnlp-file Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\.jar Found and removed: SOFTWARE\Classes\.jnlp Found and removed: SOFTWARE\Classes\jarfile Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0 Found and removed: SOFTWARE\Classes\JNLPFile Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaws.exe Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\MozillaPlugins ------------------------------------ Finished reporting. Addition.txt FRST.txt
  3. A few notes on your boilerplate: step 4 requires a reboot. The description of the interface in step 7 is a little off; see http://i2.photobucket.com/albums/y10/JonF/Eset_zpse310cb2b.png. I had to turn off Windows Defender to run step 8. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.3 (03.23.2014:1)OS: Windows 8.1 x64Ran by Jon on Tue 06/24/2014 at 7:47:06.14~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dllSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocolSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapiSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocololeSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"Successfully deleted: [Folder] "C:\Users\Jon\AppData\Roaming\search protection"Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader" ~~~ FireFox Emptied folder: C:\Users\Jon\AppData\Roaming\mozilla\firefox\profiles\u5g0mbih.default\minidumps [1 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Tue 06/24/2014 at 7:51:21.17Computer was rebootedEnd of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.213 - Report created 24/06/2014 at 08:12:08# Updated 23/06/2014 by Xplode# Operating System : Windows 8.1 (64 bits)# Username : Jon - MAIN-2# Running from : C:\Users\Jon\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** [#] Service Deleted : vToolbarUpdater18.1.7 ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Aimersoft Video Converter UltimateFolder Deleted : C:\ProgramData\AVG SafeGuard toolbarFolder Deleted : C:\ProgramData\AVG Secure SearchFolder Deleted : C:\Program Files (x86)\AVG Secure SearchFolder Deleted : C:\Program Files (x86)\GreenTree ApplicationsFolder Deleted : C:\Program Files (x86)\Common Files\AVG Secure SearchFolder Deleted : C:\Program Files\AVG Secure SearchFolder Deleted : C:\Users\Jon\AppData\Local\AVG SafeGuard toolbarFolder Deleted : C:\Users\Jon\AppData\Local\AVG Secure SearchFolder Deleted : C:\Users\Jon\AppData\LocalLow\AVG SafeGuard toolbarFolder Deleted : C:\Users\Jon\AppData\LocalLow\AVG Secure SearchFolder Deleted : C:\Users\Jon\Documents\Aimersoft Video Converter UltimateFolder Deleted : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblofFolder Deleted : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijbFile Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml ***** [ Shortcuts ] ***** Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblofKey Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPIKey Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObjKey Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPIKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObjKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\AVG Secure SearchKey Deleted : HKCU\Software\SToolKey Deleted : HKCU\Software\WEDLMNGRKey Deleted : HKLM\Software\AVG SafeGuard toolbarKey Deleted : HKLM\Software\AVG Secure SearchKey Deleted : HKLM\Software\AVG Security ToolbarKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search ProtectionKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17126 -\\ Mozilla Firefox v30.0 (en-US) [ File : C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\u5g0mbih.default\prefs.js ] -\\ Google Chrome v35.0.1916.153 [ File : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblofDeleted [Extension] : obciceimmggglbmelaidpjlmodcebijb ************************* AdwCleaner[R0].txt - [4561 octets] - [24/06/2014 07:53:54]AdwCleaner[s0].txt - [4418 octets] - [24/06/2014 08:12:08] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4478 octets] ########## <?xml version="1.0" encoding="UTF-16" ?><mbam-log><header><date>2014/06/24 08:23:07 -0400</date><logfile>mbam-log-2014-06-24 (08-23-06).xml</logfile><isadmin>yes</isadmin></header><engine><version>2.00.2.1012</version><malware-database>v2014.06.24.07</malware-database><rootkit-database>v2014.06.23.02</rootkit-database><license>premium</license><file-protection>enabled</file-protection><web-protection>enabled</web-protection><self-protection>disabled</self-protection></engine><system><osversion>Windows 8.1</osversion><arch>x64</arch><username>Jon</username><filesys>NTFS</filesys></system><summary><type>threat</type><result>completed</result><objects>319924</objects><time>1461</time><processes>0</processes><modules>0</modules><keys>0</keys><values>0</values><datas>0</datas><folders>0</folders><files>0</files><sectors>0</sectors></summary><options><memory>enabled</memory><startup>enabled</startup><filesystem>enabled</filesystem><archives>enabled</archives><rootkits>enabled</rootkits><deeprootkit>disabled</deeprootkit><heuristics>enabled</heuristics><pup>enabled</pup><pum>enabled</pum></options><items></items></mbam-log> I didn't realize I had all those backups under HijackThis!: C:\Windows\Installer\MSI7459.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe applicationE:\Backup\Games\LoveBytes\BTINTER\ENG\PACKAGES\MSIE30.EXE probably unknown NewHeur_PE virusE:\Bart's_PE_Builder\plugin\ERDC2006\ERDPatcher5.exe a variant of Win32/HackTool.Patcher.BD potentially unsafe applicationE:\Bart's_PE_Builder\plugin\insidepro\saminside\GetHashes.exe a variant of Win32/PSWTool.SAMInside.AB potentially unsafe applicationE:\Bart's_PE_Builder\plugin\insidepro\saminside\SAMInside.exe a variant of Win32/PSWTool.SAMInside.AA potentially unsafe applicationE:\Bart's_PE_Builder\plugin\TFTPD\Files\tftpd32.exe a variant of Win32/TFTPD32.B potentially unsafe applicationE:\PAI\Install (portable)\Antivirus\Avira\avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe applicationE:\PAI\Install (portable)\Bullet Password Revealer\x86\BulletsPassView.exe a variant of Win32/PSWTool.BulletsPassView.C potentially unsafe applicationE:\PAI\Install (portable)\CCleaner\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationE:\PAI\Install (portable)\CCleaner\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationE:\PAI\Install (portable)\Cute PDF\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationE:\PAI\Install (portable)\Daemon Tools\DTLite4481-0347.exe Win32/DownWare.L potentially unwanted applicationE:\PAI\Install (portable)\Daemon Tools\DTLite4491-0356.exe Win32/DownWare.L potentially unwanted applicationE:\PAI\Install (portable)\Pagenest web site stripper\pagenestfree.exe Win32/DownWare.W potentially unwanted applicationE:\PAI\Install (portable)\Product Key\x86\ProduKey.exe a variant of Win32/PSWTool.ProductKey potentially unsafe applicationE:\PAI\Install (portable)\Recuva\rcsetup150.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationE:\PAI\Install (portable)\Spyware removers\SmitFraud - SpyAxe\SmitfraudFix.exe Win32/PrcView potentially unsafe applicationE:\PAI\Install (portable)\Spyware removers\SmitFraud - SpyAxe\smitRem.exe Win32/PrcView potentially unsafe applicationE:\PAI\Install (portable)\Spyware removers\SpywareQuake\2. smitRem in safe mode\smitRem.exe Win32/PrcView potentially unsafe applicationE:\PAI\Install (portable)\Unlocker\Unlocker1.9.1.exe Win32/Adware.ADON potentially unwanted applicationE:\PAI\Install (portable)\Unlocker\Unlocker1.9.2.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted applicationE:\PAI\Install (portable)\Wireless Key View\x64\WirelessKeyView.exe a variant of Win64/WirelessKeyView.B potentially unsafe applicationE:\PAI\Install (portable)\Wireless Key View\x86\WirelessKeyView.exe a variant of Win32/WirelessKeyView.A potentially unsafe applicationE:\PAI\PortableApps\Adapter Watch\awatch.exe a variant of Win32/AdapterWatch.A potentially unsafe applicationE:\PAI\PortableApps\Passwords\Bullet Password Revealer\x86\BulletsPassView.exe a variant of Win32/PSWTool.BulletsPassView.C potentially unsafe applicationE:\PAI\PortableApps\Passwords\Web Browser Password View\WebBrowserPassView.exe Win32/PSWTool.WebBrowserPassView.B potentially unsafe applicationE:\PAI\PortableApps\ProduKey\x86\ProduKey.exe a variant of Win32/PSWTool.ProductKey potentially unsafe applicationE:\PAI\PortableApps\Spyware removers\HijackThis\backups\backup-20100914-102312-659.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationE:\PAI\PortableApps\Spyware removers\HijackThis\backups\backup-20100914-102316-239.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationE:\PAI\PortableApps\Spyware removers\HijackThis\backups\backup-20100914-102318-396.dll Win32/Adware.PCConfidential applicationE:\PAI\PortableApps\Spyware removers\HijackThis\backups\backup-20100914-102319-643.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationE:\PAI\PortableApps\Spyware removers\HijackThis\backups\backup-20100914-102322-464.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted applicationE:\PAI\PortableApps\Spyware removers\HijackThis\backups\backup-20100914-102324-386.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationE:\PAI\PortableApps\Spyware removers\HijackThis\backups\backup-20101008-102713-208.dll probably a variant of Win32/Toolbar.MyWebSearch potentially unwanted applicationE:\PAI\PortableApps\Spyware removers\HijackThis\backups\backup-20101008-102713-790.dll Win32/Toolbar.MyWebSearch.K potentially unwanted applicationE:\PAI\PortableApps\Spyware removers\HijackThis\backups\backup-20101008-102717-257.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationE:\PAI\PortableApps\Spyware removers\HijackThis\backups\backup-20101008-102722-154.dll a variant of Win32/Adware.Toolbar.Shopper.AA applicationE:\PAI\PortableApps\Spyware removers\HijackThis\backups\backup-20101008-102723-393.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationE:\PAI\PortableApps\Spyware removers\HijackThis\backups\backup-20101008-102730-249.dll a variant of Win32/Toolbar.Inbox.B potentially unwanted applicationE:\PAI\PortableApps\Spyware removers\HijackThis\backups\backup-20101028-154310-351.dll a variant of Win32/Toolbar.MyWebSearch.K potentially unwanted applicationE:\PAI\PortableApps\Spyware removers\HijackThis\backups\backup-20101028-154310-836.dll Win32/Toolbar.MyWebSearch potentially unwanted applicationE:\PAI\PortableApps\Spyware removers\HijackThis\backups\backup-20110111-170503-908.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationE:\PAI\PortableApps\Spyware removers\HijackThis\backups\backup-20110111-170508-336.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationE:\PAI\PortableApps\Spyware removers\HijackThis\backups\backup-20130502-162013-218.dll a variant of Win32/Adware.GooochiBiz.AO applicationE:\PAI\PortableApps\Spyware removers\HijackThis\backups\backup-20130601-111603-496.dll Win32/Wajam.A potentially unwanted applicationE:\PAI\PortableApps\Spyware removers\HijackThis\backups\backup-20130601-111705-531.dll a variant of Win32/Adware.Yontoo.A applicationE:\PAI\PortableApps\Spyware removers\HijackThis\backups\backup-20130601-111808-580.dll Win32/Wajam.A potentially unwanted applicationE:\PAI\PortableApps\Spyware removers\HijackThis\backups\backup-20130606-161920-382.dll a variant of Win32/Adware.MultiPlug.I applicationE:\PAI\PortableApps\Spyware removers\HijackThis\backups\backup-20130610-150649-230.dll a variant of Win32/Toolbar.Escort.A potentially unwanted applicationE:\PAI\PortableApps\Spyware removers\HijackThis\backups\backup-20130610-150650-214.dll a variant of Win32/AdWare.DealCabby.C applicationE:\PAI\PortableApps\Spyware removers\HijackThis\backups\backup-20130610-150650-849.dll a variant of Win32/AdWare.PricePeep.B applicationE:\PAI\PortableApps\Spyware removers\HijackThis\backups\backup-20130624-133341-592.dll Win32/Toolbar.Conduit.N potentially unwanted applicationE:\PAI\PortableApps\Spyware removers\HijackThis\backups\backup-20130624-133430-291.dll Win32/Toolbar.Conduit.N potentially unwanted applicationE:\PAI\PortableApps\Spyware removers\HijackThis\backups\backup-20131106-170720-658.dll a variant of Win32/Toolbar.DefaultTab.B potentially unwanted applicationE:\PAI\PortableApps\Spyware removers\SmitFraud - SpyAxe\SmitfraudFix_v2.423.exe Win32/PrcView potentially unsafe applicationE:\PAI\PortableApps\Spyware removers\SmitFraud - SpyAxe\smitRem.exe Win32/PrcView potentially unsafe applicationE:\PAI\PortableApps\Spyware removers\SpywareQuake\2. smitRem in safe mode\smitRem.exe Win32/PrcView potentially unsafe applicationE:\PAI\PortableApps\Wireless Key View\x64\WirelessKeyView.exe a variant of Win64/WirelessKeyView.B potentially unsafe applicationE:\PAI\PortableApps\Wireless Key View\x86\WirelessKeyView.exe a variant of Win32/WirelessKeyView.A potentially unsafe applicationE:\Stuff to Keep\AutoIT Decompiler\samples\VanZande1 Obfuscated\Simon_obfu.au3 Win32/Packed.Autoit.A.Gen potentially unwanted applicationE:\Stuff to Keep\AutoIT Decompiler\samples\VanZande2 Obfuscated\VanZandeObfuscated-Protect_Obfuscated-tidy.au3 Win32/Packed.Autoit.A.Gen potentially unwanted applicationE:\Stuff to Keep\AutoIT Decompiler\samples\VanZande2 Obfuscated\VanZandeObfuscated-Protect_Obfuscated.au3 Win32/Packed.Autoit.A.Gen potentially unwanted applicationE:\Stuff to Keep\AutoIT Decompiler\samples\VanZande3 Obfuscated\newprep.au3 Win32/Packed.Autoit.A.Gen potentially unwanted applicationE:\WinBuilder\ISO\HddBoot\GenaPrograms\ProduKey_Nirsoft\ProduKey.exe a variant of Win32/PSWTool.ProductKey potentially unsafe applicationE:\WinBuilder\ISO\ISOBoot\GenaPrograms\ProduKey_Nirsoft\ProduKey.exe a variant of Win32/PSWTool.ProductKey potentially unsafe applicationE:\WinBuilder\ISO\ISOBoot\I386\System32\hiderun.exe Win32/HideRun.A potentially unwanted applicationE:\WinBuilder\Projects\Tools\Gena\x64\hiderun_x64.exe Win64/HideRun.A potentially unwanted applicationE:\WinBuilder\Projects\Tools\Gena\x86\hiderun_x86.exe Win32/HideRun.A potentially unwanted applicationE:\WinBuilder\Projects\Tools\Win7PESE\x64\hiderun_x64.exe Win64/HideRun.A potentially unwanted applicationE:\WinBuilder\Projects\Tools\Win7PESE\x86\hiderun_x86.exe Win32/HideRun.A potentially unwanted applicationE:\WinBuilder\Projects\Tools\Win8.1SE\x64\hiderun_x64.exe Win64/HideRun.A potentially unwanted applicationE:\WinBuilder\Projects\Tools\Win8.1SE\x86\hiderun_x86.exe Win32/HideRun.A potentially unwanted applicationE:\WinBuilder\Projects\Tools\Win8PESE\x64\hiderun_x64.exe Win64/HideRun.A potentially unwanted applicationE:\WinBuilder\Projects\Tools\Win8PESE\x86\hiderun_x86.exe Win32/HideRun.A potentially unwanted applicationE:\WinBuilder\Target\Gena\GenaPrograms\ProduKey_Nirsoft\ProduKey.exe a variant of Win32/PSWTool.ProductKey potentially unsafe applicationE:\WinBuilder\Target\Gena\I386\System32\hiderun.exe Win32/HideRun.A potentially unwanted applicationE:\WinBuilder\Target\Win7PESE\Windows\System32\hiderun.exe Win32/HideRun.A potentially unwanted applicationE:\WinBuilder\Target\Win8.1SE\Windows\System32\hiderun.exe Win64/HideRun.A potentially unwanted applicationE:\WinBuilder\Target\Win8PESE\Windows\System32\hiderun.exe Win64/HideRun.A potentially unwanted applicationE:\WinBuilder\Temp\Gena\TempExtractFolder\ProduKey_Nirsoft\ProduKey_Nirsoft\ProduKey.exe a variant of Win32/PSWTool.ProductKey potentially unsafe applicationE:\WinBuilder\Workbench\Common\Avira\Avira Free Antivirus\apnic.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationE:\WinBuilder\Workbench\Common\Download_Gena\Projects\Tools\Gena\x64\hiderun_x64.exe Win64/HideRun.A potentially unwanted applicationE:\WinBuilder\Workbench\Common\Download_Gena\Projects\Tools\Gena\x86\hiderun_x86.exe Win32/HideRun.A potentially unwanted applicationE:\WinBuilder\Workbench\Common\Download_Win7PESE\Projects\Tools\Win7PESE\x64\hiderun_x64.exe Win64/HideRun.A potentially unwanted applicationE:\WinBuilder\Workbench\Common\Download_Win7PESE\Projects\Tools\Win7PESE\x86\hiderun_x86.exe Win32/HideRun.A potentially unwanted applicationE:\WinBuilder\Workbench\Common\Download_Win8PESE\Projects\Tools\Win8PESE\x64\hiderun_x64.exe Win64/HideRun.A potentially unwanted applicationE:\WinBuilder\Workbench\Common\Download_Win8PESE\Projects\Tools\Win8PESE\x86\hiderun_x86.exe Win32/HideRun.A potentially unwanted applicationE:\WinBuilder\Workbench\Common\Recuva\RecuvaInstall.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application FRST.txt is way too big for the message: FRST.txt
  4. Thanks for the reply. Before I did all this, I found two Ruby32 processes running, killed them, and deleted the directories in Temp. But I suspect that wasn't enough since it has come back before. Last step first: There is no RogueKill log anywhere. In fact there is no applicable file on my disk that contains the string RogueKill (per Agent Ransack). But it did do something; see attached. ---------------------------------------------------------- Rkill 2.6.7 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2014 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 06/22/2014 08:14:19 AM in x64 mode.Windows Version: Windows 8.1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * MsKeyboardFilter [Missing Service] * CSC [Missing Service] * E1G60 [Missing Service] * HdAudAddService [Missing Service] * kbldfltr [Missing Service] * storvsp [Missing Service] * Vid [Missing Service] * vmbusr [Missing Service] * vpcivsp [Missing Service] * WIMMount => \??\E:\WinBuilder\Projects\Tools\Win8.1SE\X64\wimmount.sys [incorrect ImagePath] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 06/22/2014 08:15:08 AMExecution time: 0 hours(s), 0 minute(s), and 49 seconds(s) ---------------------------------------------------------- <?xml version="1.0" encoding="UTF-16" ?><mbam-log><header><date>2014/06/22 08:21:51 -0400</date><logfile>mbam-log-2014-06-22 (08-21-50).xml</logfile><isadmin>yes</isadmin></header><engine><version>2.00.2.1012</version><malware-database>v2014.06.22.02</malware-database><rootkit-database>v2014.06.20.01</rootkit-database><license>premium</license><file-protection>enabled</file-protection><web-protection>enabled</web-protection><self-protection>disabled</self-protection></engine><system><osversion>Windows 8.1</osversion><arch>x64</arch><username>Jon</username><filesys>NTFS</filesys></system><summary><type>threat</type><result>completed</result><objects>319179</objects><time>1071</time><processes>0</processes><modules>0</modules><keys>0</keys><values>0</values><datas>0</datas><folders>0</folders><files>0</files><sectors>0</sectors></summary><options><memory>enabled</memory><startup>enabled</startup><filesystem>enabled</filesystem><archives>enabled</archives><rootkits>enabled</rootkits><deeprootkit>disabled</deeprootkit><heuristics>enabled</heuristics><pup>enabled</pup><pum>enabled</pum></options><items></items></mbam-log>
  5. I'm usually pretty good at removing malware but apparently not this one. Malwarebytes (paid) is popping up regularly blocking access to a website from C:\Users\Jon\AppData\Local\Temp\ocr{random}.tmp\ directory. Malwarebytes doesn't find it. I booted in Safe Mode with Command Prompt and deleted the entire temp directory and ran Malwarebytes with nothing found. But it's back. HijackThis! shows nothing I see as suspicious. FRST.txt Addition.txt
  6. This is a pretty weird one. A friend complained of popups and unexpected redirections. He has Microsoft Security Essentials on Win7 Home Premium x64, and it's up to date. So I installed MBAM and ran a quick scan. It found nothing. I found that his IE popup blocker was off and turned it on. Then I ran HijackThis. HJT warned me that it couldn't write to the Hosts file, and showed several redirects from the Hosts file. I found a Hosts file in C:\Windows\System32\Drivers\Etc. It was marked RHS and it was owned by Trusted Installer. I took ownership and removed the attributes. Opened it up and it was a perfectly normal Hosts file; just two entries for localhost (IPv4 and IPv6). I searched for Hosts from a 4NT command line, which allowed me to specify including files with any set of attributes. It found two on the C drive, one in the expected place and one deep down in the WInSxS folders. The second one is also a perfectly normal Hosts file with no redirects. But HJT still says it can't write to the Hosts file, and it shows those redirections. I confirmed that the redirections are active via ping and checking the DNS lookup on a free site. Where the heck is HJT finding this file? Do I have to run HJT under Process Monitor to find it??
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.