Jump to content

pmblood

Honorary Members
  • Posts

    31
  • Joined

  • Last visited

Everything posted by pmblood

  1. Since I've been running in Normal Startup since yesterday evening and haven't had unexpected reboots, How do I isolate the problem? By the way, I appreciate your help very much.
  2. How do we find the problem service if the error doesn't occur in normal mode?
  3. We are now running in normal mode and we are not getting the error message and it is not rebooting. Can just running the system in the clean boot clear up problems?
  4. I did everything through Step 4 to get "Clean Boot" I brought it up back into Normal mode and I did get one Serious System Error but the system did not reboot. So far, so good. Vino's Event Viewer v01c run on Windows XP in English Report run at 28/10/2013 6:41:27 PM Note: All dates below are in the format dd/mm/yyyy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'Application' Log - error Type~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Log: 'Application' Date/Time: 27/10/2013 11:39:57 PMType: error Category: 0Event: 11 Source: crypt32Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Log: 'Application' Date/Time: 27/10/2013 11:39:50 PMType: error Category: 0Event: 11 Source: crypt32Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Log: 'Application' Date/Time: 27/10/2013 11:39:50 PMType: error Category: 0Event: 11 Source: crypt32Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Log: 'Application' Date/Time: 27/10/2013 11:39:44 PMType: error Category: 0Event: 11 Source: crypt32Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Log: 'Application' Date/Time: 27/10/2013 11:38:25 PMType: error Category: 0Event: 11 Source: crypt32Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Log: 'Application' Date/Time: 27/10/2013 11:38:19 PMType: error Category: 0Event: 11 Source: crypt32Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Log: 'Application' Date/Time: 27/10/2013 11:38:19 PMType: error Category: 0Event: 11 Source: crypt32Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Log: 'Application' Date/Time: 27/10/2013 11:38:13 PMType: error Category: 0Event: 11 Source: crypt32Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Log: 'Application' Date/Time: 27/10/2013 11:38:12 PMType: error Category: 0Event: 11 Source: crypt32Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Log: 'Application' Date/Time: 27/10/2013 11:38:06 PMType: error Category: 0Event: 11 Source: crypt32Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'System' Log - error Type~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Log: 'System' Date/Time: 28/10/2013 5:42:51 PMType: error Category: 102Event: 1003 Source: System ErrorError code 00000044, parameter1 88a14e20, parameter2 00000d64, parameter3 00000000, parameter4 00000000. Log: 'System' Date/Time: 28/10/2013 5:36:12 PMType: error Category: 0Event: 7000 Source: Service Control ManagerThe MCSTRM service failed to start due to the following error: The system cannot find the file specified. Log: 'System' Date/Time: 28/10/2013 5:09:58 PMType: error Category: 102Event: 1003 Source: System ErrorError code 00000044, parameter1 88a14e20, parameter2 00000d64, parameter3 00000000, parameter4 00000000. Log: 'System' Date/Time: 28/10/2013 5:09:06 PMType: error Category: 0Event: 7006 Source: Service Control ManagerThe ScRegSetValueExW call failed for Start with the following error: Access is denied. Log: 'System' Date/Time: 28/10/2013 5:09:02 PMType: error Category: 0Event: 10005 Source: DCOMDCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE} Log: 'System' Date/Time: 28/10/2013 5:07:16 PMType: error Category: 0Event: 7000 Source: Service Control ManagerThe MCSTRM service failed to start due to the following error: The system cannot find the file specified. Log: 'System' Date/Time: 28/10/2013 5:03:32 PMType: error Category: 102Event: 1003 Source: System ErrorError code 1000008e, parameter1 c0000005, parameter2 a7cba217, parameter3 a615e91c, parameter4 00000000. Log: 'System' Date/Time: 28/10/2013 5:00:16 PMType: error Category: 0Event: 7000 Source: Service Control ManagerThe MCSTRM service failed to start due to the following error: The system cannot find the file specified. Log: 'System' Date/Time: 28/10/2013 4:53:53 PMType: error Category: 0Event: 7000 Source: Service Control ManagerThe MCSTRM service failed to start due to the following error: The system cannot find the file specified. Log: 'System' Date/Time: 28/10/2013 4:47:33 PMType: error Category: 0Event: 7000 Source: Service Control ManagerThe MCSTRM service failed to start due to the following error: The system cannot find the file specified.
  5. Vino's Event Viewer v01c run on Windows XP in English Report run at 28/10/2013 12:20:55 PM Note: All dates below are in the format dd/mm/yyyy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - error Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'Application' Date/Time: 27/10/2013 11:39:57 PM Type: error Category: 0 Event: 11 Source: crypt32 Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Log: 'Application' Date/Time: 27/10/2013 11:39:50 PM Type: error Category: 0 Event: 11 Source: crypt32 Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Log: 'Application' Date/Time: 27/10/2013 11:39:50 PM Type: error Category: 0 Event: 11 Source: crypt32 Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Log: 'Application' Date/Time: 27/10/2013 11:39:44 PM Type: error Category: 0 Event: 11 Source: crypt32 Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Log: 'Application' Date/Time: 27/10/2013 11:38:25 PM Type: error Category: 0 Event: 11 Source: crypt32 Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Log: 'Application' Date/Time: 27/10/2013 11:38:19 PM Type: error Category: 0 Event: 11 Source: crypt32 Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Log: 'Application' Date/Time: 27/10/2013 11:38:19 PM Type: error Category: 0 Event: 11 Source: crypt32 Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Log: 'Application' Date/Time: 27/10/2013 11:38:13 PM Type: error Category: 0 Event: 11 Source: crypt32 Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Log: 'Application' Date/Time: 27/10/2013 11:38:12 PM Type: error Category: 0 Event: 11 Source: crypt32 Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Log: 'Application' Date/Time: 27/10/2013 11:38:06 PM Type: error Category: 0 Event: 11 Source: crypt32 Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'System' Log - error Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'System' Date/Time: 28/10/2013 7:38:25 AM Type: error Category: 0 Event: 10005 Source: DCOM DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Log: 'System' Date/Time: 28/10/2013 7:37:04 AM Type: error Category: 0 Event: 10005 Source: DCOM DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Log: 'System' Date/Time: 28/10/2013 7:24:31 AM Type: error Category: 0 Event: 10005 Source: DCOM DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Log: 'System' Date/Time: 28/10/2013 7:24:16 AM Type: error Category: 0 Event: 7026 Source: Service Control Manager The following boot-start or system-start driver(s) failed to load: aswRvrt aswSnx aswSP aswTdi aswVmm BHDrvx86 ccSet_N360 eeCtrl Fips intelppm SRTSPX SymIRON SYMTDI Log: 'System' Date/Time: 28/10/2013 7:23:30 AM Type: error Category: 0 Event: 10005 Source: DCOM DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Log: 'System' Date/Time: 28/10/2013 7:23:20 AM Type: error Category: 0 Event: 10005 Source: DCOM DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Log: 'System' Date/Time: 28/10/2013 6:40:13 AM Type: error Category: 0 Event: 7000 Source: Service Control Manager The MCSTRM service failed to start due to the following error: The system cannot find the file specified. Log: 'System' Date/Time: 28/10/2013 6:36:35 AM Type: error Category: 102 Event: 1003 Source: System Error Error code 100000d1, parameter1 00000004, parameter2 00000002, parameter3 00000001, parameter4 a735a7bf. Log: 'System' Date/Time: 28/10/2013 6:32:26 AM Type: error Category: 0 Event: 7000 Source: Service Control Manager The MCSTRM service failed to start due to the following error: The system cannot find the file specified. Log: 'System' Date/Time: 28/10/2013 6:30:04 AM Type: error Category: 0 Event: 10005 Source: DCOM DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
  6. Repeatedly get "System just recovered from serious error" and reboots itself. This has happened during the last month infrequently (once every few days) until yesterday. Don't know whether it is hardware or virus. It will boot in Safe Mode but cannot download web pages even though it says network is up. Just went through a process of cleaning out viruses (See topic 134385).
  7. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.19.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 User :: KAY [administrator] 10/19/2013 7:08:02 AM mbam-log-2013-10-19 (07-08-02).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 214456 Time elapsed: 9 minute(s), 36 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\RECYCLER\S-1-5-21-1935655697-1085031214-725345543-1004\Dc3.exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully. (end)
  8. # AdwCleaner v3.008 - Report created 19/10/2013 at 06:56:40 # Updated 17/10/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : User - KAY # Running from : C:\Documents and Settings\User\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v24.0 (en-US) [ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r3ylsglz.default\prefs.js ] -\\ Google Chrome v30.0.1599.101 [ File : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] [ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [3310 octets] - [13/10/2013 10:37:27] AdwCleaner[R1].txt - [3370 octets] - [13/10/2013 17:33:44] AdwCleaner[R2].txt - [1267 octets] - [19/10/2013 06:54:30] AdwCleaner[s0].txt - [3473 octets] - [13/10/2013 17:35:08] AdwCleaner[s1].txt - [1188 octets] - [19/10/2013 06:56:40] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1248 octets] ##########
  9. JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Fri Oct 18 22:09:42 2013 JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Fri Oct 18 22:24:37 2013 Found and removed: C:\Program Files\Java\jre6 Found and removed: C:\Documents and Settings\User\Application Data\Sun\Java\jre1.6.0_11 Found and removed: C:\Documents and Settings\User\Application Data\Sun\Java\jre1.6.0_12 Found and removed: C:\Documents and Settings\User\Application Data\Sun\Java\jre1.6.0_15 Found and removed: C:\Documents and Settings\User\Application Data\Sun\Java\jre1.6.0_17 Found and removed: C:\Documents and Settings\User\Application Data\Sun\Java\jre1.6.0_19 Found and removed: C:\Documents and Settings\User\Application Data\Sun\Java\jre1.6.0_20 Found and removed: C:\Documents and Settings\User\Application Data\Sun\Java\jre1.6.0_21 Found and removed: C:\Documents and Settings\User\Application Data\Sun\Java\jre1.6.0_22 Found and removed: C:\Documents and Settings\User\Application Data\Sun\Java\jre1.6.0_23 Found and removed: C:\Documents and Settings\User\Application Data\Sun\Java\jre1.6.0_24 Found and removed: C:\Documents and Settings\User\Application Data\Sun\Java\jre1.6.0_26 Found and removed: C:\Documents and Settings\User\Application Data\Sun\Java\jre1.6.0_29 Found and removed: C:\Documents and Settings\User\Application Data\Sun\Java\jre1.6.0_31 Found and removed: C:\Documents and Settings\User\Application Data\Sun\Java\jre1.7.0_05 Found and removed: C:\Documents and Settings\User\Application Data\Sun\Java\jre1.7.0_07 Found and removed: Applications\java.exe Found and removed: Applications\javaw.exe Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB} Found and removed: Software\JavaSoft\Java Update Found and removed: Software\JavaSoft\Java2D\1.5.0_11 Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.6 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBB} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBC} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B03 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B04 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B06 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B03 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B04 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B06 Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1 Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.1 Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.2 Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.3 Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2 Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2.1 Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3 Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3.1 Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4 Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.1 Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.2 Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.5 Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\Installer\Features\F60730A4A66673047777F5728467D401 Found and removed: SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\A5CCAAC40F5B69B47777ACF82566467C Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-applet Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-jnlp-file Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\JAVA_SUN Found and removed: SOFTWARE\Microsoft\Internet Explorer\Low Rights Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaws.exe Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A5CCAAC40F5B69B47777ACF82566467C Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225FA5D4CDB0C57489E7F511C11D0182 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225FC5D4ADB0C57489E7F511C11D0182 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225FC5D4BDB0C57489E7F511C11D0182 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225FC5D4CDB0C57489E7F511C11D0182 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\52AAFD69654C07446983ADA1256FC7A9 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD9BB15F1AC776D49B768EDF5A02B896 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1215CC4312C58A4A8F9D630115FB457 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} Found and removed: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\MozillaPlugins Found and removed: SYSTEM\ControlSet001\Enum\Root\LEGACY_JAVAQUICKSTARTERSERVICE Found and removed: SYSTEM\ControlSet001\Services\Eventlog\Application\JavaQuickStarterService Found and removed: SYSTEM\ControlSet001\Services\JavaQuickStarterService JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Fri Oct 18 22:26:25 2013 Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} ------------------------------------ Finished reporting. JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Fri Oct 18 22:32:13 2013 ------------------------------------ Finished reporting. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013 Ran by User at 2013-10-18 22:44:47 Run:1 Running from C:\Documents and Settings\User\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Data\Downloads\cnet_revosetup_exe.exe C:\Data\Downloads\frzfonts_d165396.exe C:\Data\Downloads\ClipArt & backgrounds\iLividSetup.exe J:\Documents and Settings\Mike\My Documents\Downloads\cnet_revosetup_exe.exe J:\Documents and Settings\Mike\My Documents\Downloads\frzfonts_d165396.exe J:\Original Data Mike's\Downloads\jZip\jZipV1c.exe Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Register.lnk KCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://download.eset...lineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" S2 gupdate1c95cb9c0e2c704; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-17] (Google Inc.) R3 ALSysIO; \??\C:\DOCUME~1\User\LOCALS~1\Temp\ALSysIO.sys [x] S3 gwiopm; \??\J:\Old Backup from Mike's\C\Documents and Settings\Mike\My Documents\Downloads\gwiopm.sys [x] C:\Documents and Settings\User\jobq.dat C:\Documents and Settings\User\Local Settings\Temp\Quarantine.exe Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ***************** C:\Data\Downloads\cnet_revosetup_exe.exe => Moved successfully. C:\Data\Downloads\frzfonts_d165396.exe => Moved successfully. C:\Data\Downloads\ClipArt & backgrounds\iLividSetup.exe => Moved successfully. J:\Documents and Settings\Mike\My Documents\Downloads\cnet_revosetup_exe.exe => Moved successfully. J:\Documents and Settings\Mike\My Documents\Downloads\frzfonts_d165396.exe => Moved successfully. J:\Original Data Mike's\Downloads\jZip\jZipV1c.exe => Moved successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Register.lnk => Moved successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found. HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key not found. HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found. HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} => Key not found. HKCR\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{233C1507-6A77-46A4-9443-F871F945D258} => Key deleted successfully. HKCR\CLSID\{233C1507-6A77-46A4-9443-F871F945D258} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71} => Key deleted successfully. HKCR\CLSID\{31435657-9980-0010-8000-00AA00389B71} => Key not found. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6414512B-B978-451D-A0D8-FCFDF33E833C} => Key deleted successfully. HKCR\CLSID\{6414512B-B978-451D-A0D8-FCFDF33E833C} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5} => Key deleted successfully. HKCR\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key deleted successfully. HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} => Key deleted successfully. HKCR\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} => Key not found. HKCR\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} => Key not found. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} => Key deleted successfully. HKCR\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} => Key not found. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} => Key deleted successfully. HKCR\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} => Key not found. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} => Key deleted successfully. HKCR\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} => Key not found. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} => Key deleted successfully. HKCR\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} => Key not found. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key deleted successfully. HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key not found. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} => Key deleted successfully. HKCR\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} => Key not found. HKLM\Software\MozillaPlugins\@java.com/JavaPlugin => Key not found. C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll not found. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} => Moved successfully. C:\Program Files\Java\jre6\lib\deploy\jqs\ff => not found. JavaQuickStarterService => Service not found. gupdate1c95cb9c0e2c704 => Service deleted successfully. ALSysIO => Service deleted successfully. gwiopm => Service deleted successfully. C:\Documents and Settings\User\jobq.dat => Moved successfully. "C:\Documents and Settings\User\Local Settings\Temp\Quarantine.exe" => File/Directory not found. C:\WINDOWS\Tasks\Google Software Updater.job => Moved successfully. C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully. C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully. The system needs a manual reboot. ==== End of Fixlog ====
  10. Have installed Antivirus program. Working on updating Adobe and Java. No issues or concerns remaining. Thanks so much for your help.
  11. As far as we can tell, there are no more issues. We will be installing an Antivirus Suite. Results of screen317's Security Check version 0.99.74 Windows 7 Service Pack 1 x64 (UAC is disabled!) ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 22 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! Google Chrome 27.0.1453.116 Google Chrome 28.0.1500.72 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  12. Ran MBAM. Will now run Screen317 Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.10.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Family :: FAMILY-PC [administrator] 10/15/2013 4:17:12 PM mbam-log-2013-10-15 (16-17-12).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 251886 Time elapsed: 8 minute(s), 54 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  13. There is currently a required application on this computer that needs Java 6. How should I handle this?
  14. Ran Dr Web to completion in normal mode. No threats found. No report option. System didn't reboot as before.
  15. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013 Ran by User (administrator) on KAY on 14-10-2013 08:20:53 Running from C:\Documents and Settings\User\Desktop Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (Seiko Epson Corporation) C:\WINDOWS\system32\EscSvc.exe (Microsoft Corporation) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (GFI Software Ltd.) C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe (GFI Software Ltd.) C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe (Google Inc.) C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe (Secunia) C:\Program Files\Secunia\PSI\PSIA.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (Nuance Communications, Inc.) C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (BillP Studios) C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe (Belkin) C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe (Microsoft® Corporation) C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe () C:\Documents and Settings\User\Desktop\Programs\Core Temp.exe (SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIJAE.EXE (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe (Sony Corporation) C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe () C:\Program Files\ScreenThemes\scthemes.exe (Foxit Corporation) C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe (Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [OpwareSE4] - C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [73728 2007-06-13] (Nuance Communications, Inc.) HKLM\...\Run: [sSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG) HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [18782720 2009-10-16] (Realtek Semiconductor Corp.) HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] () HKLM\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [320832 2009-10-10] (BillP Studios) HKLM\...\Run: [iSUSPM Startup] - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [196608 2004-04-17] (InstallShield Software Corporation) HKLM\...\Run: [iSUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation) HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [296096 2012-09-03] (RealNetworks, Inc.) HKLM\...\Run: [F5D7050v3] - C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe [1654784 2007-10-30] (Belkin) HKLM\...\Run: [Microsoft Works Update Detection] - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [50688 2003-06-07] (Microsoft® Corporation) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION) HKLM\...\Run: [FUFAXRCV] - C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.) HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.) HKCU\...\Run: [Core Temp] - C:\Documents and Settings\User\Desktop\Programs\Core Temp.exe [378384 2010-04-10] () HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIJAE.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION) HKCU\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [20474016 2013-10-02] (Skype Technologies S.A.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Camio Viewer.lnk ShortcutTarget: Camio Viewer.lnk -> C:\Program Files\Jasc Software Inc\After Shot\IXApplet.exe (Jasc Software) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk ShortcutTarget: Event Reminder.lnk -> C:\Program Files\PrintMaster Platinum 17\Remind.exe (Broderbund Properties LLC) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk ShortcutTarget: hp psc 1000 series.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Register.lnk ShortcutTarget: Register.lnk -> C:\Program Files\AzureBay\AzureBay Screen Saver\Register.exe (AzureBay) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk ShortcutTarget: Picture Motion Browser Media Check Tool.lnk -> C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation) Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\ScreenThemes.lnk ShortcutTarget: ScreenThemes.lnk -> C:\Program Files\ScreenThemes\scthemes.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF8A2B3B199ADCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.familysearch.org/ SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227917268562 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r3ylsglz.default FF SelectedSearchEngine: Yahoo! FF Homepage: www.google.com FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Software Company) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin: @real.com/nppl3260;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.) FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF FF Extension: Norton Vulnerability Protection - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll () CHR Plugin: (XFINITY Constant Guard Protection Suite Add-on) - C:\Program Files\Constant Guard Protection Suite\CHROME\plugin/IdVault.Chrome.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Google\Chrome\Application\plugins\npMozCouponPrinter.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.) CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Software Company) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Java Platform SE 7 U13) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) CHR Extension: (YouTube) - C:\DOCUME~1\User\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\DOCUME~1\User\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Calculator) - C:\DOCUME~1\User\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\decmldkknaaemlafplkkdmmmelbdnlja\3.5.2_0 CHR Extension: (Google Calendar) - C:\DOCUME~1\User\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0 CHR Extension: (Sunflowers) - C:\DOCUME~1\User\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\iempnicmekabbnffhpbkdjkmelcpjlep\1.0_0 CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\DOCUME~1\User\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0 CHR Extension: (Quick Note) - C:\DOCUME~1\User\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.6.0_0 CHR Extension: (Norton Identity Protection) - C:\DOCUME~1\User\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0 CHR Extension: (Chrome In-App Payments service) - C:\DOCUME~1\User\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 CHR Extension: (Gmail) - C:\DOCUME~1\User\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\Exts\Chrome.crx ========================== Services (Whitelisted) ================= R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [1575184 2011-06-10] (Blue Coat Systems, Inc.) R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [539744 2012-05-10] (SEIKO EPSON CORPORATION) R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation) R2 GFIBckHAtt; C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe [858480 2010-07-30] (GFI Software Ltd.) R2 GFIBckHSched; C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE [2324848 2010-07-30] (GFI Software Ltd.) S2 gupdate1c95cb9c0e2c704; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-17] (Google Inc.) R2 N360; C:\Program Files\Norton Security Suite\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation) R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [987704 2010-12-21] (Secunia) S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2010-12-21] (Secunia) R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" ==================== Drivers (Whitelisted) ==================== R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [20747 2012-11-14] (Meetinghouse Data Communications) R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.) R1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.) S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative) R1 bckd; C:\Windows\System32\drivers\bckd.sys [86544 2011-06-10] (Blue Coat Systems, Inc.) R1 BHDrvx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130924.001\BHDrvx86.sys [1097304 2013-09-23] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation) S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] () R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-26] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-26] (Symantec Corporation) R4 GTNDIS5; C:\PROGRA~1\Belkin\F5D705~1\GTNDIS5.SYS [15872 2003-09-25] (Printing Communications Assoc., Inc. (PCAUSA)) S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51024 2003-03-09] (HP) S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16080 2003-03-09] (HP) S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21456 2003-03-09] (HP) R3 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131011.001\IDSxpx86.sys [380824 2013-10-09] (Symantec Corporation) S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.) R3 NAVENG; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131013.021\NAVENG.SYS [93272 2013-08-28] (Symantec Corporation) R3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131013.021\NAVEX15.SYS [1612376 2013-08-28] (Symantec Corporation) R2 osaio; C:\WINDOWS\system32\drivers\osaio.sys [7296 2010-04-10] (OSA Technologies, An Avocent Company) R3 pfc; C:\Windows\System32\drivers\pfc.sys [21248 2003-09-20] (Padus, Inc.) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia) R3 RT73; C:\Windows\System32\DRIVERS\rt73.sys [451968 2007-10-02] (Ralink Technology, Corp.) S3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [14080 2009-06-10] (Saitek) S3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [36992 2009-06-10] (Saitek) S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2010-07-28] (Silicon Laboratories) S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58112 2010-07-28] (Silicon Laboratories) R3 SMBios; C:\Windows\System32\DRIVERS\SMBios.sys [36484 2003-11-03] (Intel Corporation) R3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-15] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-20] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-22] (Symantec Corporation) R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142496 2013-07-23] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2012-07-27] (Symantec Corporation) R1 SYMTDI; C:\Windows\System32\Drivers\N360\1404000.028\SYMTDI.SYS [396760 2013-04-24] (Symantec Corporation) R3 ALSysIO; \??\C:\DOCUME~1\User\LOCALS~1\Temp\ALSysIO.sys [x] S1 AntiLog32; \??\C:\WINDOWS\system32\drivers\AntiLog32.sys [x] S3 catchme; \??\C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys [x] S3 gwiopm; \??\J:\Old Backup from Mike's\C\Documents and Settings\Mike\My Documents\Downloads\gwiopm.sys [x] S4 IntelIde; No ImagePath S3 keycrypt; system32\DRIVERS\KeyCrypt32.sys [x] S2 MCSTRM; No ImagePath S3 PalmUSBD; system32\drivers\PalmUSBD.sys [x] U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U3 TlntSvr; S3 USBMULCD; system32\drivers\CM106.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-14 08:20 - 2013-10-14 08:20 - 00000000 ____D C:\FRST 2013-10-14 08:19 - 2013-10-14 08:19 - 01087213 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe 2013-10-13 21:16 - 2013-10-13 21:16 - 00001568 _____ C:\Documents and Settings\User\Desktop\Eset Report.txt 2013-10-13 18:08 - 2013-10-13 18:08 - 00000000 ____D C:\Program Files\ESET 2013-10-13 17:37 - 2013-10-14 08:03 - 03877096 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2013-10-13 16:49 - 2013-10-13 21:47 - 00000000 ____D C:\Program Files\Mozilla Thunderbird 2013-10-13 10:36 - 2013-10-13 17:35 - 00000000 ____D C:\AdwCleaner 2013-10-13 10:36 - 2013-10-13 10:36 - 01048960 _____ C:\Documents and Settings\User\Desktop\AdwCleaner.exe 2013-10-13 10:10 - 2013-10-13 10:10 - 00003003 _____ C:\Documents and Settings\User\Desktop\JRT.txt 2013-10-13 10:05 - 2013-10-13 10:05 - 00000000 ____D C:\WINDOWS\ERUNT 2013-10-13 10:03 - 2013-10-13 10:03 - 01032220 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe 2013-10-13 09:23 - 2013-10-13 09:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2013-10-13 09:23 - 2013-10-13 09:23 - 00105176 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2013-10-13 09:21 - 2013-10-13 09:21 - 00047064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2013-10-12 23:07 - 2013-10-12 23:07 - 00001845 _____ C:\Documents and Settings\User\Desktop\Chrome App Launcher.lnk 2013-10-12 23:07 - 2013-10-12 23:07 - 00000000 ____D C:\Documents and Settings\User\Start Menu\Programs\Google Chrome 2013-10-12 11:21 - 2013-10-12 11:21 - 00006643 _____ C:\Documents and Settings\User\My Documents\ComboFix.zip 2013-10-12 11:10 - 2013-10-12 11:10 - 00020021 _____ C:\ComboFix.txt 2013-10-12 11:00 - 2008-11-28 13:28 - 00000211 _____ C:\Boot.bak 2013-10-12 10:59 - 2013-10-12 11:00 - 00000000 _RSHD C:\cmdcons 2013-10-12 10:59 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr 2013-10-12 10:56 - 2011-06-26 00:45 - 00256000 _____ C:\WINDOWS\PEV.exe 2013-10-12 10:56 - 2010-11-07 11:20 - 00208896 _____ C:\WINDOWS\MBR.exe 2013-10-12 10:56 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2013-10-12 10:56 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2013-10-12 10:56 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2013-10-12 10:56 - 2000-08-30 18:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2013-10-12 10:56 - 2000-08-30 18:00 - 00098816 _____ C:\WINDOWS\sed.exe 2013-10-12 10:56 - 2000-08-30 18:00 - 00080412 _____ C:\WINDOWS\grep.exe 2013-10-12 10:56 - 2000-08-30 18:00 - 00068096 _____ C:\WINDOWS\zip.exe 2013-10-12 10:55 - 2013-10-12 11:10 - 00000000 ____D C:\Qoobox 2013-10-12 10:55 - 2013-10-12 11:08 - 00000000 ____D C:\WINDOWS\erdnt 2013-10-12 08:44 - 2013-10-12 08:44 - 00094208 _____ C:\WINDOWS\Minidump\Mini101213-01.dmp 2013-10-09 12:42 - 2013-10-09 12:42 - 00094208 _____ C:\WINDOWS\Minidump\Mini100913-01.dmp 2013-10-09 11:01 - 2013-10-13 23:07 - 00000000 ____D C:\Documents and Settings\User\Desktop\mission 2013-10-08 23:45 - 2013-10-08 23:45 - 00129973 _____ C:\WINDOWS\KB2862335.log 2013-10-08 23:45 - 2013-10-08 23:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$ 2013-10-08 23:45 - 2013-10-08 23:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$ 2013-10-08 23:33 - 2013-10-08 23:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$ 2013-10-08 23:32 - 2013-10-08 23:33 - 00011560 _____ C:\WINDOWS\KB2868038.log 2013-10-08 23:29 - 2013-10-08 23:31 - 00011825 _____ C:\WINDOWS\KB2879017-IE8.log 2013-10-08 23:29 - 2013-10-08 23:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$ 2013-10-08 23:28 - 2013-10-08 23:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$ 2013-10-08 21:44 - 2013-10-08 23:45 - 00132900 _____ C:\WINDOWS\KB2847311.log 2013-10-08 21:42 - 2013-07-16 18:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys 2013-10-08 21:41 - 2013-08-08 18:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys 2013-10-08 21:41 - 2013-08-08 18:55 - 00032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys 2013-10-08 21:41 - 2013-08-08 18:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys 2013-10-08 21:41 - 2009-03-18 05:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys 2013-10-07 14:20 - 2013-10-07 14:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8 2013-10-05 11:07 - 2013-10-05 11:07 - 00000000 ____D C:\Documents and Settings\User\Application Data\Malwarebytes 2013-10-05 10:55 - 2013-10-05 10:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-05 10:55 - 2013-10-05 10:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2013-10-05 10:55 - 2013-10-05 10:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2013-10-05 10:55 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2013-10-04 14:59 - 2013-10-04 14:59 - 00008280 _____ C:\Documents and Settings\User\Desktop\RKreport[0]_S_10042013_145931.txt 2013-10-04 14:18 - 2013-10-04 14:18 - 00000000 ____D C:\Documents and Settings\User\Application Data\PowerAgent 2013-10-04 14:16 - 2013-10-04 14:16 - 00001804 _____ C:\Documents and Settings\User\Desktop\FSSS Production.lnk 2013-10-04 14:16 - 2013-10-04 14:16 - 00000000 ____D C:\Documents and Settings\User\Start Menu\Programs\Amdocs SmartClient CRM 2013-10-04 14:13 - 2013-10-04 14:13 - 00000000 ____D C:\Program Files\Common Files\Java 2013-10-04 14:11 - 2013-10-04 14:10 - 00162224 _____ (Sun Microsystems, Inc.) C:\WINDOWS\system32\javaws.exe 2013-10-04 14:11 - 2013-10-04 14:10 - 00149936 _____ (Sun Microsystems, Inc.) C:\WINDOWS\system32\javaw.exe 2013-10-04 14:11 - 2013-10-04 14:10 - 00149936 _____ (Sun Microsystems, Inc.) C:\WINDOWS\system32\java.exe 2013-10-04 13:44 - 2013-10-04 13:44 - 00000156 _____ C:\Documents and Settings\User\Desktop\EMEASUPORT.url 2013-09-30 08:03 - 2013-09-30 08:02 - 00094208 _____ C:\WINDOWS\Minidump\Mini093013-01.dmp 2013-09-29 22:44 - 2013-10-04 14:10 - 00073728 _____ (Sun Microsystems, Inc.) C:\WINDOWS\system32\javacpl.cpl 2013-09-27 17:00 - 2013-09-27 18:12 - 06363648 _____ C:\Documents and Settings\User\My Documents\Baptism Regan.car 2013-09-24 14:46 - 2013-09-24 14:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes 2013-09-24 14:45 - 2013-09-24 14:46 - 00000000 ____D C:\Program Files\iTunes 2013-09-24 14:45 - 2013-09-24 14:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-09-24 14:45 - 2013-09-24 14:45 - 00000000 ____D C:\Program Files\iPod 2013-09-24 14:44 - 2013-09-24 14:44 - 00000000 ____D C:\Documents and Settings\Default User\Application Data\Apple Computer 2013-09-21 21:28 - 2013-09-21 21:28 - 00346112 _____ C:\Documents and Settings\User\My Documents\RS Visiting Teaching Sept 13.sig ==================== One Month Modified Files and Folders ======= 2013-10-14 08:20 - 2013-10-14 08:20 - 00000000 ____D C:\FRST 2013-10-14 08:19 - 2013-10-14 08:19 - 01087213 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe 2013-10-14 08:07 - 2012-11-14 12:20 - 00000000 _____ C:\Documents and Settings\User\order.txt 2013-10-14 08:06 - 2012-10-16 17:19 - 00000276 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-1085031214-725345543-1004.job 2013-10-14 08:06 - 2008-11-28 13:32 - 01764475 _____ C:\WINDOWS\WindowsUpdate.log 2013-10-14 08:05 - 2009-07-24 16:34 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-14 08:04 - 2008-11-28 13:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-10-14 08:04 - 2008-11-28 06:26 - 00000159 _____ C:\WINDOWS\wiadebug.log 2013-10-14 08:04 - 2008-11-28 06:26 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-10-14 08:03 - 2013-10-13 17:37 - 03877096 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2013-10-14 08:03 - 2008-11-28 13:42 - 00000178 ___SH C:\Documents and Settings\User\ntuser.ini 2013-10-14 08:03 - 2008-11-28 13:39 - 00032538 _____ C:\WINDOWS\SchedLgU.Txt 2013-10-14 07:55 - 2012-11-25 19:19 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-10-13 23:34 - 2011-04-13 17:55 - 00000000 ____D C:\Documents and Settings\User\Application Data\Skype 2013-10-13 23:07 - 2013-10-09 11:01 - 00000000 ____D C:\Documents and Settings\User\Desktop\mission 2013-10-13 22:55 - 2009-07-24 16:34 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-13 22:54 - 2013-09-10 12:03 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-10-13 21:47 - 2013-10-13 16:49 - 00000000 ____D C:\Program Files\Mozilla Thunderbird 2013-10-13 21:16 - 2013-10-13 21:16 - 00001568 _____ C:\Documents and Settings\User\Desktop\Eset Report.txt 2013-10-13 18:08 - 2013-10-13 18:08 - 00000000 ____D C:\Program Files\ESET 2013-10-13 18:08 - 2009-02-17 04:28 - 00663322 _____ C:\WINDOWS\setupapi.log 2013-10-13 17:43 - 2008-12-09 18:33 - 00000412 _____ C:\WINDOWS\MAXLINK.INI 2013-10-13 17:35 - 2013-10-13 10:36 - 00000000 ____D C:\AdwCleaner 2013-10-13 12:48 - 2008-12-12 18:28 - 00000868 _____ C:\WINDOWS\Tasks\Google Software Updater.job 2013-10-13 12:04 - 2010-04-07 20:44 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2013-10-13 10:36 - 2013-10-13 10:36 - 01048960 _____ C:\Documents and Settings\User\Desktop\AdwCleaner.exe 2013-10-13 10:10 - 2013-10-13 10:10 - 00003003 _____ C:\Documents and Settings\User\Desktop\JRT.txt 2013-10-13 10:05 - 2013-10-13 10:05 - 00000000 ____D C:\WINDOWS\ERUNT 2013-10-13 10:03 - 2013-10-13 10:03 - 01032220 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe 2013-10-13 09:43 - 2013-10-13 09:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2013-10-13 09:23 - 2013-10-13 09:23 - 00105176 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2013-10-13 09:21 - 2013-10-13 09:21 - 00047064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2013-10-13 09:05 - 2004-08-04 06:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl 2013-10-12 23:07 - 2013-10-12 23:07 - 00001845 _____ C:\Documents and Settings\User\Desktop\Chrome App Launcher.lnk 2013-10-12 23:07 - 2013-10-12 23:07 - 00000000 ____D C:\Documents and Settings\User\Start Menu\Programs\Google Chrome 2013-10-12 11:21 - 2013-10-12 11:21 - 00006643 _____ C:\Documents and Settings\User\My Documents\ComboFix.zip 2013-10-12 11:10 - 2013-10-12 11:10 - 00020021 _____ C:\ComboFix.txt 2013-10-12 11:10 - 2013-10-12 10:55 - 00000000 ____D C:\Qoobox 2013-10-12 11:08 - 2013-10-12 10:55 - 00000000 ____D C:\WINDOWS\erdnt 2013-10-12 11:08 - 2004-08-04 06:00 - 00000227 _____ C:\WINDOWS\system.ini 2013-10-12 11:07 - 2008-12-28 11:57 - 00000000 ____D C:\Program Files\iWin Games 2013-10-12 11:00 - 2013-10-12 10:59 - 00000000 _RSHD C:\cmdcons 2013-10-12 11:00 - 2008-11-28 06:22 - 00000327 __RSH C:\boot.ini 2013-10-12 10:51 - 2008-11-28 17:35 - 00000069 _____ C:\WINDOWS\NeroDigital.ini 2013-10-12 08:53 - 2010-04-09 15:11 - 00000284 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-1085031214-725345543-1004.job 2013-10-12 08:44 - 2013-10-12 08:44 - 00094208 _____ C:\WINDOWS\Minidump\Mini101213-01.dmp 2013-10-12 08:44 - 2010-04-09 18:43 - 00000000 ____D C:\WINDOWS\Minidump 2013-10-12 08:42 - 2011-04-13 17:54 - 00000000 ___RD C:\Program Files\Skype 2013-10-12 08:42 - 2011-04-13 17:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype 2013-10-10 10:24 - 2008-11-28 06:18 - 00000000 ____D C:\WINDOWS\repair 2013-10-10 09:58 - 2008-11-28 13:30 - 00000000 ____D C:\WINDOWS\Registration 2013-10-09 12:42 - 2013-10-09 12:42 - 00094208 _____ C:\WINDOWS\Minidump\Mini100913-01.dmp 2013-10-09 09:03 - 2011-01-09 10:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-09 09:03 - 2008-11-28 06:23 - 01133056 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-10-08 23:47 - 2008-11-28 06:24 - 00583236 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-10-08 23:45 - 2013-10-08 23:45 - 00129973 _____ C:\WINDOWS\KB2862335.log 2013-10-08 23:45 - 2013-10-08 23:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$ 2013-10-08 23:45 - 2013-10-08 23:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$ 2013-10-08 23:45 - 2013-10-08 21:44 - 00132900 _____ C:\WINDOWS\KB2847311.log 2013-10-08 23:45 - 2008-11-28 17:55 - 00302290 _____ C:\WINDOWS\updspapi.log 2013-10-08 23:45 - 2008-11-28 06:24 - 02204397 _____ C:\WINDOWS\FaxSetup.log 2013-10-08 23:45 - 2008-11-28 06:24 - 01082865 _____ C:\WINDOWS\ocgen.log 2013-10-08 23:45 - 2008-11-28 06:24 - 00849591 _____ C:\WINDOWS\tsoc.log 2013-10-08 23:45 - 2008-11-28 06:24 - 00717051 _____ C:\WINDOWS\comsetup.log 2013-10-08 23:45 - 2008-11-28 06:24 - 00437158 _____ C:\WINDOWS\ntdtcsetup.log 2013-10-08 23:45 - 2008-11-28 06:24 - 00347055 _____ C:\WINDOWS\iis6.log 2013-10-08 23:45 - 2008-11-28 06:24 - 00117544 _____ C:\WINDOWS\ocmsn.log 2013-10-08 23:45 - 2008-11-28 06:24 - 00111098 _____ C:\WINDOWS\msgsocm.log 2013-10-08 23:45 - 2008-11-28 06:24 - 00001374 _____ C:\WINDOWS\imsins.log 2013-10-08 23:45 - 2008-11-28 06:24 - 00001374 _____ C:\WINDOWS\imsins.BAK 2013-10-08 23:42 - 2013-07-18 12:00 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-10-08 23:37 - 2008-11-28 17:56 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-10-08 23:36 - 2011-01-09 10:52 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight 2013-10-08 23:33 - 2013-10-08 23:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$ 2013-10-08 23:33 - 2013-10-08 23:32 - 00011560 _____ C:\WINDOWS\KB2868038.log 2013-10-08 23:31 - 2013-10-08 23:29 - 00011825 _____ C:\WINDOWS\KB2879017-IE8.log 2013-10-08 23:29 - 2013-10-08 23:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$ 2013-10-08 23:28 - 2013-10-08 23:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$ 2013-10-08 21:55 - 2013-09-10 12:03 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2013-10-08 21:55 - 2013-09-10 12:03 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2013-10-08 21:55 - 2013-06-12 11:02 - 17226632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe 2013-10-08 14:43 - 2012-12-22 20:43 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2013-10-07 14:20 - 2013-10-07 14:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8 2013-10-07 14:20 - 2013-09-08 22:07 - 00000815 _____ C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk 2013-10-05 11:07 - 2013-10-05 11:07 - 00000000 ____D C:\Documents and Settings\User\Application Data\Malwarebytes 2013-10-05 10:55 - 2013-10-05 10:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-05 10:55 - 2013-10-05 10:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2013-10-05 10:55 - 2013-10-05 10:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2013-10-04 14:59 - 2013-10-04 14:59 - 00008280 _____ C:\Documents and Settings\User\Desktop\RKreport[0]_S_10042013_145931.txt 2013-10-04 14:18 - 2013-10-04 14:18 - 00000000 ____D C:\Documents and Settings\User\Application Data\PowerAgent 2013-10-04 14:16 - 2013-10-04 14:16 - 00001804 _____ C:\Documents and Settings\User\Desktop\FSSS Production.lnk 2013-10-04 14:16 - 2013-10-04 14:16 - 00000000 ____D C:\Documents and Settings\User\Start Menu\Programs\Amdocs SmartClient CRM 2013-10-04 14:13 - 2013-10-04 14:13 - 00000000 ____D C:\Program Files\Common Files\Java 2013-10-04 14:10 - 2013-10-04 14:11 - 00162224 _____ (Sun Microsystems, Inc.) C:\WINDOWS\system32\javaws.exe 2013-10-04 14:10 - 2013-10-04 14:11 - 00149936 _____ (Sun Microsystems, Inc.) C:\WINDOWS\system32\javaw.exe 2013-10-04 14:10 - 2013-10-04 14:11 - 00149936 _____ (Sun Microsystems, Inc.) C:\WINDOWS\system32\java.exe 2013-10-04 14:10 - 2013-09-29 22:44 - 00073728 _____ (Sun Microsystems, Inc.) C:\WINDOWS\system32\javacpl.cpl 2013-10-04 14:10 - 2008-12-12 18:55 - 00000000 ____D C:\Program Files\Java 2013-10-04 13:44 - 2013-10-04 13:44 - 00000156 _____ C:\Documents and Settings\User\Desktop\EMEASUPORT.url 2013-10-04 12:54 - 2012-07-10 21:39 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll 2013-10-04 12:54 - 2010-05-18 06:43 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll 2013-09-30 08:02 - 2013-09-30 08:03 - 00094208 _____ C:\WINDOWS\Minidump\Mini093013-01.dmp 2013-09-29 16:17 - 2013-07-30 12:42 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Epson Software 2013-09-29 16:13 - 2012-11-10 18:57 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat 2013-09-27 18:12 - 2013-09-27 17:00 - 06363648 _____ C:\Documents and Settings\User\My Documents\Baptism Regan.car 2013-09-24 14:46 - 2013-09-24 14:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes 2013-09-24 14:46 - 2013-09-24 14:45 - 00000000 ____D C:\Program Files\iTunes 2013-09-24 14:46 - 2013-09-24 14:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-09-24 14:45 - 2013-09-24 14:45 - 00000000 ____D C:\Program Files\iPod 2013-09-24 14:45 - 2009-01-11 21:23 - 00000000 ____D C:\Program Files\Common Files\Apple 2013-09-24 14:44 - 2013-09-24 14:44 - 00000000 ____D C:\Documents and Settings\Default User\Application Data\Apple Computer 2013-09-24 14:44 - 2011-08-23 09:39 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\Application Data\Apple Computer 2013-09-24 14:21 - 2013-09-09 14:36 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk 2013-09-24 14:21 - 2013-09-09 14:36 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk 2013-09-24 14:21 - 2008-12-12 17:36 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-09-23 23:36 - 2004-08-04 06:00 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe 2013-09-23 23:36 - 2004-08-04 06:00 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2013-09-23 12:33 - 2012-06-13 14:23 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll 2013-09-23 12:33 - 2010-06-10 15:17 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll 2013-09-23 12:33 - 2009-07-24 16:22 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll 2013-09-23 12:33 - 2009-07-24 16:22 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll 2013-09-23 12:33 - 2009-03-08 04:33 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll 2013-09-23 12:33 - 2008-11-28 18:01 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll 2013-09-23 12:33 - 2008-11-28 18:01 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll 2013-09-23 12:33 - 2008-11-28 18:01 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll 2013-09-23 12:33 - 2008-11-28 18:01 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2013-09-23 12:33 - 2008-11-28 13:31 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll 2013-09-23 12:33 - 2007-08-13 19:54 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2013-09-23 12:33 - 2007-08-13 19:54 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2013-09-23 12:33 - 2007-08-13 19:54 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll 2013-09-23 12:33 - 2007-08-13 19:34 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2013-09-23 12:33 - 2004-08-04 06:00 - 06017536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll 2013-09-23 12:33 - 2004-08-04 06:00 - 06017536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2013-09-23 12:33 - 2004-08-04 06:00 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl 2013-09-23 12:33 - 2004-08-04 06:00 - 01469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2013-09-23 12:33 - 2004-08-04 06:00 - 01215488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll 2013-09-23 12:33 - 2004-08-04 06:00 - 01215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2013-09-23 12:33 - 2004-08-04 06:00 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll 2013-09-23 12:33 - 2004-08-04 06:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2013-09-23 12:33 - 2004-08-04 06:00 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll 2013-09-23 12:33 - 2004-08-04 06:00 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll 2013-09-23 12:33 - 2004-08-04 06:00 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll 2013-09-23 12:33 - 2004-08-04 06:00 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2013-09-23 12:33 - 2004-08-04 06:00 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll 2013-09-23 12:33 - 2004-08-04 06:00 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll 2013-09-23 12:33 - 2004-08-04 06:00 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll 2013-09-23 12:33 - 2004-08-04 06:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2013-09-23 12:33 - 2004-08-04 06:00 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll 2013-09-23 12:33 - 2004-08-04 06:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll 2013-09-23 12:33 - 2004-08-04 06:00 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll 2013-09-23 12:33 - 2004-08-04 06:00 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2013-09-23 12:33 - 2004-08-04 06:00 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll 2013-09-23 12:33 - 2004-08-04 06:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll 2013-09-23 12:33 - 2004-08-04 06:00 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll 2013-09-23 12:33 - 2004-08-04 06:00 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2013-09-23 12:33 - 2004-08-04 06:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll 2013-09-23 12:06 - 2004-08-04 06:00 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2013-09-21 21:28 - 2013-09-21 21:28 - 00346112 _____ C:\Documents and Settings\User\My Documents\RS Visiting Teaching Sept 13.sig 2013-09-15 19:47 - 2010-04-15 17:57 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\CutePDF Writer Files to move or delete: ==================== C:\Documents and Settings\User\jobq.dat Some content of TEMP: ==================== C:\Documents and Settings\User\Local Settings\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013 Ran by User at 2013-10-14 08:22:05 Running from C:\Documents and Settings\User\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Norton Security Suite (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ==================== Installed Programs ====================== ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512) Adobe AIR (Version: 2.7.1.19610) Adobe Connect 9 Add-in (HKCU Version: 11,2,385,0) Adobe Flash Player 11 ActiveX (Version: 11.9.900.117) Adobe Reader XI (11.0.05) (Version: 11.0.05) Adobe Shockwave Player 12.0 (Version: 12.0.3.133) Adobe Shockwave Player 12.0 (Version: 12.0.4.144) Amazon MP3 Downloader 1.0.15 (Version: 1.0.15) AnswerWorks 5.0 English Runtime (Version: 5.0.7) Apple Application Support (Version: 2.3.6) Apple Mobile Device Support (Version: 7.0.0.117) Apple Software Update (Version: 2.1.3.127) ArcSoft MediaImpression ArcSoft Software Suite AzureBay Screen Saver Belkin 54Mbps Wireless Network Adapter (Version: 1.00.01) Blue Coat K9 Web Protection 4.2.123 (Version: 4.2.123) Bonjour (Version: 3.0.0.10) Canon PIXMA iP6000D Cisco Unified Presenter Add-in 6x5 Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000) CutePDF Writer 2.8 EPSON Connect version 1.0 (Version: 1.0) Epson Customer Participation (Version: 1.4.0.0) Epson Event Manager (Version: 3.01.0003) Epson FAX Utility (Version: 1.30.00) Epson PC-FAX Driver EPSON Scan EPSON XP-800 Series Printer Uninstall EpsonNet Print (Version: 2.5.00) ESET Online Scanner v3 FamilySearch Indexing 3.7.8 (Version: 3.7.8) Foxit Reader (Version: 4.3.1.218) FSSS Production GetMyAncestors (Version: 2011.7.30.0) GFI Backup 2009 - Home Edition (Version: 3.0) Google Chrome (Version: 30.0.1599.69) Google Earth (Version: 7.1.1.1888) Google Updater (Version: 2.4.2432.1652) High Definition Audio Driver Package - KB888111 (Version: 20040219.000000) HP Photo and Imaging 2.0 - All-in-One (Version: 1.10.0000) HP Photo and Imaging 2.0 - All-in-One Drivers (Version: 1.10.0000) HP Photo and Imaging 2.0 - hp psc 1200 series hp psc 1200 series (Version: 1.10.0000) Intel® Graphics Media Accelerator Driver (Version: 0.0.0.0000) Intel® Network Connections 15.1.29.0 (Version: 15.1.29.0) iTunes (Version: 11.1.0.126) Jasc After Shot (Version: 1.0.0.0) Java Auto Updater (Version: 2.0.7.2) Java 6 Update 45 (Version: 6.0.450) LightScribe 1.4.124.1 (Version: 1.4.124.1) Macromedia Shockwave Player Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Mavis Beacon Teaches Typing 12 Standard Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2833941) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729) Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1) Microsoft Digital Image Pro 9 (Version: 9.0.0.0000) Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft National Language Support Downlevel APIs Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000) Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Web Publishing Wizard 1.52 Microsoft Windows XP Video Decoder Checkup Utility Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0) Mozilla Maintenance Service (Version: 24.0.1) Mozilla Thunderbird 17.0 (x86 en-US) (Version: 17.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0) Nero 7 Essentials (Version: 7.02.4129) Norton Security Suite (Version: 20.4.0.40) OpenOffice 4.0.0 (Version: 4.00.9702) OrdinanceTracker (Version: 2010.4.3.1) Palm VersaMail (HKCU Version: 2.61.1100) Palm VersaMail (Version: 2.61.1100) Picasa 3 (Version: 3.9) Picture Package Music Transfer (Version: 1.1.00.11270) PowerAgent (Version: 0.1) PrintMaster Platinum 17 (Version: 17.00.0000) Quicken 2011 (Version: 20.1.8.6) QuickTime (Version: 7.74.80.86) RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0) RealPlayer (Version: 15.0.6) Realtek High Definition Audio Driver (Version: 5.10.0.5964) RealUpgrade 1.1 (Version: 1.1.0) Remote Control USB Driver (Version: 2.3.2.317) RootsMagic 5.0.4.1 ScanSoft OmniPage SE 4 (Version: 15.2.0020) ScreenThemes 3.0 Secunia PSI (2.0.0.1003) Skype™ 6.9 (Version: 6.9.106) Snood for Windows version 3.0-W Software Updater (Version: 4.1.4) Sony Picture Utility (Version: 3.0.02.12110) SpO2 Assistant V2.x Super Collapse! Super Glinx! Super Nisqually! swMSM (Version: 12.0.0.1) System Requirements Lab (Version: 4.1.71.0) System Requirements Lab for Intel (Version: 4.1.66.0) TeamViewer 8 (Version: 8.0.22298) The Weather Channel App Travelaxe Uninstall FamilySearch Indexing Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft Windows (KB971513) Update for Mipony Download Accelerator Update for Windows Internet Explorer 8 (KB2447568) (Version: 1) Update for Windows Internet Explorer 8 (KB971180) (Version: 1) Update for Windows Internet Explorer 8 (KB976662) (Version: 1) Update for Windows Internet Explorer 8 (KB980182) (Version: 1) Update for Windows Internet Explorer 8 (KB982632) (Version: 1) Update for Windows Internet Explorer 8 (KB982664) (Version: 1) Update for Windows XP (KB2141007) (Version: 1) Update for Windows XP (KB2345886) (Version: 1) Update for Windows XP (KB2467659) (Version: 1) Update for Windows XP (KB2541763) (Version: 1) Update for Windows XP (KB2607712) (Version: 1) Update for Windows XP (KB2616676) (Version: 1) Update for Windows XP (KB2641690) (Version: 1) Update for Windows XP (KB2661254-v2) (Version: 2) Update for Windows XP (KB2718704) (Version: 1) Update for Windows XP (KB2736233) (Version: 1) Update for Windows XP (KB2749655) (Version: 1) Update for Windows XP (KB2863058) (Version: 1) Update for Windows XP (KB951072-v2) (Version: 2) Update for Windows XP (KB951978) (Version: 1) Update for Windows XP (KB955759) (Version: 1) Update for Windows XP (KB955839) (Version: 1) Update for Windows XP (KB967715) (Version: 1) Update for Windows XP (KB968389) (Version: 1) Update for Windows XP (KB971029) (Version: 1) Update for Windows XP (KB971737) (Version: 1) Update for Windows XP (KB973687) (Version: 1) Update for Windows XP (KB973815) (Version: 1) WebFldrs XP (Version: 9.50.7523) Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0) Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2) Windows Internet Explorer 7 (Version: 20070813.185237) Windows Internet Explorer 8 (Version: 20090308.140743) Windows Media Format 11 runtime Windows Media Player 11 Windows PowerShell 1.0 (Version: 2) Windows Resource Kit Tools - SubInAcl.exe (Version: 5.2.3790.1164) Windows XP Service Pack 3 (Version: 20080414.031525) WinPatrol 2009 (Version: 17.0.2010.0) WordPerfect Office 11 (Version: 11.0.0.233) ==================== Restore Points ========================= 16-07-2013 18:07:50 System Checkpoint 17-07-2013 18:42:33 System Checkpoint 18-07-2013 18:00:19 Software Distribution Service 3.0 19-07-2013 20:29:01 System Checkpoint 20-07-2013 21:04:48 System Checkpoint 21-07-2013 21:37:28 System Checkpoint 22-07-2013 21:53:04 System Checkpoint 23-07-2013 22:28:53 System Checkpoint 24-07-2013 23:10:22 System Checkpoint 25-07-2013 23:36:01 System Checkpoint 26-07-2013 23:59:32 System Checkpoint 28-07-2013 01:43:30 System Checkpoint 29-07-2013 14:25:50 System Checkpoint 30-07-2013 15:28:16 System Checkpoint 30-07-2013 18:41:28 Installed EpsonNet Print 30-07-2013 18:42:47 Installed FAX Utility 31-07-2013 20:21:20 System Checkpoint 01-08-2013 20:40:40 Installed Software Updater 02-08-2013 21:08:57 System Checkpoint 03-08-2013 22:05:55 System Checkpoint 04-08-2013 23:20:36 System Checkpoint 05-08-2013 23:42:11 System Checkpoint 06-08-2013 21:43:50 Removed OpenOffice.org 3.4.1 06-08-2013 21:44:54 Installed OpenOffice 4.0.0 07-08-2013 21:55:47 System Checkpoint 09-08-2013 00:16:04 System Checkpoint 10-08-2013 00:33:10 System Checkpoint 11-08-2013 00:35:06 System Checkpoint 12-08-2013 00:49:57 System Checkpoint 13-08-2013 01:11:23 System Checkpoint 14-08-2013 02:01:03 System Checkpoint 14-08-2013 18:00:16 Software Distribution Service 3.0 15-08-2013 18:35:35 System Checkpoint 16-08-2013 18:40:05 System Checkpoint 17-08-2013 19:40:05 System Checkpoint 18-08-2013 20:35:07 System Checkpoint 19-08-2013 20:37:30 System Checkpoint 20-08-2013 21:59:00 System Checkpoint 21-08-2013 22:07:08 System Checkpoint 22-08-2013 22:19:44 System Checkpoint 23-08-2013 22:40:22 System Checkpoint 24-08-2013 23:10:20 System Checkpoint 26-08-2013 00:07:00 System Checkpoint 27-08-2013 01:06:13 System Checkpoint 28-08-2013 01:34:08 System Checkpoint 28-08-2013 05:46:32 Software Distribution Service 3.0 29-08-2013 15:30:02 System Checkpoint 30-08-2013 16:12:03 System Checkpoint 31-08-2013 17:09:40 System Checkpoint 01-09-2013 17:54:30 System Checkpoint 02-09-2013 18:26:53 System Checkpoint 03-09-2013 18:39:59 System Checkpoint 04-09-2013 19:20:13 System Checkpoint 05-09-2013 19:42:03 System Checkpoint 06-09-2013 19:45:18 System Checkpoint 07-09-2013 20:45:46 System Checkpoint 09-09-2013 04:37:18 System Checkpoint 09-09-2013 19:55:53 Removed Acrobat.com 09-09-2013 20:06:40 Removed Java 7 Update 25 09-09-2013 20:07:29 Removed JavaFX 2.1.1 09-09-2013 20:08:33 Removed Skype Click to Call 09-09-2013 20:24:35 Installed Java 6 Update 45 09-09-2013 20:26:01 Removed Java 7 Update 25 09-09-2013 20:28:39 Removed Java 6 Update 45 09-09-2013 20:29:08 Removed Java 6 Update 45 09-09-2013 20:30:28 Installed Java 6 Update 45 10-09-2013 18:00:17 Software Distribution Service 3.0 11-09-2013 18:42:26 System Checkpoint 12-09-2013 18:00:20 Software Distribution Service 3.0 12-09-2013 18:23:09 Software Distribution Service 3.0 13-09-2013 21:37:15 Software Distribution Service 3.0 14-09-2013 22:33:16 System Checkpoint 15-09-2013 23:09:57 System Checkpoint 19-09-2013 16:19:16 System Checkpoint 20-09-2013 17:12:02 System Checkpoint 21-09-2013 17:55:55 System Checkpoint 22-09-2013 18:29:53 System Checkpoint 23-09-2013 20:11:00 System Checkpoint 24-09-2013 20:31:45 System Checkpoint 25-09-2013 20:58:19 System Checkpoint 26-09-2013 23:41:11 System Checkpoint 27-09-2013 23:59:07 System Checkpoint 29-09-2013 00:11:00 System Checkpoint 29-09-2013 22:17:45 Installed Software Updater 01-10-2013 15:44:50 System Checkpoint 02-10-2013 21:53:59 System Checkpoint 03-10-2013 22:30:51 System Checkpoint 04-10-2013 18:44:43 Removed Java 7 Update 25 04-10-2013 19:36:24 Removed Java 7 Update 25 04-10-2013 20:10:43 Installed Java 6 Update 45 05-10-2013 20:39:26 System Checkpoint 06-10-2013 21:33:36 System Checkpoint 07-10-2013 22:29:03 System Checkpoint 08-10-2013 22:54:42 System Checkpoint 09-10-2013 05:10:15 Software Distribution Service 3.0 10-10-2013 20:12:43 System Checkpoint 11-10-2013 20:55:20 System Checkpoint 13-10-2013 17:07:52 System Checkpoint 13-10-2013 18:00:15 Software Distribution Service 3.0 ==================== Hosts content: ========================== 2004-08-04 06:00 - 2013-10-12 11:08 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe Task: C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1352940630.job => C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-1085031214-725345543-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-1085031214-725345543-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe ==================== Loaded Modules (whitelisted) ============= 2010-04-15 17:55 - 2009-11-05 08:39 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll 2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-07-23 15:59 - 2012-05-30 08:51 - 00699280 ____R () C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\20.4.0.40\wincfi39.dll 2010-04-10 15:34 - 2009-09-14 16:36 - 00506711 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll 2012-11-14 12:14 - 2007-11-26 12:45 - 00188416 _____ () C:\Program Files\Belkin\F5D7050v3\BelkinwcuiDLL.dll 2012-11-14 12:14 - 2007-10-30 23:29 - 00151617 _____ () C:\Program Files\Belkin\F5D7050v3\blkwcapi.dll 2012-11-14 12:14 - 2003-10-13 16:30 - 00094208 _____ () C:\Program Files\Belkin\F5D7050v3\GTW32N50.dll 2012-11-14 12:14 - 2005-08-10 16:36 - 00045056 _____ () C:\Program Files\Belkin\F5D7050v3\Security.dll 2012-11-14 12:14 - 2006-02-24 11:40 - 00061440 _____ () C:\Program Files\Belkin\F5D7050v3\BelkinHWStatus.dll 2004-08-04 06:00 - 2008-04-13 18:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll 2004-08-04 06:00 - 2008-04-13 18:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/12/2013 01:34:06 PM) (Source: MsiInstaller) (User: KAY) Description: Product: PrintMaster Platinum 17 -- Error 1706. Installation has been canceled. You may run this installation at a later time. Error: (10/12/2013 11:06:22 AM) (Source: crypt32) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established Error: (10/12/2013 11:05:33 AM) (Source: crypt32) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established Error: (10/10/2013 10:47:17 AM) (Source: Application Hang) (User: ) Description: Hanging application GFIBackup.exe, version 3.1.2010.730, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (10/10/2013 10:47:16 AM) (Source: Application Hang) (User: ) Description: Hanging application GFIBackup.exe, version 3.1.2010.730, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (10/10/2013 10:46:52 AM) (Source: Application Hang) (User: ) Description: Hanging application GFIBackup.exe, version 3.1.2010.730, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (10/09/2013 09:06:31 AM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (09/29/2013 10:49:04 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1969 Error: (09/29/2013 10:49:04 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1969 Error: (09/29/2013 10:49:04 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (10/14/2013 08:05:33 AM) (Source: Service Control Manager) (User: ) Description: The MCSTRM service failed to start due to the following error: %%2 Error: (10/14/2013 07:56:42 AM) (Source: Service Control Manager) (User: ) Description: The MCSTRM service failed to start due to the following error: %%2 Error: (10/13/2013 05:39:34 PM) (Source: Service Control Manager) (User: ) Description: The MCSTRM service failed to start due to the following error: %%2 Error: (10/13/2013 09:06:41 AM) (Source: Service Control Manager) (User: ) Description: The MCSTRM service failed to start due to the following error: %%2 Error: (10/12/2013 10:55:30 AM) (Source: Service Control Manager) (User: ) Description: The GFI Backup 2009 - Home Edition Attendant Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/12/2013 10:55:30 AM) (Source: Service Control Manager) (User: ) Description: The GFI Backup 2009 - Home Edition Scheduler Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/12/2013 08:56:00 AM) (Source: System Error) (User: ) Description: Error code 1000008e, parameter1 c0000005, parameter2 a8240217, parameter3 a78479c0, parameter4 00000000. Error: (10/12/2013 08:45:43 AM) (Source: Service Control Manager) (User: ) Description: The MCSTRM service failed to start due to the following error: %%2 Error: (10/12/2013 08:37:25 AM) (Source: Service Control Manager) (User: ) Description: The MCSTRM service failed to start due to the following error: %%2 Error: (10/11/2013 07:52:19 AM) (Source: Service Control Manager) (User: ) Description: The MCSTRM service failed to start due to the following error: %%2 Microsoft Office Sessions: ========================= Error: (10/12/2013 01:34:06 PM) (Source: MsiInstaller)(User: KAY) Description: Product: PrintMaster Platinum 17 -- Error 1706. Installation has been canceled. You may run this installation at a later time.(NULL)(NULL)(NULL) Error: (10/12/2013 11:06:22 AM) (Source: crypt32)(User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtA connection with the server could not be established Error: (10/12/2013 11:05:33 AM) (Source: crypt32)(User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtA connection with the server could not be established Error: (10/10/2013 10:47:17 AM) (Source: Application Hang)(User: ) Description: GFIBackup.exe3.1.2010.730hungapp0.0.0.000000000 Error: (10/10/2013 10:47:16 AM) (Source: Application Hang)(User: ) Description: GFIBackup.exe3.1.2010.730hungapp0.0.0.000000000 Error: (10/10/2013 10:46:52 AM) (Source: Application Hang)(User: ) Description: GFIBackup.exe3.1.2010.730hungapp0.0.0.000000000 Error: (10/09/2013 09:06:31 AM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (09/29/2013 10:49:04 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1969 Error: (09/29/2013 10:49:04 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1969 Error: (09/29/2013 10:49:04 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second ==================== Memory info =========================== Percentage of memory in use: 29% Total physical RAM: 3317.49 MB Available physical RAM: 2341.23 MB Total Pagefile: 5200.61 MB Available Pagefile: 4348.94 MB Total Virtual: 2047.88 MB Available Virtual: 1940.37 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:298.08 GB) (Free:197.85 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive j: () (Fixed) (Total:149.04 GB) (Free:62.58 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: AB7DAB7D) Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 55645564) Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  16. Ran Dr Web but it hung when almost completed. It took action against 14 threats before hanging. Will try to rerun.
  17. Step 06 Eset Report of Threats C:\Data\Downloads\cnet_revosetup_exe.exe a variant of Win32/InstallCore.D application C:\Data\Downloads\frzfonts_d165396.exe a variant of Win32/InstallIQ.A application C:\Data\Downloads\Nero-9.4.12.3d_free.exe Win32/Toolbar.AskSBar application C:\Data\Downloads\ClipArt & backgrounds\iLividSetup.exe Win32/Toolbar.SearchSuite application C:\Data\Downloads\CutePDF\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.A application C:\Data\Downloads\Epson XP-800\epson14514.exe a variant of Win32/Bundled.Toolbar.Ask.D application C:\Program Files\GFI\GFI Backup 2009 - Home Edition\Backup\Mike's Backup\C\Data\Downloads\jZip\jZipV1c.exe multiple threats C:\Program Files\GFI\GFI Backup 2009 - Home Edition\Backup\Mike's Backup\C\Documents and Settings\User\Local Settings\Temp\nsp26.tmp.exe multiple threats C:\RECYCLER\S-1-5-21-1935655697-1085031214-725345543-1004\Dc3.exe a variant of Win32/Kryptik.BLXE trojan C:\System Volume Information\_restore{B39E5D6F-27D3-4BCE-A2BA-8E6D67095437}\RP1341\A0181073.exe Win32/DownWare.E application J:\Data\Downloads\CutePDF\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.A application J:\Documents and Settings\Mike\My Documents\Downloads\cnet_revosetup_exe.exe a variant of Win32/InstallCore.D application J:\Documents and Settings\Mike\My Documents\Downloads\frzfonts_d165396.exe a variant of Win32/InstallIQ.A application J:\Documents and Settings\Mike\My Documents\Downloads\Nero-9.4.12.3d_free.exe Win32/Toolbar.AskSBar application J:\Original Data Mike's\Downloads\jZip\jZipV1c.exe multiple threats
  18. # AdwCleaner v3.007 - Report created 13/10/2013 at 17:35:08 # Updated 09/10/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : User - KAY # Running from : C:\Documents and Settings\User\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r3ylsglz.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\jZip Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v24.0 (en-US) [ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r3ylsglz.default\prefs.js ] -\\ Google Chrome v30.0.1599.69 [ File : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] [ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [3310 octets] - [13/10/2013 10:37:27] AdwCleaner[R1].txt - [3370 octets] - [13/10/2013 17:33:44] AdwCleaner[s0].txt - [3333 octets] - [13/10/2013 17:35:08] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3393 octets] ##########
  19. Step 05 Completed AdwCleaner Keep IE, Firefox, Chrome # AdwCleaner v3.007 - Report created 13/10/2013 at 10:37:27# Updated 09/10/2013 by Xplode# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)# Username : User - KAY# Running from : C:\Documents and Settings\User\Desktop\AdwCleaner.exe# Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r3ylsglz.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\jZipKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.comKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.comKey Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}Key Found : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v24.0 (en-US) [ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r3ylsglz.default\prefs.js ] -\\ Google Chrome v30.0.1599.69 [ File : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] [ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [3170 octets] - [13/10/2013 10:37:27] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3230 octets] ##########
  20. Ran Step 04 JRT.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.4 (10.06.2013:1)OS: Microsoft Windows XP x86Ran by User on Sun 10/13/2013 at 10:05:13.43~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayNameSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbhoSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproductsSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilividSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcoreSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylonSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exeSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.capSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\babylon"Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\drivercure"Successfully deleted: [Folder] "C:\Documents and Settings\User\Application Data\dsite"Successfully deleted: [Folder] "C:\Documents and Settings\User\Application Data\iwin" ~~~ FireFox Successfully deleted: [File] C:\Documents and Settings\User\Application Data\mozilla\firefox\profiles\r3ylsglz.default\user.js ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sun 10/13/2013 at 10:10:10.48End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  21. Ran Step 01 No threats were detected on first run so I didn't make the second run. Continuing on to step 02 Malwarebytes Anti-Rootkit BETA 1.07.0.1007 www.malwarebytes.org Database version: v2013.10.13.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 User :: KAY [administrator] 10/13/2013 9:23:14 AM mbar-log-2013-10-13 (09-23-14).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 215703 Time elapsed: 19 minute(s), 25 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1007 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_45 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, J:\ DRIVE_FIXED CPU speed: 2.982000 GHz Memory total: 3478642688, free: 2449686528 Downloaded database version: v2013.10.13.03 Downloaded database version: v2013.10.11.02 Initializing... ====================== ------------ Kernel report ------------ 10/13/2013 09:23:09 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys ohci1394.sys \WINDOWS\system32\DRIVERS\1394BUS.SYS pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS MountMgr.sys ftdisk.sys PartMgr.sys VolSnap.sys atapi.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltmgr.sys SYMDS.SYS sr.sys SYMEFA.SYS PxHelp20.sys KSecDD.sys Ntfs.sys NDIS.sys Mup.sys \SystemRoot\system32\DRIVERS\SMBios.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\igxpmp32.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\e1e5132.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\nic1394.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\drivers\pfc.sys \SystemRoot\System32\Drivers\AFS2K.SYS \SystemRoot\system32\drivers\Afc.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RtkHDAud.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\N360\1404000.028\ccSetx86.sys \SystemRoot\system32\drivers\N360\1404000.028\Ironx86.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\System32\Drivers\N360\1404000.028\SYMTDI.SYS \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\DRIVERS\wanarp.sys \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS \SystemRoot\system32\DRIVERS\arp1394.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131011.001\IDSxpx86.sys \SystemRoot\system32\drivers\bckd.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\System32\drivers\ws2ifsl.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\drivers\N360\1404000.028\SRTSPX.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130924.001\BHDrvx86.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\system32\DRIVERS\rt73.sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_WMILIB.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\igxpgd32.dll \SystemRoot\System32\igxprd32.dll \SystemRoot\System32\igxpdv32.DLL \SystemRoot\System32\igxpdx32.DLL \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\AegisP.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\mrxdav.sys \SystemRoot\system32\DRIVERS\srv.sys \??\C:\WINDOWS\system32\drivers\osaio.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\System32\Drivers\N360\1404000.028\SRTSP.SYS \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131012.006\NAVEX15.SYS \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131012.006\NAVENG.SYS \SystemRoot\System32\Drivers\HTTP.sys \??\C:\PROGRA~1\Belkin\F5D705~1\GTNDIS5.SYS \??\C:\DOCUME~1\User\LOCALS~1\Temp\ALSysIO.sys \SystemRoot\system32\DRIVERS\psi_mf.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk7\DR14 Upper Device Object: 0xffffffff8abb4ab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000009b\ Lower Device Object: 0xffffffff8ab126d8 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk6\DR8 Upper Device Object: 0xffffffff8aae6ab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000008b\ Lower Device Object: 0xffffffff8a678ea0 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk5\DR7 Upper Device Object: 0xffffffff8a5fe290 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000008a\ Lower Device Object: 0xffffffff8a5c45f8 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk4\DR6 Upper Device Object: 0xffffffff8ab84ab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000089\ Lower Device Object: 0xffffffff8aaf8ea0 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk3\DR5 Upper Device Object: 0xffffffff8ab29ab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000088\ Lower Device Object: 0xffffffff8ab5ca50 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk2\DR4 Upper Device Object: 0xffffffff8ab0aab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000087\ Lower Device Object: 0xffffffff8ab0cea0 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xffffffff8af60ab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP5T0L0-1f\ Lower Device Object: 0xffffffff8af4bd98 Lower Device Driver Name: \Driver\atapi\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8af4aab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-7\ Lower Device Object: 0xffffffff8af4fb00 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8af4aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8aefee08, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8af4aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8af67e98, DeviceName: \Device\00000076\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff8af4fb00, DeviceName: \Device\Ide\IdeDeviceP2T0L0-7\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: AB7DAB7D Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 625121217 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)... Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffffff8af60ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8aefebf0, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8af60ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8af019e8, DeviceName: \Device\00000078\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff8af4bd98, DeviceName: \Device\Ide\IdeDeviceP5T0L0-1f\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 55645564 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 312560577 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 160041885696 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 2, DevicePointer: 0xffffffff8ab0aab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8ad92630, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8ab0aab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8ab0cea0, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xffffffff8ab29ab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8a5e1e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8ab29ab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8ab5ca50, DeviceName: \Device\00000088\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xffffffff8ab84ab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8ab8ce08, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8ab84ab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8aaf8ea0, DeviceName: \Device\00000089\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xffffffff8a5fe290, DeviceName: \Device\Harddisk5\DR7\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8abdfe08, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8a5fe290, DeviceName: \Device\Harddisk5\DR7\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8a5c45f8, DeviceName: \Device\0000008a\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 6, DevicePointer: 0xffffffff8aae6ab8, DeviceName: \Device\Harddisk6\DR8\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8ad36e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8aae6ab8, DeviceName: \Device\Harddisk6\DR8\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8a678ea0, DeviceName: \Device\0000008b\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 7, DevicePointer: 0xffffffff8abb4ab8, DeviceName: \Device\Harddisk7\DR14\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8a51fe08, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8abb4ab8, DeviceName: \Device\Harddisk7\DR14\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8ab126d8, DeviceName: \Device\0000009b\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Scan finished ======================================= Removal queue found; removal started Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam... Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam... Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam... Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam... Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_1_0_63_i.mbam... Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam... Removal finished
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.