Man of Leisure

Members

View Profile See their activity

Posts
18
Joined
March 27, 2010
Last visited
May 30, 2014

Reputation

0 Neutral

Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Man of Leisure replied to Man of Leisure's topic in Resolved Malware Removal Logs

Results of screen317's Security Check version 0.99.78 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus Free Edition 2013 Microsoft Security Essentials Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.9.900.170 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (26.0) Google Chrome 31.0.1650.57 Google Chrome 31.0.1650.63 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
- January 8, 2014
- 26 replies
Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Man of Leisure replied to Man of Leisure's topic in Resolved Malware Removal Logs

Ron I hope I am not being overly optimistic, but it appears the malware is gone. I screwed up and did not get the report from Dr Web. It found one threat and I neutralized it. Rebooted and ran it again, then realized i forgot to save the report from the first one. But now it finds no threat . Malware Bytes finds no threat, and the process that kept eating up all my of CPU usage is no longer popping up. I am sorry for not saving the log. But I am also extermely grateful for the time you took reviewing this situation and working to help me. Thank you very much.
- January 8, 2014
- 26 replies
Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Man of Leisure replied to Man of Leisure's topic in Resolved Malware Removal Logs

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-01-2014 Ran by Scott at 2014-01-07 06:51:06 Run:2 Running from C:\Users\Scott\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** BootExecute: autocheck autochk * /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart HKLM-x32\...\Run: [] - [x] HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [172032 2010-02-28] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKCU\...\Run: [Google Update] - C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-08-07] (Google Inc.) HKCU\...\Run: [ROC_ROC_APR2013_AV] - C:\Users\Scott\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 4ced2b23a9cd47d0814fa1bad3cf9d04-bd9abf57d5c6eecffec5926f541664f5b0b9becf --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 HKCU\...\Run: [AVG-Secure-Search-Update_0913a] - C:\Users\Scott\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 4ced2b23a9cd47d0814fa1bad3cf9d04-bd9abf57d5c6eecffec5926f541664f5b0b9becf --CMPID 0913a MountPoints2: {28dcdc13-dfbb-11e0-a1ee-70f3952b74f7} - G:\setup.exe -a MountPoints2: {5966ca7c-fd0b-11e2-aeec-8b0cfd3ea3eb} - G:\VZW_Software_upgrade_assistant.exe MountPoints2: {73f42c51-5912-11e3-b8d2-c80aa99520dd} - G:\TL_Bootstrap.exe MountPoints2: {783e61f0-5940-11e3-ad28-c80aa99520dd} - G:\TL_Bootstrap.exe MountPoints2: {783e6249-5940-11e3-ad28-c80aa99520dd} - G:\TL_Bootstrap.exe MountPoints2: {9a408aac-248f-11e2-9652-70f3952b74f7} - G:\setup.exe -a HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {4C2ACFB5-CD27-4945-B090-7843A588BBDB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl SearchScopes: HKCU - {4C2ACFB5-CD27-4945-B090-7843A588BBDB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl SearchScopes: HKCU - {61C0665B-F355-4ECB-96A6-03B9FE8509AF} URL = http://start.mysearc...ults.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0AzyzyyDtBtD0D0D0FtDtAzytN0D0Tzu0CyBtByBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=218193065&ir= BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File C:\Users\Scott\jobq.dat C:\Users\Scott\AppData\Local\Temp\78503uninstall.exe C:\Users\Scott\AppData\Local\Temp\@TVSoftware.exe C:\Users\Scott\AppData\Local\Temp\handbrake-setup.exe C:\Users\Scott\AppData\Local\Temp\i4jdel0.exe C:\Users\Scott\AppData\Local\Temp\instmsia.exe C:\Users\Scott\AppData\Local\Temp\instmsiw.exe C:\Users\Scott\AppData\Local\Temp\ISSetup.dll C:\Users\Scott\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe C:\Users\Scott\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\Scott\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Scott\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Scott\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Scott\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Scott\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe C:\Users\Scott\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe C:\Users\Scott\AppData\Local\Temp\Quarantine.exe C:\Users\Scott\AppData\Local\Temp\Setup.exe C:\Users\Scott\AppData\Local\Temp\Sqlite3.dll C:\Users\Scott\AppData\Local\Temp\WindowsInstaller-KB893803-x86.exe Task: {9A024779-7208-42C8-9584-659F7D05846C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001Core => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-07] (Google Inc.) Task: {A348336F-0901-446D-83F3-8C111D2FF7D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-07] (Google Inc.) Task: {C842BE89-69CA-49A3-9ADD-05EBE666FE98} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001UA => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-07] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001Core.job => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001UA.job => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe AlternateDataStreams: C:\Windows\SysWOW64\mswinsck32.ocx:rsrc AlternateDataStreams: C:\Users\Scott\AppData\Roaming\Comma Separated Values (Windows).EML:OECustomProperty ***************** HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_ROC_APR2013_AV => Value not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_0913a => Value not found. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28dcdc13-dfbb-11e0-a1ee-70f3952b74f7} => Key not found. HKCR\CLSID\{28dcdc13-dfbb-11e0-a1ee-70f3952b74f7} => Key not found. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5966ca7c-fd0b-11e2-aeec-8b0cfd3ea3eb} => Key not found. HKCR\CLSID\{5966ca7c-fd0b-11e2-aeec-8b0cfd3ea3eb} => Key not found. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73f42c51-5912-11e3-b8d2-c80aa99520dd} => Key not found. HKCR\CLSID\{73f42c51-5912-11e3-b8d2-c80aa99520dd} => Key not found. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783e61f0-5940-11e3-ad28-c80aa99520dd} => Key not found. HKCR\CLSID\{783e61f0-5940-11e3-ad28-c80aa99520dd} => Key not found. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783e6249-5940-11e3-ad28-c80aa99520dd} => Key not found. HKCR\CLSID\{783e6249-5940-11e3-ad28-c80aa99520dd} => Key not found. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a408aac-248f-11e2-9652-70f3952b74f7} => Key not found. HKCR\CLSID\{9a408aac-248f-11e2-9652-70f3952b74f7} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{4C2ACFB5-CD27-4945-B090-7843A588BBDB} => Key not found. HKCR\Wow6432Node\CLSID\{4C2ACFB5-CD27-4945-B090-7843A588BBDB} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4C2ACFB5-CD27-4945-B090-7843A588BBDB} => Key not found. HKCR\CLSID\{4C2ACFB5-CD27-4945-B090-7843A588BBDB} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{61C0665B-F355-4ECB-96A6-03B9FE8509AF} => Key not found. HKCR\CLSID\{61C0665B-F355-4ECB-96A6-03B9FE8509AF} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found. HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found. HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found. HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found. HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.45.2 => Key not found. C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll not found. HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2 => Key not found. C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found. C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll not found. C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll not found. "C:\Users\Scott\jobq.dat" => File/Directory not found. "C:\Users\Scott\AppData\Local\Temp\78503uninstall.exe" => File/Directory not found. "C:\Users\Scott\AppData\Local\Temp\@TVSoftware.exe" => File/Directory not found. "C:\Users\Scott\AppData\Local\Temp\handbrake-setup.exe" => File/Directory not found. "C:\Users\Scott\AppData\Local\Temp\i4jdel0.exe" => File/Directory not found. "C:\Users\Scott\AppData\Local\Temp\instmsia.exe" => File/Directory not found. "C:\Users\Scott\AppData\Local\Temp\instmsiw.exe" => File/Directory not found. "C:\Users\Scott\AppData\Local\Temp\ISSetup.dll" => File/Directory not found. "C:\Users\Scott\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe" => File/Directory not found. "C:\Users\Scott\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe" => File/Directory not found. "C:\Users\Scott\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe" => File/Directory not found. "C:\Users\Scott\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe" => File/Directory not found. "C:\Users\Scott\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe" => File/Directory not found. "C:\Users\Scott\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe" => File/Directory not found. "C:\Users\Scott\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe" => File/Directory not found. "C:\Users\Scott\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe" => File/Directory not found. "C:\Users\Scott\AppData\Local\Temp\Quarantine.exe" => File/Directory not found. "C:\Users\Scott\AppData\Local\Temp\Setup.exe" => File/Directory not found. "C:\Users\Scott\AppData\Local\Temp\Sqlite3.dll" => File/Directory not found. "C:\Users\Scott\AppData\Local\Temp\WindowsInstaller-KB893803-x86.exe" => File/Directory not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A024779-7208-42C8-9584-659F7D05846C} => Key not found. C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001Core not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001Core => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A348336F-0901-446D-83F3-8C111D2FF7D8} => Key not found. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C842BE89-69CA-49A3-9ADD-05EBE666FE98} => Key not found. C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001UA not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001UA => Key not found. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job not found. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job not found. C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001Core.job not found. C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001UA.job not found. "C:\Windows\SysWOW64\mswinsck32.ocx" => ":rsrc" ADS not found. "C:\Users\Scott\AppData\Roaming\Comma Separated Values (Windows).EML" => ":OECustomProperty" ADS not found. ==== End of Fixlog ====
- January 7, 2014
- 26 replies
Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Man of Leisure replied to Man of Leisure's topic in Resolved Malware Removal Logs

JavaRa 1.16 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Tue Jan 07 06:36:52 2014 Found and removed: C:\Program Files (x86)\Java\jre6Found and removed: Applications\java.exeFound and removed: Applications \javaw.exeFound and removed: CLSID\{CAFEEFAC-0013-0000-0003- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0000-0004- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0000-0005- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0000- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0001- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0001- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0002- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0002- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0003- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0003- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0004- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0004- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0005- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0005- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0006- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0006- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0007- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0007- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0008- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0008- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0009- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0009- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0010- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0010- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0011- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0011- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0012- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0012- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0013- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0013- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0014- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0014- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0015- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0015- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0016- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0016- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0017- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0017- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0018- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0018- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0019- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0019- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0020- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0020- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0021- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0021- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0000- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0000- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0001- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0001- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0002- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0002- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0003- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0003- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0004- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0004- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0000- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0000- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0001- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0001- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0002- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0002- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0003- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0003- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0004- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0004- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0005- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0005- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0006- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0006- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0007- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0007- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0000- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0000- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0001- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0001- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0002- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0002- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0003- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0003- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0004- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0004- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0005- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0005- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0006- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0006- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0007- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0007- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0008- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0008- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0009- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0009- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0010- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0010- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0011- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0011- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0012- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0012- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0013- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0013- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0014- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0014- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0015- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0015- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0016- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0016- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0017- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0017- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0018- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0018- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0019- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0019- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0020- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0020- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0021- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0021- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0022- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0022- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0023- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0023- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0024- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0024- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0025- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0025- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0026- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0026- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0027- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0027- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0028- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0028- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0029- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0029- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0030- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0030- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0031- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0031- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0032- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0032- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0033- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0033- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0034- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0034- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0035- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0035- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0036- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0036- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0037- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0037- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0038- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0038- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0000- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0000- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0000- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0001- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0001- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0001- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0002- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0002- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0002- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0003- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0003- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0003- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0004- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0004- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0004- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0005- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0005- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0005- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0006- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0006- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0006- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0007- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0007- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0007- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0008- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0008- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0008- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0009- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0009- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0009- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0010- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0010- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0010- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0011- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0011- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0011- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0012- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0012- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0012- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0013- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0013- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0013- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0014- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0014- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0014- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0015- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0015- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0015- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0016- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0016- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0016- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0017- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0017- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0017- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0018- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0018- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0018- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0019- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0019- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0019- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0020- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0020- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0020- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0021- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0021- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0021- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0022- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0022- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0022- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0023- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0023- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0023- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0024- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0024- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0024- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0025- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0025- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0025- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0026- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0026- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0026- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0027- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0027- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0027- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0028- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0028- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0028- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0029- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0029- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0029- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0030- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0030- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0030- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0031- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0031- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0031- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0032- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0032- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0032- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0033- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0033- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0033- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0034- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0034- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0034- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0035- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0035- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0035- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0036- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0036- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0036- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-FFFF- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0000- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0000- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0000- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-FFFF- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0001- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0001- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0001- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0002- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0002- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0002- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0003- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0003- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0003- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0004- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0004- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0004- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0005- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0005- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0005- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0006- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0006- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0006- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0007- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0007- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0007- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0008- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0008- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0008- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0009- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0009- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0009- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0010- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0010- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0010- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0011- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0011- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0011- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0012- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0012- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0012- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0013- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0013- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0013- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0014- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0014- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0014- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0015- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0015- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0015- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0016- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0016- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0016- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0017- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0017- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0017- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0018- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0018- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0018- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0019- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0019- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0019- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0020- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0020- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0020- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0021- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0021- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0021- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0022- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0022- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0022- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0023- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0023- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0023- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0024- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0024- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0024- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0025- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0025- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0025- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0026- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0026- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0026- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0027- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0027- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0027- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0028- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0028- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0028- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0029- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0029- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0029- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0030- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0030- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0031- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0031- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0032- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0032- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0033- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0033- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0034- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0034- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0035- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0035- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0036- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0036- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0037- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0037- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0038- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0038- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0000- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0000- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0000- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0001- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0001- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0001- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0002- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0002- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0002- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0003- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0003- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0003- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0004- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0004- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0004- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0005- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0005- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0005- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0006- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0006- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0006- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0007- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0007- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0007- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0008- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0008- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0008- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0009- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0009- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0009- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0010- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0010- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0010- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0011- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0011- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0011- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0012- ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0012- ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0012- ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-FFFF-FFFF-FFFF- ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC- 0016-0000-0030-ABCDEFFEDCBA}Found and removed: Software\Classes \CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0033- ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC- 0016-0000-0034-ABCDEFFEDCBA}Found and removed: Software\Classes \CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0037- ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC- 0016-0000-0038-ABCDEFFEDCBA}Found and removed: Software\Classes \CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}Found and removed: Software\JavaSoft\Java UpdateFound and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0004- ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0013-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0013-0001-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0013-0001-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0013-0001-0006-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0013-0001-0008-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0013-0001-0010-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0013-0001-0012-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0013-0001-0014-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0013-0001-0016-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0013-0001-0018-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0013-0001-0020-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0014-0000-0000-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0014-0000-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0014-0000-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0014-0001-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0014-0001-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0014-0001-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0014-0001-0007-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0014-0002-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0014-0002-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0014-0002-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0014-0002-0007-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0014-0002-0009-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0014-0002-0011-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0014-0002-0013-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0014-0002-0015-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0014-0002-0017-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0014-0002-0019-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0015-0000-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0015-0000-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0015-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0015-0000-0007-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0015-0000-0009-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0015-0000-0011-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0015-0000-0013-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0015-0000-0015-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0015-0000-0017-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0015-0000-0019-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0015-0000-0021-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0000-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001- ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0001-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0002-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003- ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005- ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0005-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0006-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007- ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0008-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009- ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0009-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0010-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011- ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0012-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013- ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0013-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0014-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015- ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0016-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017- ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0017-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0018-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019- ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0020-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021- ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0021-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0022-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023- ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0024-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025- ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0025-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0026-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027- ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0028-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029- ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0029-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0030-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031- ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0032-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033- ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0033-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0034-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035- ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0036-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037- ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0037-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0016-0000-0038-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000- ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0017-0000-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002- ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0017-0000-0002-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0017-0000-0003-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004- ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0017-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006- ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0017-0000-0006-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0017-0000-0007-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008- ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0017-0000-0009-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010- ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0017-0000-0010-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011- ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- 0017-0000-0011-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes \CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012- ABCDEFFEDCBC}Found and removed: SOFTWARE\JavaSoft\Java Web Start \1.0.1Found and removed: SOFTWARE\JavaSoft\Java Web Start \1.0.1_02Found and removed: SOFTWARE\JavaSoft\Java Web Start \1.0.1_03Found and removed: SOFTWARE\JavaSoft\Java Web Start \1.0.1_04Found and removed: SOFTWARE\JavaSoft\Java Web Start \1.2Found and removed: SOFTWARE\JavaSoft\Java Web Start \1.2.0_01Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB- 11CF-AAA5-00401C608501}Found and removed: SOFTWARE\Classes\CLSID \{5852F5ED-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE \Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}Found and removed: SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9- 00805F499D93}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC- DEC7-0000-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes \CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}Found and removed: SOFTWARE\Classes\Installer\Features \F60730A4A66673047777F5728467D401Found and removed: SOFTWARE \Classes\Installer\Products\F60730A4A66673047777F5728467D401Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes \6C5ADB75C34456D42B338232391207FFFound and removed: SOFTWARE \Classes\Installer\UpgradeCodes \A5CCAAC40F5B69B47777ACF82566467CFound and removed: SOFTWARE \Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\MIME\Database\Content Type \application/java-deployment-toolkitFound and removed: SOFTWARE \Classes\MIME\Database\Content Type\application/x-java-appletFound and removed: SOFTWARE\Classes\MIME\Database\Content Type \application/x-java-jnlp-fileFound and removed: SOFTWARE\Classes \TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\.jarFound and removed: SOFTWARE\Classes\.jnlpFound and removed: SOFTWARE\Classes\jarfileFound and removed: SOFTWARE \Classes\JavaWebStart.isInstalledFound and removed: SOFTWARE \Classes\JavaWebStart.isInstalled.1.7.0.0Found and removed: SOFTWARE\Classes\JNLPFileFound and removed: SOFTWARE\Microsoft \Windows\CurrentVersion\App Paths\javaws.exeFound and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper ObjectsFound and removed: SOFTWARE\Microsoft\Windows \CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} Found and removed: SOFTWARE\JavaSoftFound and removed: SOFTWARE \JreMetricsFound and removed: SOFTWARE \MozillaPlugins------------------------------------Finished reporting.JavaRa 1.16 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Tue Jan 07 06:48:27 2014 Found and removed: Applications\java.exeFound and removed: Applications\javaw.exeFound and removed: CLSID\{CAFEEFAC-0014-0002 -0020-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0020-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0021-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0021-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0022-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0022-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0023-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0023-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0024-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0024-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0025-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0025-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0026-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0026-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0027-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0027-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0028-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0028-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0029-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0029-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0030-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0030-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0031-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0031-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0032-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0032-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0033-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0033-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0034-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0034-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0035-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0035-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0036-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0036-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0037-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0037-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0038-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002- 0038-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002- FFFF-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0000-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0001-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0002-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0003-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0004-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0005-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0006-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0007-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0008-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0009-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0010-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0011-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0012-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0013-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0014-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0015-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0016-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0017-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0018-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0019-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0020-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0021-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0022-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0023-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0023-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0023-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0024-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0024-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0024-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0025-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0025-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0025-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0026-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0026-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0026-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0027-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0027-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0027-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0028-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0028-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0028-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0029-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0029-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0029-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0030-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0030-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0030-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0031-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0031-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0031-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0032-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0032-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0032-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0033-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0033-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0033-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0034-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0034-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0034-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0035-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0035-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0035-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0036-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0036-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000- 0036-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000- FFFF-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000- FFFF-ABCDEFFEDCBA}Found and removed: SOFTWARE \MozillaPlugins------------------------------------Finished reporting.
- January 7, 2014
- 26 replies
Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Man of Leisure replied to Man of Leisure's topic in Resolved Malware Removal Logs

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2014 Ran by Scott at 2014-01-06 21:55:49 Running from C:\Users\Scott\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG AntiVirus Free Edition 2013 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2013 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== Acrobat.com (x32 Version: 1.6.65 - Adobe Systems Incorporated) Adobe Acrobat X Pro (x32 Version: 10.1.6 - Adobe Systems) Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden Adobe Digital Editions 2.0 (x32 Version: 2.0 - Adobe Systems Incorporated) Adobe Flash Player 10 ActiveX (x32 Version: 10.0.42.34 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated) Adobe Reader 9.4.6 MUI (x32 Version: 9.4.6 - Adobe Systems Incorporated) Adobe Shockwave Player (x32 Version: 11.5.1.601 - Adobe Systems, Inc.) AnyDVD (x32 Version: 7.3.9.0 - SlySoft) ATI Catalyst Install Manager (Version: 3.0.758.0 - ATI Technologies, Inc.) Audiograbber 1.83 SE (x32 Version: 1.83 SE - Audiograbber) AVG 2013 (Version: 13.0.3462 - AVG Technologies) Hidden AVG 2013 (Version: 13.0.3658 - AVG Technologies) Hidden AVG 2013 (Version: 2013.0.3462 - AVG Technologies) Belkin @TV Software (x32 Version: 1.8.3.206 - Belkin) Belkin @TV Software (x32 Version: 1.8.3.206 - Belkin) Hidden Best Case Bankruptcy (x32 Version: 22 - Best Case Bankruptcy) BitRaider Web Client (x32 Version: 1.1.6.3 - BitRaider, LLC) Broadcom 2070 Bluetooth 2.1 + EDR (Version: 6.2.1.1100 - Broadcom Corporation) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Core Implementation (x32 Version: 2010.0122.858.16002 - ATI) Hidden Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0122.858.16002 - ATI) Hidden Catalyst Control Center Graphics Full New (x32 Version: 2010.0122.858.16002 - ATI) Hidden Catalyst Control Center Graphics Light (x32 Version: 2010.0122.858.16002 - ATI) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0122.858.16002 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0122.858.16002 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2010.0122.858.16002 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2010.0122.858.16002 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Czech (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Danish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Dutch (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help English (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Finnish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help French (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help German (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Greek (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Hungarian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Italian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Japanese (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Korean (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Norwegian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Polish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Portuguese (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Russian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Spanish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Swedish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Thai (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Turkish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden ccc-core-static (x32 Version: 2010.0122.858.16002 - ATI) Hidden ccc-utility64 (Version: 2010.0122.858.16002 - ATI) Hidden CDDRV_Installer (Version: 4.60 - Logitech) Hidden Citrix online plug-in - web (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Citrix online plug-in (DV) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden Citrix online plug-in (HDX) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden Citrix online plug-in (USB) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden Citrix online plug-in (Web) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft) DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.0.3715 - Hewlett-Packard) DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.0.3715 - Hewlett-Packard) Hidden erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden ESET Online Scanner v3 (x32 Version: - ) ESU for Microsoft Windows 7 (x32 Version: 1.0.0 - Hewlett-Packard) FamilySearch Indexing 3.17.3 (x32 Version: 3.17.3 - FamilySearch) Free YouTube Downloader 3.5.184 (x32 Version: - HOW Inc.) Google Chrome (HKCU Version: 31.0.1650.63 - Google Inc.) Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google) Google Talk Plugin (x32 Version: 4.9.1.16010 - Google) Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden HandBrake 0.9.9.1 (x32 Version: 0.9.9.1 - ) HP Customer Experience Enhancements (x32 Version: 6.0.1.4 - Hewlett-Packard) Hidden HP DVB-T TV Tuner 8.0.64.43 (x32 Version: 8.0.64.43 - ) HP SimplePass Identity Protection (Version: 5.00.140 - DigitalPersona, Inc.) HP Wireless Assistant (Version: 4.0.3.2 - Hewlett-Packard) IDT Audio (x32 Version: 1.0.6265.0 - IDT) Intel® Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation) Intel® Rapid Storage Technology (x32 Version: 9.5.4.1001 - Intel Corporation) Intel® Turbo Boost Technology Driver (x32 Version: 01.00.01.1002 - Intel Corporation) Internet TV for Windows Media Center (x32 Version: 4.2.2.0 - Microsoft Corporation) Java 7 Update 45 (x32 Version: 7.0.450 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java 6 Update 17 (64-bit) (Version: 6.0.170 - Sun Microsystems, Inc.) Jump Desktop (x32 Version: 3.3.3 - Phase Five Systems) Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden Logitech SetPoint (x32 Version: 4.80 - Logitech) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 1.1 (x32 Version: - ) Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Default Manager (x32 Version: 2.1.54.0 - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation) Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (x32 Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla) Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation) Netflix in Windows Media Center (x32 Version: 3.3.101.0 - Microsoft Corporation) NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) OggSync8 (x32 Version: 8.0.5 - ICOA Inc.) OverDrive Media Console (x32 Version: 3.2.20 - OverDrive, Inc.) Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation) Plex Home Theater (x32 Version: 1.0.7 - Plex inc) PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden QuickTime (x32 Version: 7.72.80.56 - Apple Inc.) Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.11.1127.2009 - Realtek) Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30111 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.2512 - CyberLink Corp.) Hidden Replay Media Catcher 4 (Version: 4.1.1 - Applian Technologies) Replay Video Capture (x32 Version: 4.2 - Applian Technologies Inc.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden ShowAnalyzerSuite (x32 Version: 1.0.59.783 - Dragon Global) Skype Toolbars (x32 Version: 5.3.7555 - Skype Technologies S.A.) Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.) SoundTaxi 4.3.8 (x32 Version: 4.3.8 - cyan soft ltd) SoundTaxi Media Suite 4.3.8 (x32 Version: 4.3.8 - cyan soft ltd) Star Wars: The Old Republic (x32 Version: 1.00 - Electronic Arts, Inc.) Synaptics Pointing Device Driver (Version: 15.3.29.0 - Synaptics Incorporated) TuneGet 3.3.8 (x32 Version: 3.3.8 - cyan soft ltd) Unity Web Player (HKCU Version: - Unity Technologies ApS) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2494150) (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft) uRex DVD Ripper Platinum (HKCU Version: - uRexsoft, Inc. All Rights Reserved.) uRex DVD Ripper Platinum (x32 Version: - uRexsoft, Inc. All Rights Reserved.) Validity Sensors DDK (Version: 4.1.129.0 - Validity Sensors, Inc.) Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2 - AVG Technologies) Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1 - AVG Technologies) WinDirStat 1.1.2 (HKCU Version: - ) Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405 - Broadcom) Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414) (Version: 12/16/2009 6.2.0.9414 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800 - Broadcom) Windows Driver Package - U.S. Robotics Corporation Model 5637 Voice Driver (01/28/2011 3.1.0.46) (Version: 01/28/2011 3.1.0.46 - U.S. Robotics Corporation) Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation) Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Media Center Add-in for Flash (x32 Version: 4.1.2.0 - Microsoft Corporation) Windows Media Center Add-in for Silverlight (x32 Version: 4.7.3.0 - Microsoft Corporation) Windows Media Encoder 9 Series (x32 Version: - ) Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp) WinX Bluray DVD iPhone Ripper 4.5.1 (x32 Version: - Digiarty Software,Inc.) WinX HD Video Converter Deluxe 3.12.1 (x32 Version: - Digiarty Software,Inc.) XviD MPEG-4 Video Codec (x32 Version: XviD-1.0-09052004 - XviD Team (Koepi)) ==================== Restore Points ========================= 03-01-2014 16:11:10 Windows Update 05-01-2014 04:12:04 Removed AVG 2013 05-01-2014 04:13:49 Removed AVG 2013 07-01-2014 01:42:53 Malwarebytes Anti-Rootkit Restore Point ==================== Hosts content: ========================== 2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {03D11EB0-38D6-4DAF-8038-8392CEDA8085} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe Task: {4EB3019B-5853-433C-AADF-0510D23D98EA} - System32\Tasks\{357D6AC3-E9F0-48F7-8170-EF999700B1C2} => C:\Program Files (x86)\Replay Media Catcher\MediaCatcher.exe Task: {60EC2B2F-6652-4FDA-9C66-42D2BE013B23} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated) Task: {62BFC646-BD92-4AF5-BA70-D2301E078975} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] () Task: {7C3A01F9-A8A4-403A-A9C0-5844D5F8F941} - System32\Tasks\{E3B77F80-4AF3-4FA1-8A34-F5C7DC216ECE} => C:\Program Files (x86)\Replay Media Catcher\MediaCatcher.exe Task: {9A024779-7208-42C8-9584-659F7D05846C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001Core => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-07] (Google Inc.) Task: {A348336F-0901-446D-83F3-8C111D2FF7D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-07] (Google Inc.) Task: {C842BE89-69CA-49A3-9ADD-05EBE666FE98} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001UA => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-07] (Google Inc.) Task: {D018AF52-E104-42F2-BA96-E7480ACB078A} - System32\Tasks\{74DB4A69-529D-4AEE-8D3B-C6DC0C9B7475} => C:\Program Files (x86)\Replay Media Catcher\MediaCatcher.exe Task: {E800CA63-FD28-45A6-897C-F01F3E2A33AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-07] (Google Inc.) Task: {F6B37A61-9E3C-427A-B702-BA3CD3C75E55} - System32\Tasks\{89776D4C-4D7E-4BC5-90A6-7A502FC654B7} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001Core.job => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001UA.job => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe ==================== Loaded Modules (whitelisted) ============= 2009-12-16 14:51 - 2009-12-16 14:51 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll 2009-12-16 14:51 - 2009-12-16 14:51 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll 2013-05-07 11:42 - 2013-05-07 11:42 - 02112040 _____ () C:\Program Files (x86)\Jump Desktop\JumpNetwork.dll 2013-12-05 11:45 - 2013-12-03 18:47 - 00702416 _____ () C:\Users\Scott\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll 2013-12-05 11:45 - 2013-12-03 18:47 - 00099792 _____ () C:\Users\Scott\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll 2013-12-05 11:45 - 2013-12-03 18:48 - 04055504 _____ () C:\Users\Scott\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll 2013-12-05 11:45 - 2013-12-03 18:48 - 00399312 _____ () C:\Users\Scott\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll 2013-12-05 11:45 - 2013-12-03 18:47 - 01619408 _____ () C:\Users\Scott\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Windows\SysWOW64\mswinsck32.ocx:rsrc AlternateDataStreams: C:\Users\Scott\AppData\Roaming\Comma Separated Values (Windows).EML:OECustomProperty ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service" ==================== Faulty Device Manager Devices ============= Name: HP Integrated Module with Bluetooth 2.1 Wireless Technology Description: HP Integrated Module with Bluetooth 2.1 Wireless Technology Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Broadcom Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Motorola Flash Interface Description: Motorola Flash Interface Class Guid: {feb8d079-0681-11d4-9531-0060089abc08} Manufacturer: Motorola Inc Service: MotDev Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39) Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. Name: Motorola Flash Interface Description: Motorola Flash Interface Class Guid: {feb8d079-0681-11d4-9531-0060089abc08} Manufacturer: Motorola Inc Service: MotDev Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39) Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. Name: Android Composite ADB Interface Description: Android Composite ADB Interface Class Guid: {3f966bd9-fa04-4ec5-991c-d326973b5128} Manufacturer: Google, Inc. Service: WinUSB Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/06/2014 08:16:12 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/06/2014 08:13:13 PM) (Source: Application Error) (User: ) Description: Faulting application name: avgwdsvc.exe, version: 13.0.0.3456, time stamp: 0x528bf6a4 Faulting module name: avgwd.dll, version: 13.0.0.3456, time stamp: 0x528c07da Exception code: 0xc0000005 Fault offset: 0x000808f1 Faulting process id: 0x34c Faulting application start time: 0xavgwdsvc.exe0 Faulting application path: avgwdsvc.exe1 Faulting module path: avgwdsvc.exe2 Report Id: avgwdsvc.exe3 Error: (01/06/2014 07:58:25 PM) (Source: Application Error) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24 Exception code: 0xc000070a Fault offset: 0x000000000005cf99 Faulting process id: 0xb68 Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (01/06/2014 07:45:41 PM) (Source: Application Error) (User: ) Description: Faulting application name: avgwdsvc.exe, version: 13.0.0.3456, time stamp: 0x528bf6a4 Faulting module name: avgwd.dll, version: 13.0.0.3456, time stamp: 0x528c07da Exception code: 0xc0000005 Fault offset: 0x000808f1 Faulting process id: 0x618 Faulting application start time: 0xavgwdsvc.exe0 Faulting application path: avgwdsvc.exe1 Faulting module path: avgwdsvc.exe2 Report Id: avgwdsvc.exe3 Error: (01/06/2014 05:46:17 PM) (Source: Application Error) (User: ) Description: Faulting application name: avgwdsvc.exe, version: 13.0.0.3456, time stamp: 0x528bf6a4 Faulting module name: avgwd.dll, version: 13.0.0.3456, time stamp: 0x528c07da Exception code: 0xc0000005 Fault offset: 0x000808f1 Faulting process id: 0x2f4 Faulting application start time: 0xavgwdsvc.exe0 Faulting application path: avgwdsvc.exe1 Faulting module path: avgwdsvc.exe2 Report Id: avgwdsvc.exe3 Error: (01/06/2014 04:58:51 PM) (Source: Application Error) (User: ) Description: Faulting application name: avgdiagex.exe, version: 13.0.0.3304, time stamp: 0x51539980 Faulting module name: avgduix.dll, version: 13.0.0.3211, time stamp: 0x5122e30b Exception code: 0xc0000005 Fault offset: 0x000527d9 Faulting process id: 0xb80 Faulting application start time: 0xavgdiagex.exe0 Faulting application path: avgdiagex.exe1 Faulting module path: avgdiagex.exe2 Report Id: avgdiagex.exe3 Error: (01/06/2014 04:58:48 PM) (Source: Application Error) (User: ) Description: Faulting application name: avgwdsvc.exe, version: 13.0.0.3456, time stamp: 0x528bf6a4 Faulting module name: avgwd.dll, version: 13.0.0.3456, time stamp: 0x528c07da Exception code: 0xc0000005 Fault offset: 0x000808f1 Faulting process id: 0x74c Faulting application start time: 0xavgwdsvc.exe0 Faulting application path: avgwdsvc.exe1 Faulting module path: avgwdsvc.exe2 Report Id: avgwdsvc.exe3 Error: (01/06/2014 00:31:27 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/06/2014 00:31:24 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error: (01/06/2014 00:30:07 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. The manifest file root element must be assembly. System errors: ============= Error: (01/06/2014 08:30:01 PM) (Source: Microsoft Antimalware) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.1114.0 Update Source: %NT AUTHORITY59 Update Stage: 4.4.0304.00 Source Path: 4.4.0304.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (01/06/2014 08:17:11 PM) (Source: Service Control Manager) (User: ) Description: The HP Health Check Service service failed to start due to the following error: %%2 Error: (01/06/2014 08:15:10 PM) (Source: Service Control Manager) (User: ) Description: The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). Error: (01/06/2014 08:15:10 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: Avgldx64 Error: (01/06/2014 08:12:53 PM) (Source: Service Control Manager) (User: ) Description: The AVGIDSAgent service terminated with service-specific error %%-536753637. Error: (01/06/2014 07:59:52 PM) (Source: Microsoft Antimalware) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.1114.0 Update Source: %NT AUTHORITY59 Update Stage: 4.4.0304.00 Source Path: 4.4.0304.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (01/06/2014 07:48:13 PM) (Source: Service Control Manager) (User: ) Description: The HP Health Check Service service failed to start due to the following error: %%2 Error: (01/06/2014 07:46:10 PM) (Source: Service Control Manager) (User: ) Description: The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). Error: (01/06/2014 07:46:10 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: Avgldx64 Error: (01/06/2014 07:45:23 PM) (Source: Service Control Manager) (User: ) Description: The AVGIDSAgent service terminated with service-specific error %%-536753637. Microsoft Office Sessions: ========================= Error: (01/06/2014 08:16:12 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Scott\Downloads\esetsmartinstaller_enu.exe Error: (01/06/2014 08:13:13 PM) (Source: Application Error)(User: ) Description: avgwdsvc.exe13.0.0.3456528bf6a4avgwd.dll13.0.0.3456528c07dac0000005000808f134c01cf0b5ebc47b32cC:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exeC:\Program Files (x86)\AVG\AVG2013\avgwd.dll05fa114f-7752-11e3-afe9-c80aa99520dd Error: (01/06/2014 07:58:25 PM) (Source: Application Error)(User: ) Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c000070a000000000005cf99b6801cf0b5aec10632eC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dllf4915071-774f-11e3-be17-c80aa99520dd Error: (01/06/2014 07:45:41 PM) (Source: Application Error)(User: ) Description: avgwdsvc.exe13.0.0.3456528bf6a4avgwd.dll13.0.0.3456528c07dac0000005000808f161801cf0b5ae48673d5C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exeC:\Program Files (x86)\AVG\AVG2013\avgwd.dll2dae3582-774e-11e3-be17-c80aa99520dd Error: (01/06/2014 05:46:17 PM) (Source: Application Error)(User: ) Description: avgwdsvc.exe13.0.0.3456528bf6a4avgwd.dll13.0.0.3456528c07dac0000005000808f12f401cf0b4a30a60145C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exeC:\Program Files (x86)\AVG\AVG2013\avgwd.dll7f3adce5-773d-11e3-9380-c80aa99520dd Error: (01/06/2014 04:58:51 PM) (Source: Application Error)(User: ) Description: avgdiagex.exe13.0.0.330451539980avgduix.dll13.0.0.32115122e30bc0000005000527d9b8001cf0b439705d279C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exeC:\Program Files (x86)\AVG\AVG2013\avgduix.dlldef0802a-7736-11e3-a369-c80aa99520dd Error: (01/06/2014 04:58:48 PM) (Source: Application Error)(User: ) Description: avgwdsvc.exe13.0.0.3456528bf6a4avgwd.dll13.0.0.3456528c07dac0000005000808f174c01cf0b438dad8b85C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exeC:\Program Files (x86)\AVG\AVG2013\avgwd.dlldd1b9114-7736-11e3-a369-c80aa99520dd Error: (01/06/2014 00:31:27 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Belkin\@TV\Setup Wizard\SetupWizard.exe Error: (01/06/2014 00:31:24 AM) (Source: SideBySide)(User: ) Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 Error: (01/06/2014 00:30:07 AM) (Source: SideBySide)(User: ) Description: C:\Users\Scott\AppData\OggSync8\adxloader.dll.ManifestC:\Users\Scott\AppData\OggSync8\adxloader.dll.Manifest2 CodeIntegrity Errors: =================================== Date: 2013-12-29 05:56:54.011 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\DigitalPersona\Bin\DpOFeedb.dll because the set of per-page image hashes could not be found on the system. Date: 2013-12-29 05:56:53.901 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\DigitalPersona\Bin\DpOFeedb.dll because the set of per-page image hashes could not be found on the system. Date: 2013-12-29 05:56:53.791 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\DigitalPersona\Bin\DpOFeedb.dll because the set of per-page image hashes could not be found on the system. Date: 2013-12-29 05:56:53.691 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\DigitalPersona\Bin\DpOFeedb.dll because the set of per-page image hashes could not be found on the system. Date: 2013-12-29 05:56:53.571 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-12-29 05:56:53.451 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\DigitalPersona\Bin\DpOFeedb.dll because the set of per-page image hashes could not be found on the system. Date: 2013-12-29 05:56:53.351 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\DigitalPersona\Bin\DpOFeedb.dll because the set of per-page image hashes could not be found on the system. Date: 2013-12-29 05:56:53.241 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\DigitalPersona\Bin\DpOFeedb.dll because the set of per-page image hashes could not be found on the system. Date: 2013-12-29 05:18:37.585 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\DigitalPersona\Bin\DpOFeedb.dll because the set of per-page image hashes could not be found on the system. Date: 2013-12-29 05:18:37.476 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\DigitalPersona\Bin\DpOFeedb.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 48% Total physical RAM: 5941.86 MB Available physical RAM: 3083.88 MB Total Pagefile: 11883.72 MB Available Pagefile: 8844.54 MB Total Virtual: 8192 MB Available Virtual: 8191.78 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:442.72 GB) (Free:306.41 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:22.74 GB) (Free:3.32 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 4CB80527) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=443 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=23 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End Of Log ============================
- January 7, 2014
- 26 replies
Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Man of Leisure replied to Man of Leisure's topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014Ran by Scott (administrator) on RIVENDELL on 06-01-2014 21:54:56Running from C:\Users\Scott\DownloadsWindows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(AMD) C:\Windows\System32\atiesrxx.exe(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\stacsv64.exe(Hewlett-Packard) C:\Windows\System32\hpservice.exe(AMD) C:\Windows\System32\atieclxx.exe(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Monsoon Multimedia Inc.) C:\Program Files (x86)\Belkin\@TV\Common\havasvc.exe(Phase Five Systems) C:\Program Files (x86)\Jump Desktop\JumpService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe(Logitech Inc.) C:\Program Files\Logitech\SetPoint\LBTWiz.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Phase Five Systems) C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe(Dragon Global) C:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe(Google Inc.) C:\Users\Scott\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler.exe(Google Inc.) C:\Users\Scott\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler64.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Google Inc.) C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\taskmgr.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe(Google Inc.) C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-13] (IDT, Inc.)HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [172032 2010-02-28] (Sun Microsystems, Inc.)HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2009-12-16] (Hewlett-Packard)HKLM\...\Run: [bluetooth Connection Assistant] - LBTWIZ.EXE -silentHKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.Exe [130576 2009-06-17] (Logitech, Inc.)HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Microsoft Default Manager] - "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resumeHKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [37296 2011-09-07] (Adobe Systems Incorporated)HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300400 2010-03-10] (Citrix Systems, Inc.)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [] - [x]HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe [39136 2012-12-18] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe [825560 2012-12-18] (Adobe Systems Inc.)HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)HKCU\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exeHKCU\...\Run: [Google Update] - C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-08-07] (Google Inc.)HKCU\...\Run: [Adobe Acrobat Synchronizer] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1264360 2012-12-18] (Adobe Systems Incorporated)HKCU\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [93096 2013-12-27] (SlySoft, Inc.)HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exeHKCU\...\Run: [GoogleDriveSync] - "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostartHKCU\...\Run: [ROC_ROC_APR2013_AV] - C:\Users\Scott\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 4ced2b23a9cd47d0814fa1bad3cf9d04-bd9abf57d5c6eecffec5926f541664f5b0b9becf --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013HKCU\...\Run: [Jump Desktop] - C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe [469032 2013-05-07] (Phase Five Systems)HKCU\...\Run: [AVG-Secure-Search-Update_0913a] - C:\Users\Scott\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 4ced2b23a9cd47d0814fa1bad3cf9d04-bd9abf57d5c6eecffec5926f541664f5b0b9becf --CMPID 0913aMountPoints2: {28dcdc13-dfbb-11e0-a1ee-70f3952b74f7} - G:\setup.exe -aMountPoints2: {5966ca7c-fd0b-11e2-aeec-8b0cfd3ea3eb} - G:\VZW_Software_upgrade_assistant.exeMountPoints2: {73f42c51-5912-11e3-b8d2-c80aa99520dd} - G:\TL_Bootstrap.exeMountPoints2: {783e61f0-5940-11e3-ad28-c80aa99520dd} - G:\TL_Bootstrap.exeMountPoints2: {783e6249-5940-11e3-ad28-c80aa99520dd} - G:\TL_Bootstrap.exeMountPoints2: {9a408aac-248f-11e2-9652-70f3952b74f7} - G:\setup.exe -aHKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exeHKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exeHKU\Guest\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exeHKU\Roxanne\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exeHKU\Roxanne\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [7695272 2013-12-27] (SlySoft, Inc.)HKU\Roxanne\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)HKU\Xander\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exeHKU\Xander\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)Lsa: [Notification Packages] DPPassFilter scecliBootExecute: autocheck autochk * /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {4C2ACFB5-CD27-4945-B090-7843A588BBDB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushplSearchScopes: HKCU - {4C2ACFB5-CD27-4945-B090-7843A588BBDB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushplSearchScopes: HKCU - {61C0665B-F355-4ECB-96A6-03B9FE8509AF} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0AzyzyyDtBtD0D0D0FtDtAzytN0D0Tzu0CyBtByBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=218193065&ir=BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No FileBHO: HP SimplePass Identity Protection Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: HP SimplePass Identity Protection Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No FileHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No FileHandler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No FileHandler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No FileFilter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No FileFilter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\vot1f0vw.defaultFF Keyword.URL: user_pref("keyword.URL", "");FF NetworkProxy: "type", 0FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Scott\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Scott\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Scott\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\vot1f0vw.default\searchplugins\facebook.xmlFF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\vot1f0vw.default\searchplugins\google-maps.xmlFF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\vot1f0vw.default\searchplugins\hulu.xmlFF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\vot1f0vw.default\searchplugins\imdb.xmlFF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\vot1f0vw.default\searchplugins\webster.xmlFF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\vot1f0vw.default\searchplugins\wikipedia-eng.xmlFF Extension: NoScript - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\vot1f0vw.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpiFF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn Chrome: =======CHR DefaultSearchProvider: Google.comCHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR DefaultNewTabURL: CHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\Scott\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\Scott\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()CHR Plugin: (Shockwave Flash) - C:\Users\Scott\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No FileCHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No FileCHR Plugin: (AVG Internet Security) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No FileCHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)CHR Plugin: (Google Talk Plugin) - C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No FileCHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No FileCHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No FileCHR Extension: (Angry Birds) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_9CHR Extension: (Email this page (by Google)) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai\1.2.5_9CHR Extension: (PDFescape Free PDF Editor) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdefoklganepljiopdnglodohlgfikkl\0.21_0CHR Extension: (NotScripts for Chrome OS) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggelcmlddhfancdnejmjpjifkdohobkd\0.9.6.2_0CHR Extension: (Google Voice (by Google)) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.4.4_0CHR Extension: (Pocket Legends) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpdbcnfpodnaefldpdohoibdajcfabp\2.0.0.0_1CHR Extension: (Plants vs Zombies) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0CHR Extension: (Google Wallet) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0CHR Extension: (Better Pop Up Blocker) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6CHR Extension: (NotScripts) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0CHR StartMenuInternet: Google Chrome - C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-08-15] (BitRaider, LLC)S3 GSService; C:\Windows\SysWOW64\GSService.exe [252928 2012-05-31] ()R2 havasvc; C:\Program Files (x86)\Belkin\@TV\Common\havasvc.exe [150224 2012-12-27] (Monsoon Multimedia Inc.)R2 JumpDesktop; C:\Program Files (x86)\Jump Desktop\JumpService.exe [7680 2013-05-07] (Phase Five Systems)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)R2 ShowAnalyzerMaster; C:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe [2074112 2010-02-08] (Dragon Global)S3 SMServer; C:\Windows\SysWOW64\snmvtsvc.exe [260608 2012-06-01] (SMServer)R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\STacSV64.exe [244736 2010-01-13] (IDT, Inc.)S2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [x] ==================== Drivers (Whitelisted) ==================== R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138152 2013-11-26] (SlySoft, Inc.)R3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [138152 2013-11-26] (SlySoft, Inc.)S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2010-06-24] (Applian Technologies Inc.)R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2010-06-24] (Applian Technologies Inc.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)S3 BRDriver64; C:\programdata\bitraider\BRDriver64.sys [74024 2013-06-05] (BitRaider)R1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [20056 2010-01-29] (DeviceVM, Inc.)R3 havabus; C:\Windows\System32\DRIVERS\havabus.sys [45056 2012-12-27] (Monsoon Multimedia Inc.)R3 HAVATV; C:\Windows\System32\DRIVERS\HAVATV.sys [189568 2012-12-27] (Monsoon Multimedia Inc.)R3 HavaTV_10; C:\Windows\System32\DRIVERS\HavaTV_10.sys [189568 2012-12-27] (Monsoon Multimedia Inc.)S3 hcw72ADFilter; C:\Windows\System32\DRIVERS\hcw72ADFilter.sys [38912 2009-10-09] (Hauppauge Computer Works, Inc.)S3 hcw72ATV; C:\Windows\System32\DRIVERS\hcw72ATV.sys [1627520 2009-10-09] (Hauppauge Computer Works, Inc.)S3 hcw72DTV; C:\Windows\System32\DRIVERS\hcw72DTV.sys [1630080 2009-10-09] (Hauppauge Computer Works, Inc.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)R3 SndTAudio; C:\Windows\System32\drivers\SndTAudio.sys [34088 2012-06-05] (Windows ® Win 7 DDK provider)S3 BTCFilterService; system32\DRIVERS\motfilt.sys [x]S3 motandroidusb; System32\Drivers\motoandroid.sys [x]S3 motccgp; system32\DRIVERS\motccgp.sys [x]S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x]S3 MotDev; system32\DRIVERS\motodrv.sys [x]S3 motmodem; system32\DRIVERS\motmodem.sys [x]S3 MotoSwitchService; system32\DRIVERS\motswch.sys [x]S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [x]S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]S3 tsusbhub; system32\drivers\tsusbhub.sys [x]S3 usbbus; system32\DRIVERS\lgx64bus.sys [x]S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [x]S3 USBModem; system32\DRIVERS\lgx64modem.sys [x]S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-06 21:54 - 2014-01-06 21:55 - 00029932 _____ C:\Users\Scott\Downloads\FRST.txt2014-01-06 21:54 - 2014-01-06 21:54 - 01931762 _____ (Farbar) C:\Users\Scott\Downloads\FRST64.exe2014-01-06 21:54 - 2014-01-06 21:54 - 00000000 ____D C:\FRST2014-01-06 21:52 - 2014-01-06 21:52 - 00000292 _____ C:\Users\Scott\Desktop\eset.txt2014-01-06 20:16 - 2014-01-06 20:16 - 00000000 ____D C:\Program Files (x86)\ESET2014-01-06 20:15 - 2014-01-06 20:15 - 02347384 _____ (ESET) C:\Users\Scott\Downloads\esetsmartinstaller_enu.exe2014-01-06 19:47 - 2014-01-06 19:47 - 00014446 _____ C:\Users\Scott\Desktop\AdwCleaner[s0].txt2014-01-06 19:36 - 2014-01-06 19:36 - 01233962 _____ C:\Users\Scott\Downloads\AdwCleaner (1).exe2014-01-06 19:31 - 2014-01-06 19:32 - 00002372 _____ C:\Users\Scott\Desktop\Rkill.txt2014-01-06 19:31 - 2014-01-06 19:31 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Scott\Downloads\rkill.exe2014-01-06 19:31 - 2014-01-06 19:31 - 00000000 ____D C:\Users\Scott\Desktop\rkill2014-01-06 19:04 - 2014-01-06 19:29 - 01036305 _____ (Thisisu) C:\Users\Scott\Desktop\JRT.exe2014-01-06 17:05 - 2014-01-06 18:58 - 00000000 ____D C:\Users\Scott\Desktop\mbar2014-01-06 17:05 - 2014-01-06 17:48 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-01-06 17:04 - 2014-01-06 17:04 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Scott\Downloads\mbar-1.07.0.1008.exe2014-01-06 17:02 - 2014-01-06 17:02 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-01-06 17:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-01-06 17:01 - 2014-01-06 17:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Scott\Downloads\mbam-setup-1.75.0.1300.exe2014-01-06 16:46 - 2014-01-06 16:46 - 00000000 ____D C:\ProgramData\Recovery2014-01-03 19:57 - 2014-01-06 16:54 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Pefeubxe2014-01-03 19:43 - 2014-01-06 17:43 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Kouvywaf2014-01-03 19:34 - 2014-01-06 16:54 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Lufuduov2014-01-03 19:12 - 2014-01-06 16:54 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Gyepky2014-01-03 18:39 - 2014-01-06 16:54 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Migeed2014-01-03 17:58 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Awitryu2014-01-03 17:57 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Byipowyr2014-01-03 17:54 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Awukzo2014-01-03 17:51 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Fiolvuoh2014-01-03 17:48 - 2014-01-06 16:54 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Ryqyinn2014-01-03 17:44 - 2014-01-03 17:44 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Malwarebytes2014-01-03 17:43 - 2014-01-06 17:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-01-03 17:43 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Deagampa2014-01-03 17:43 - 2014-01-03 17:43 - 00000000 ____D C:\ProgramData\Malwarebytes2014-01-03 17:42 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Kaxygeo2014-01-03 17:38 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Umamuke2014-01-03 17:35 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Yqyksysy2014-01-03 17:32 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Ixirdo2014-01-03 17:30 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Worikuy2014-01-03 17:27 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Ebkuadiv2014-01-03 17:25 - 2014-01-06 16:54 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Iqarfypa2014-01-03 17:25 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Fizoydis2014-01-03 17:23 - 2014-01-06 16:54 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Appuuwa2014-01-03 17:22 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Umhoiv2014-01-03 17:19 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Epolvywa2014-01-03 17:17 - 2014-01-06 16:54 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Yntyyti2014-01-03 17:17 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Atzyyq2014-01-03 17:14 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Ofdobo2014-01-03 17:11 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Qiazpepi2014-01-03 17:09 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Ohehfua2014-01-03 17:06 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Pyuboc2014-01-03 15:53 - 2014-01-03 15:57 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Ekivavpy2014-01-03 11:26 - 2014-01-03 11:26 - 00012326 _____ C:\Users\Scott\AppData\Local\ftahroxe2014-01-03 11:25 - 2014-01-03 11:25 - 00067992 _____ C:\Users\Scott\AppData\Local\mmgootcb2014-01-03 11:24 - 2014-01-03 11:24 - 00000000 _____ C:\Users\Scott\AppData\Roaming\SharedSettings.ccs2014-01-01 16:17 - 2014-01-01 16:17 - 548713398 _____ C:\Windows\MEMORY.DMP2014-01-01 16:17 - 2014-01-01 16:17 - 01370592 _____ C:\Windows\Minidump\010114-39031-01.dmp2013-12-30 19:45 - 2013-12-30 19:45 - 00000000 ____D C:\Windows\Sun2013-12-30 10:21 - 2013-12-30 10:21 - 00709934 _____ C:\Users\Scott\Downloads\smsfromlucasdeleon7026281155 (1).zip2013-12-30 10:04 - 2013-12-30 10:05 - 00000022 _____ C:\Users\Scott\Downloads\smsfromlucasdeleon7026281155.zip2013-12-29 17:47 - 2013-12-29 17:47 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Plex Home Theater2013-12-29 17:47 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll2013-12-29 17:46 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll2013-12-29 17:45 - 2014-01-06 16:52 - 00000000 ____D C:\ProgramData\Package Cache2013-12-29 17:44 - 2014-01-06 16:52 - 00000000 ____D C:\Program Files (x86)\Plex Home Theater2013-12-29 17:42 - 2013-12-29 17:43 - 60419104 _____ C:\Users\Scott\Downloads\PlexHomeTheater-1.0.7.169-303ab8cc-windows-x86.exe2013-12-28 17:36 - 2013-12-28 17:36 - 00005051 _____ C:\Users\Scott\Downloads\ScorchTrials-56047.odm2013-12-28 17:25 - 2013-12-28 17:25 - 00004950 _____ C:\Users\Scott\Downloads\BreakingDawn9780739367704.odm2013-12-28 17:25 - 2013-12-28 17:25 - 00004850 _____ C:\Users\Scott\Downloads\Eclipse9780739361009.odm2013-12-28 16:52 - 2014-01-06 19:43 - 00000000 ____D C:\AdwCleaner2013-12-28 16:51 - 2013-12-28 16:51 - 01233962 _____ C:\Users\Scott\Downloads\adwcleaner.exe2013-12-27 19:55 - 2014-01-06 16:52 - 00000000 ____D C:\Program Files (x86)\Free YouTube Downloader2013-12-27 14:44 - 2013-12-27 14:44 - 10558760 _____ C:\Users\Scott\Downloads\SetupAnyDVD7390.exe2013-12-26 22:27 - 2013-12-26 22:27 - 00011953 _____ C:\Users\Scott\Downloads\national_expense_standards.xlsx2013-12-26 22:27 - 2013-12-26 22:27 - 00009388 _____ C:\Users\Scott\Downloads\national_oop_healthcare.xlsx2013-12-23 22:59 - 2013-12-23 22:59 - 00000000 ____D C:\Users\Scott\AppData\Local\Blizzard Entertainment2013-12-23 18:47 - 2014-01-06 16:52 - 00000000 ____D C:\ProgramData\Battle.net2013-12-23 18:47 - 2013-12-25 19:09 - 00000000 ____D C:\Program Files (x86)\World of Warcraft2013-12-23 18:46 - 2013-12-23 18:46 - 83293072 _____ (Blizzard Entertainment) C:\Users\Scott\Downloads\World-of-Warcraft-Setup-enUS (1).exe2013-12-23 18:43 - 2013-12-23 18:43 - 83293072 _____ (Blizzard Entertainment) C:\Users\Scott\Downloads\World-of-Warcraft-Setup-enUS.exe2013-12-21 21:15 - 2014-01-06 16:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-12-21 15:37 - 2013-12-21 15:37 - 00006774 _____ C:\Users\Scott\Downloads\HarryPotterandtheChamberofSecretsUS.odm2013-12-21 15:33 - 2013-12-21 15:33 - 00009161 _____ C:\Users\Scott\Downloads\MemoryofLight.odm2013-12-21 15:33 - 2013-12-21 15:33 - 00006483 _____ C:\Users\Scott\Downloads\EyeoftheWorldWheelofTimeSeriesBook01-56627.odm2013-12-21 15:29 - 2013-12-21 15:29 - 00004730 _____ C:\Users\Scott\Downloads\NewMoon0739348302.odm2013-12-21 15:27 - 2013-12-21 15:27 - 00003491 _____ C:\Users\Scott\Downloads\Hobbit9781405629423.odm2013-12-18 19:14 - 2013-12-18 19:14 - 00005627 _____ C:\Users\Scott\Downloads\LostGate9781441771674.odm2013-12-15 07:16 - 2013-12-15 07:16 - 00005182 _____ C:\Users\Scott\Downloads\0743572769-1495.odm2013-12-11 16:41 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll2013-12-11 16:41 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL2013-12-11 16:41 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL2013-12-11 16:41 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll2013-12-11 16:39 - 2013-11-26 03:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2013-12-11 16:39 - 2013-11-26 02:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2013-12-11 16:39 - 2013-11-26 02:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2013-12-11 16:39 - 2013-11-26 02:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-12-11 16:39 - 2013-11-26 01:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2013-12-11 16:39 - 2013-11-26 01:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2013-12-11 16:39 - 2013-11-26 01:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2013-12-11 16:39 - 2013-11-26 01:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2013-12-11 16:39 - 2013-11-26 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2013-12-11 16:39 - 2013-11-26 01:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-12-11 16:39 - 2013-11-26 01:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2013-12-11 16:39 - 2013-11-26 01:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2013-12-11 16:39 - 2013-11-26 01:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2013-12-11 16:39 - 2013-11-26 01:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2013-12-11 16:39 - 2013-11-26 00:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2013-12-11 16:39 - 2013-11-26 00:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-12-11 16:39 - 2013-11-26 00:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-12-11 16:39 - 2013-11-26 00:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2013-12-11 16:39 - 2013-11-26 00:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-12-11 16:39 - 2013-11-26 00:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2013-12-11 16:39 - 2013-11-26 00:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-12-11 16:39 - 2013-11-26 00:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2013-12-11 16:39 - 2013-11-25 23:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2013-12-11 16:39 - 2013-11-25 23:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2013-12-11 16:39 - 2013-11-25 23:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-12-11 16:39 - 2013-11-25 23:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2013-12-11 16:39 - 2013-11-25 22:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2013-12-11 16:39 - 2013-11-25 22:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2013-12-11 16:39 - 2013-11-25 22:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2013-12-11 16:39 - 2013-11-25 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-12-11 16:39 - 2013-11-25 22:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-12-11 13:36 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll2013-12-11 13:36 - 2013-11-23 09:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll2013-12-11 13:36 - 2013-11-11 18:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2013-12-11 13:36 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2013-12-11 13:36 - 2013-10-29 18:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll2013-12-11 13:36 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll2013-12-11 13:36 - 2013-10-29 17:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2013-12-11 13:36 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll2013-12-11 13:36 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll2013-12-11 13:35 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx2013-12-11 13:35 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll2013-12-11 13:35 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx2013-12-11 13:35 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll2013-12-11 13:35 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe2013-12-11 13:35 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe2013-12-11 13:35 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe2013-12-11 13:35 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe2013-12-11 13:35 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys2013-12-11 13:35 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys ==================== One Month Modified Files and Folders ======= 2014-01-06 21:55 - 2014-01-06 21:54 - 00029932 _____ C:\Users\Scott\Downloads\FRST.txt2014-01-06 21:54 - 2014-01-06 21:54 - 01931762 _____ (Farbar) C:\Users\Scott\Downloads\FRST64.exe2014-01-06 21:54 - 2014-01-06 21:54 - 00000000 ____D C:\FRST2014-01-06 21:54 - 2010-05-18 01:44 - 02048184 _____ C:\Windows\WindowsUpdate.log2014-01-06 21:53 - 2010-08-07 19:21 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-01-06 21:52 - 2014-01-06 21:52 - 00000292 _____ C:\Users\Scott\Desktop\eset.txt2014-01-06 21:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing2014-01-06 21:47 - 2010-08-07 18:08 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001UA.job2014-01-06 21:45 - 2012-04-12 19:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2014-01-06 20:22 - 2009-07-13 20:45 - 00028384 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-01-06 20:22 - 2009-07-13 20:45 - 00028384 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-01-06 20:16 - 2014-01-06 20:16 - 00000000 ____D C:\Program Files (x86)\ESET2014-01-06 20:15 - 2014-01-06 20:15 - 02347384 _____ (ESET) C:\Users\Scott\Downloads\esetsmartinstaller_enu.exe2014-01-06 20:13 - 2010-08-07 19:21 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-01-06 20:12 - 2012-08-20 18:04 - 00048054 _____ C:\Windows\PFRO.log2014-01-06 20:12 - 2012-07-29 06:40 - 00062955 _____ C:\Windows\setupact.log2014-01-06 20:12 - 2010-06-16 10:15 - 00065536 _____ C:\Windows\system32\Ikeext.etl2014-01-06 20:12 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2014-01-06 20:00 - 2010-06-09 20:38 - 00000000 ___HD C:\Users\Scott\AppData\Local\CrashDumps2014-01-06 19:47 - 2014-01-06 19:47 - 00014446 _____ C:\Users\Scott\Desktop\AdwCleaner[s0].txt2014-01-06 19:43 - 2013-12-28 16:52 - 00000000 ____D C:\AdwCleaner2014-01-06 19:36 - 2014-01-06 19:36 - 01233962 _____ C:\Users\Scott\Downloads\AdwCleaner (1).exe2014-01-06 19:32 - 2014-01-06 19:31 - 00002372 _____ C:\Users\Scott\Desktop\Rkill.txt2014-01-06 19:31 - 2014-01-06 19:31 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Scott\Downloads\rkill.exe2014-01-06 19:31 - 2014-01-06 19:31 - 00000000 ____D C:\Users\Scott\Desktop\rkill2014-01-06 19:29 - 2014-01-06 19:04 - 01036305 _____ (Thisisu) C:\Users\Scott\Desktop\JRT.exe2014-01-06 18:58 - 2014-01-06 17:05 - 00000000 ____D C:\Users\Scott\Desktop\mbar2014-01-06 17:53 - 2010-11-03 05:20 - 00389724 _____ C:\Windows\system32\prfh0804.dat2014-01-06 17:53 - 2010-11-03 05:20 - 00124356 _____ C:\Windows\system32\prfc0804.dat2014-01-06 17:53 - 2010-11-03 05:14 - 00423534 _____ C:\Windows\system32\perfh011.dat2014-01-06 17:53 - 2010-11-03 05:14 - 00126496 _____ C:\Windows\system32\perfc011.dat2014-01-06 17:53 - 2009-07-13 21:13 - 01844102 _____ C:\Windows\system32\PerfStringBackup.INI2014-01-06 17:48 - 2014-01-06 17:05 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-01-06 17:45 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\TAPI2014-01-06 17:43 - 2014-01-03 19:43 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Kouvywaf2014-01-06 17:04 - 2014-01-06 17:04 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Scott\Downloads\mbar-1.07.0.1008.exe2014-01-06 17:02 - 2014-01-06 17:02 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-01-06 17:02 - 2014-01-03 17:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-01-06 17:01 - 2014-01-06 17:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Scott\Downloads\mbam-setup-1.75.0.1300.exe2014-01-06 16:58 - 2012-12-16 07:50 - 00000000 ____D C:\Users\Scott\AppData\Local\Avg20132014-01-06 16:58 - 2010-06-08 16:59 - 00000000 ___HD C:\Users\Scott2014-01-06 16:56 - 2012-10-14 05:52 - 00000000 ____D C:\Users\Xander2014-01-06 16:56 - 2010-07-27 09:27 - 00000000 ____D C:\Users\Guest2014-01-06 16:56 - 2010-06-21 06:28 - 00000000 ____D C:\Users\Roxanne2014-01-06 16:56 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar2014-01-06 16:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing2014-01-06 16:55 - 2012-12-16 07:59 - 00000000 ____D C:\ProgramData\AVG20132014-01-06 16:55 - 2012-03-26 18:46 - 00000000 ____D C:\ProgramData\MFAData2014-01-06 16:55 - 2010-06-08 21:13 - 00000000 ____D C:\BestCase2014-01-06 16:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat2014-01-06 16:54 - 2014-01-03 19:57 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Pefeubxe2014-01-06 16:54 - 2014-01-03 19:34 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Lufuduov2014-01-06 16:54 - 2014-01-03 19:12 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Gyepky2014-01-06 16:54 - 2014-01-03 18:39 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Migeed2014-01-06 16:54 - 2014-01-03 17:48 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Ryqyinn2014-01-06 16:54 - 2014-01-03 17:25 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Iqarfypa2014-01-06 16:54 - 2014-01-03 17:23 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Appuuwa2014-01-06 16:54 - 2014-01-03 17:17 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Yntyyti2014-01-06 16:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration2014-01-06 16:52 - 2013-12-29 17:45 - 00000000 ____D C:\ProgramData\Package Cache2014-01-06 16:52 - 2013-12-29 17:44 - 00000000 ____D C:\Program Files (x86)\Plex Home Theater2014-01-06 16:52 - 2013-12-27 19:55 - 00000000 ____D C:\Program Files (x86)\Free YouTube Downloader2014-01-06 16:52 - 2013-12-23 18:47 - 00000000 ____D C:\ProgramData\Battle.net2014-01-06 16:52 - 2013-12-21 21:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2014-01-06 16:52 - 2013-11-29 14:09 - 00000000 ____D C:\Users\Roxanne\AppData\Roaming\LG Electronics2014-01-06 16:52 - 2013-10-13 09:21 - 00000000 ____D C:\Users\Roxanne\AppData\Roaming\AVG20132014-01-06 16:52 - 2013-10-13 09:20 - 00000000 ____D C:\Users\Roxanne\AppData\Roaming\Motorola2014-01-06 16:52 - 2013-09-02 08:37 - 00000000 ____D C:\Program Files\Windows Live2014-01-06 16:52 - 2013-08-15 12:39 - 00000000 ____D C:\Users\Scott\Documents\Fax2014-01-06 16:52 - 2013-06-05 18:04 - 00000000 ____D C:\Users\Scott\Documents\My Games2014-01-06 16:52 - 2013-06-05 17:43 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation2014-01-06 16:52 - 2013-04-29 18:14 - 00000000 ____D C:\Users\Scott\AppData\Local\IR2014-01-06 16:52 - 2013-04-29 18:12 - 00000000 ____D C:\Program Files (x86)\Belkin2014-01-06 16:52 - 2013-04-07 12:57 - 00000000 ____D C:\Users\Scott\AppData\Local\SWTOR2014-01-06 16:52 - 2013-04-07 11:11 - 00000000 ____D C:\Users\Scott\Downloads\swtor2014-01-06 16:52 - 2013-03-24 18:21 - 00000000 ____D C:\Program Files (x86)\FamilySearch Indexing2014-01-06 16:52 - 2013-03-12 13:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight2014-01-06 16:52 - 2013-03-12 13:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2014-01-06 16:52 - 2013-02-08 19:53 - 00000000 ____D C:\Users\Xander\AppData\Roaming\AVG20132014-01-06 16:52 - 2012-10-14 05:59 - 00000000 ____D C:\Users\Xander\AppData\Roaming\.minecraft2014-01-06 16:52 - 2012-10-14 05:54 - 00000000 ____D C:\Users\Xander\AppData\Roaming\Mozilla2014-01-06 16:52 - 2012-10-14 05:54 - 00000000 ____D C:\Users\Xander\AppData\Local\Mozilla2014-01-06 16:52 - 2012-10-14 05:52 - 00000000 ___RD C:\Users\Xander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-01-06 16:52 - 2012-10-14 05:52 - 00000000 ____D C:\Users\Xander\AppData\Roaming\Motorola2014-01-06 16:52 - 2012-10-14 05:52 - 00000000 ____D C:\Users\Xander\AppData\Roaming\DigitalPersona2014-01-06 16:52 - 2010-02-28 09:18 - 00000000 __RHD C:\MSOCache2014-01-06 16:46 - 2014-01-06 16:46 - 00000000 ____D C:\ProgramData\Recovery2014-01-04 20:13 - 2012-03-26 18:50 - 00000000 ___HD C:\$AVG2014-01-04 19:43 - 2012-08-23 06:24 - 00009330 _____ C:\Users\Scott\AppData\Roaming\Comma Separated Values (Windows).EML2014-01-03 21:35 - 2010-10-31 19:18 - 00000000 ____D C:\Users\Scott\Documents\Outlook Files2014-01-03 18:27 - 2014-01-03 17:58 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Awitryu2014-01-03 18:27 - 2014-01-03 17:57 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Byipowyr2014-01-03 18:27 - 2014-01-03 17:54 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Awukzo2014-01-03 18:27 - 2014-01-03 17:51 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Fiolvuoh2014-01-03 18:27 - 2014-01-03 17:43 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Deagampa2014-01-03 18:27 - 2014-01-03 17:42 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Kaxygeo2014-01-03 18:27 - 2014-01-03 17:38 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Umamuke2014-01-03 18:27 - 2014-01-03 17:35 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Yqyksysy2014-01-03 18:27 - 2014-01-03 17:32 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Ixirdo2014-01-03 18:27 - 2014-01-03 17:30 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Worikuy2014-01-03 18:27 - 2014-01-03 17:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Ebkuadiv2014-01-03 18:27 - 2014-01-03 17:25 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Fizoydis2014-01-03 18:27 - 2014-01-03 17:22 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Umhoiv2014-01-03 18:27 - 2014-01-03 17:19 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Epolvywa2014-01-03 18:27 - 2014-01-03 17:17 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Atzyyq2014-01-03 18:27 - 2014-01-03 17:14 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Ofdobo2014-01-03 18:27 - 2014-01-03 17:11 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Qiazpepi2014-01-03 18:27 - 2014-01-03 17:09 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Ohehfua2014-01-03 18:27 - 2014-01-03 17:06 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Pyuboc2014-01-03 17:44 - 2014-01-03 17:44 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Malwarebytes2014-01-03 17:43 - 2014-01-03 17:43 - 00000000 ____D C:\ProgramData\Malwarebytes2014-01-03 16:43 - 2010-06-09 07:53 - 00000000 ____D C:\Users\Scott\Documents\BK2014-01-03 15:57 - 2014-01-03 15:53 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Ekivavpy2014-01-03 11:35 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\system32\FxsTmp2014-01-03 11:26 - 2014-01-03 11:26 - 00012326 _____ C:\Users\Scott\AppData\Local\ftahroxe2014-01-03 11:25 - 2014-01-03 11:25 - 00067992 _____ C:\Users\Scott\AppData\Local\mmgootcb2014-01-03 11:24 - 2014-01-03 11:24 - 00000000 _____ C:\Users\Scott\AppData\Roaming\SharedSettings.ccs2014-01-03 07:47 - 2010-08-07 18:08 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001Core.job2014-01-02 20:32 - 2013-05-10 08:45 - 00002285 _____ C:\Windows\BESTCWND.INI2014-01-02 20:32 - 2009-08-11 09:25 - 00002370 _____ C:\Windows\bestcase.ini2014-01-02 20:08 - 2013-05-10 08:45 - 00000188 _____ C:\Windows\BestCOpn.ini2014-01-01 16:17 - 2014-01-01 16:17 - 548713398 _____ C:\Windows\MEMORY.DMP2014-01-01 16:17 - 2014-01-01 16:17 - 01370592 _____ C:\Windows\Minidump\010114-39031-01.dmp2014-01-01 16:17 - 2010-06-09 06:47 - 00000000 ____D C:\Windows\Minidump2013-12-31 20:48 - 2010-06-08 21:29 - 00000000 ____D C:\ECF2013-12-30 22:31 - 2013-04-29 18:24 - 00000000 ____D C:\Users\Scott\Documents\@TVTimeShift2013-12-30 21:09 - 2013-04-29 18:24 - 03517297 _____ C:\Users\Scott\AppData\Local\Tempchannel_logos.zip2013-12-30 20:03 - 2011-12-29 21:13 - 00000000 ____D C:\Users\Scott\Desktop\Professorships2013-12-30 19:45 - 2013-12-30 19:45 - 00000000 ____D C:\Windows\Sun2013-12-30 10:21 - 2013-12-30 10:21 - 00709934 _____ C:\Users\Scott\Downloads\smsfromlucasdeleon7026281155 (1).zip2013-12-30 10:05 - 2013-12-30 10:04 - 00000022 _____ C:\Users\Scott\Downloads\smsfromlucasdeleon7026281155.zip2013-12-29 17:47 - 2013-12-29 17:47 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Plex Home Theater2013-12-29 17:43 - 2013-12-29 17:42 - 60419104 _____ C:\Users\Scott\Downloads\PlexHomeTheater-1.0.7.169-303ab8cc-windows-x86.exe2013-12-28 20:50 - 2013-01-12 21:02 - 00000000 ____D C:\Users\Scott\AppData\Roaming\HandBrake2013-12-28 20:29 - 2010-06-09 18:00 - 00000000 ____D C:\Users\Scott\Desktop\Converted2013-12-28 17:36 - 2013-12-28 17:36 - 00005051 _____ C:\Users\Scott\Downloads\ScorchTrials-56047.odm2013-12-28 17:25 - 2013-12-28 17:25 - 00004950 _____ C:\Users\Scott\Downloads\BreakingDawn9780739367704.odm2013-12-28 17:25 - 2013-12-28 17:25 - 00004850 _____ C:\Users\Scott\Downloads\Eclipse9780739361009.odm2013-12-28 16:51 - 2013-12-28 16:51 - 01233962 _____ C:\Users\Scott\Downloads\adwcleaner.exe2013-12-27 20:46 - 2012-05-05 12:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2013-12-27 19:27 - 2012-07-29 11:35 - 00000000 _____ C:\Windows\SysWOW64\mswinsck32.ocx2013-12-27 16:29 - 2010-06-08 18:13 - 00000000 ___HD C:\Users\Scott\AppData\Local\Mozilla2013-12-27 14:44 - 2013-12-27 14:44 - 10558760 _____ C:\Users\Scott\Downloads\SetupAnyDVD7390.exe2013-12-26 22:27 - 2013-12-26 22:27 - 00011953 _____ C:\Users\Scott\Downloads\national_expense_standards.xlsx2013-12-26 22:27 - 2013-12-26 22:27 - 00009388 _____ C:\Users\Scott\Downloads\national_oop_healthcare.xlsx2013-12-25 19:09 - 2013-12-23 18:47 - 00000000 ____D C:\Program Files (x86)\World of Warcraft2013-12-24 21:00 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD2013-12-24 13:48 - 2010-06-09 07:57 - 00000000 ____D C:\Users\Scott\Documents\DRS personal2013-12-23 22:59 - 2013-12-23 22:59 - 00000000 ____D C:\Users\Scott\AppData\Local\Blizzard Entertainment2013-12-23 18:46 - 2013-12-23 18:46 - 83293072 _____ (Blizzard Entertainment) C:\Users\Scott\Downloads\World-of-Warcraft-Setup-enUS (1).exe2013-12-23 18:43 - 2013-12-23 18:43 - 83293072 _____ (Blizzard Entertainment) C:\Users\Scott\Downloads\World-of-Warcraft-Setup-enUS.exe2013-12-22 13:12 - 2012-02-26 18:07 - 00000000 ____D C:\Users\Scott\Documents\Cubs2013-12-21 15:37 - 2013-12-21 15:37 - 00006774 _____ C:\Users\Scott\Downloads\HarryPotterandtheChamberofSecretsUS.odm2013-12-21 15:33 - 2013-12-21 15:33 - 00009161 _____ C:\Users\Scott\Downloads\MemoryofLight.odm2013-12-21 15:33 - 2013-12-21 15:33 - 00006483 _____ C:\Users\Scott\Downloads\EyeoftheWorldWheelofTimeSeriesBook01-56627.odm2013-12-21 15:29 - 2013-12-21 15:29 - 00004730 _____ C:\Users\Scott\Downloads\NewMoon0739348302.odm2013-12-21 15:27 - 2013-12-21 15:27 - 00003491 _____ C:\Users\Scott\Downloads\Hobbit9781405629423.odm2013-12-18 19:14 - 2013-12-18 19:14 - 00005627 _____ C:\Users\Scott\Downloads\LostGate9781441771674.odm2013-12-17 17:38 - 2010-08-28 12:50 - 00000000 ____D C:\Users\Scott\Documents\IRS2013-12-15 07:16 - 2013-12-15 07:16 - 00005182 _____ C:\Users\Scott\Downloads\0743572769-1495.odm2013-12-14 22:30 - 2013-08-05 02:05 - 00000000 ____D C:\Windows\system32\MRT2013-12-14 22:27 - 2010-07-02 07:29 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2013-12-12 17:55 - 2010-08-07 19:21 - 00000000 ____D C:\Program Files (x86)\Google2013-12-12 09:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache2013-12-11 17:10 - 2009-07-13 20:45 - 00423008 _____ C:\Windows\system32\FNTCACHE.DAT2013-12-11 16:41 - 2010-02-28 09:19 - 00000000 ____D C:\ProgramData\Microsoft Help2013-12-11 13:45 - 2012-04-12 19:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-12-11 13:45 - 2012-04-12 19:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2013-12-11 13:45 - 2011-05-14 10:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-12-10 13:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF2013-12-08 22:33 - 2013-04-29 18:24 - 00000000 ____D C:\Users\Scott\Documents\My @TV Recordings2013-12-08 07:42 - 2010-08-07 18:08 - 00003882 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001UA2013-12-08 07:42 - 2010-08-07 18:08 - 00003486 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001Core Files to move or delete:====================C:\Users\Scott\jobq.dat Some content of TEMP:====================C:\Users\Scott\AppData\Local\Temp\78503uninstall.exeC:\Users\Scott\AppData\Local\Temp\@TVSoftware.exeC:\Users\Scott\AppData\Local\Temp\handbrake-setup.exeC:\Users\Scott\AppData\Local\Temp\i4jdel0.exeC:\Users\Scott\AppData\Local\Temp\instmsia.exeC:\Users\Scott\AppData\Local\Temp\instmsiw.exeC:\Users\Scott\AppData\Local\Temp\ISSetup.dllC:\Users\Scott\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exeC:\Users\Scott\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exeC:\Users\Scott\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exeC:\Users\Scott\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exeC:\Users\Scott\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exeC:\Users\Scott\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exeC:\Users\Scott\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exeC:\Users\Scott\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exeC:\Users\Scott\AppData\Local\Temp\Quarantine.exeC:\Users\Scott\AppData\Local\Temp\Setup.exeC:\Users\Scott\AppData\Local\Temp\Sqlite3.dllC:\Users\Scott\AppData\Local\Temp\WindowsInstaller-KB893803-x86.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-30 00:55 ==================== End Of Log ============================
- January 7, 2014
- 26 replies
Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Man of Leisure replied to Man of Leisure's topic in Resolved Malware Removal Logs

Eset Log C:\AdwCleaner\Quarantine\C\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\vot1f0vw.default\Extensions\50a7255c5f6a8@50a7255c5f6e1.com\content\bg.js.vir Win32/Adware.MultiPlug.H application C:\Users\Scott\AppData\Local\Temp\is1244477948\218494828_Setup.EXE Win32/OpenCandy application
- January 7, 2014
- 26 replies
Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Man of Leisure replied to Man of Leisure's topic in Resolved Malware Removal Logs

Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.06.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Scott :: RIVENDELL [administrator] Protection: Enabled 1/6/2014 7:51:51 PM MBAM-log-2014-01-06 (20-10-44).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 335510 Time elapsed: 16 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Scott\Downloads\Updater_Setup.exe (PUP.Optional.iBryte) -> No action taken. (end)
- January 7, 2014
- 26 replies
Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Man of Leisure replied to Man of Leisure's topic in Resolved Malware Removal Logs

# AdwCleaner v3.016 - Report created 06/01/2014 at 19:43:42 # Updated 23/12/2013 by Xplode # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) # Username : Scott - RIVENDELL # Running from : C:\Users\Scott\Downloads\AdwCleaner (1).exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Download and Sa Folder Deleted : C:\ProgramData\Premium Folder Deleted : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar Folder Deleted : C:\Users\Scott\AppData\Roaming\OpenCandy Folder Deleted : C:\Users\Roxanne\AppData\Local\Temp\boost_interprocess Folder Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\vot1f0vw.default\Extensions\50a7255c5f6a8@50a7255c5f6e1.com Folder Deleted : C:\Users\Roxanne\AppData\Roaming\Mozilla\Firefox\Profiles\tn182bt5.default\Extensions\staged Folder Deleted : C:\Users\Xander\AppData\Roaming\Mozilla\Firefox\Profiles\zu6urqrt.default\Extensions\staged File Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\vot1f0vw.default\searchplugins\Mysearchdial.xml File Deleted : C:\Users\Roxanne\AppData\Roaming\Mozilla\Firefox\Profiles\tn182bt5.default\searchplugins\Mysearchdial.xml File Deleted : C:\Users\Xander\AppData\Roaming\Mozilla\Firefox\Profiles\zu6urqrt.default\searchplugins\Mysearchdial.xml File Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\vot1f0vw.default\searchplugins\WebSearch.xml File Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\vot1f0vw.default\user.js File Deleted : C:\Users\Roxanne\AppData\Roaming\Mozilla\Firefox\Profiles\tn182bt5.default\user.js File Deleted : C:\Users\Xander\AppData\Roaming\Mozilla\Firefox\Profiles\zu6urqrt.default\user.js File Deleted : C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage File Deleted : C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\daalnacchhlkibknjogbcpnggjoagnie Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_8e4eb48d Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Key Deleted : HKCU\Software\AVG SafeGuard toolbar Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\SProtector Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\Software\SP Global Key Deleted : HKLM\Software\SProtector ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page] Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page] Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page] -\\ Mozilla Firefox v26.0 (en-US) [ File : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\vot1f0vw.default\prefs.js ] Line Deleted : user_pref("aol_toolbar.default.homepage.check", false); Line Deleted : user_pref("aol_toolbar.default.search.check", false); Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial"); Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch"); Line Deleted : user_pref("browser.search.order.1", "WebSearch"); Line Deleted : user_pref("browser.search.order.1,S", "WebSearch"); Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial"); Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch"); Line Deleted : user_pref("extensions.50a7255c5f753.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement(\"script\");[...] Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0); Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Line Deleted : user_pref("extensions.mysearchdial.aflt", "irmsd1202"); Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}"); Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0CzztD0A0AzyzyyDtBtD0D0D0FtDtAzytN0D0Tzu0CyBtByBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R"); Line Deleted : user_pref("extensions.mysearchdial.cr", "218193065"); Line Deleted : user_pref("extensions.mysearchdial.dfltLng", ""); Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true); Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true); Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false); Line Deleted : user_pref("extensions.mysearchdial.hmpg", true); Line Deleted : user_pref("extensions.mysearchdial.id", "C80AA99520DDF039"); Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16066"); Line Deleted : user_pref("extensions.mysearchdial.instlRef", ""); Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial"); Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial"); Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial"); Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base"); Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0"); Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0"); Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true); Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false); Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none"); Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.019:54:45"); Line Deleted : user_pref("quickstores.toolbar.affid", ""); Line Deleted : user_pref("quickstores.toolbar.guid", ""); Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", ""); [ File : C:\Users\Roxanne\AppData\Roaming\Mozilla\Firefox\Profiles\tn182bt5.default\prefs.js ] Line Deleted : user_pref("aol_toolbar.default.homepage.check", false); Line Deleted : user_pref("aol_toolbar.default.search.check", false); Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0); Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", ""); Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial"); Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial"); [ File : C:\Users\Xander\AppData\Roaming\Mozilla\Firefox\Profiles\zu6urqrt.default\prefs.js ] Line Deleted : user_pref("aol_toolbar.default.homepage.check", false); Line Deleted : user_pref("aol_toolbar.default.search.check", false); Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0); Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", ""); Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial"); Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial"); -\\ Google Chrome v [ File : C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [14148 octets] - [28/12/2013 16:52:51] AdwCleaner[R1].txt - [15569 octets] - [06/01/2014 19:36:58] AdwCleaner[s0].txt - [14264 octets] - [06/01/2014 19:43:42] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [14325 octets] ##########
- January 7, 2014
- 26 replies
Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Man of Leisure replied to Man of Leisure's topic in Resolved Malware Removal Logs

Not being very successful with step 4. I downloaded JRT on my desktop. I right click and run as administrator. It appears a window opens but immediately closes. So fast I can't tell wht it is, then nothing. I believe it is not running, but is being shut down as fast as it opens. Is there something I can do to get it to work?
- January 7, 2014
- 26 replies
Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Man of Leisure replied to Man of Leisure's topic in Resolved Malware Removal Logs

And system log ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16476 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 6230491136, free: 1852313600 ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16476 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 6230491136, free: 1905111040 Downloaded database version: v2014.01.06.09Downloaded database version: v2013.12.18.01=======================================Initializing...------------ Kernel report ------------ 01/06/2014 17:07:37------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\DRIVERS\MpFilter.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\system32\DRIVERS\hpdskflt.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\avgrkx64.sys\SystemRoot\system32\DRIVERS\avgloga.sys\SystemRoot\system32\DRIVERS\avgmfx64.sys\SystemRoot\system32\DRIVERS\avgidsha.sys\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\avgtdia.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\Drivers\ElbyCDIO.sys\SystemRoot\system32\DRIVERS\dvmio.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\ctxusbm.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\avgidsdrivera.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\atikmpag.sys\SystemRoot\system32\DRIVERS\atikmdag.sys\SystemRoot\system32\DRIVERS\igdpmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\DRIVERS\NETw5s64.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\System32\Drivers\AnyDVD.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\Impcd.sys\SystemRoot\system32\DRIVERS\Accelerometer.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\drivers\SndTAudio.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\HAVATV.sys\SystemRoot\system32\DRIVERS\STREAM.SYS\SystemRoot\system32\DRIVERS\HavaTV_10.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\appliand.sys\SystemRoot\system32\DRIVERS\rdpbus.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\DRIVERS\circlass.sys\SystemRoot\system32\DRIVERS\havabus.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\AtiHdmi.sys\SystemRoot\system32\DRIVERS\stwrt64.sys\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\system32\DRIVERS\WinUSB.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\drivers\hidusb.sys\SystemRoot\system32\drivers\HIDCLASS.SYS\SystemRoot\system32\drivers\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\LEqdUsb.Sys\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\LHidEqd.Sys\SystemRoot\system32\DRIVERS\LHidFilt.Sys\SystemRoot\system32\DRIVERS\LMouFilt.Sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\DRIVERS\NisDrvWFP.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\System32\drivers\rdpdr.sys\SystemRoot\system32\drivers\tdtcp.sys\SystemRoot\System32\DRIVERS\tssecsrv.sys\SystemRoot\System32\Drivers\RDPWD.SYS\SystemRoot\system32\drivers\spsys.sys\SystemRoot\system32\DRIVERS\asyncmac.sys\SystemRoot\System32\ATMFD.DLL\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8006b5c060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8006838050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8006b5c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8006b5cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8006b5c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa80069d7b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\DevicePointer: 0xfffffa8006838050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 4CB80527 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 928456704 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 928866304 Numsec = 47693824 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 976560128 Numsec = 210992 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Infected: C:\Users\Scott\AppData\Roaming\Kouvywaf\wywookv.exe --> [Trojan.Zbot.FBD]Infected: C:\Users\Scott\AppData\Local\Temp\{DEE761F1-73E7-815C-63B7-3BC505044307}\Addons\aol_checker.exe --> [Trojan.Agent.H]Scan finishedCreating System Restore point...Cleaning up...Removal scheduling successful. System shutdown needed.System shutdown occurred======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...Removal finished---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16476 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 6230491136, free: 4290691072 =======================================---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16476 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 6230491136, free: 4269789184 =======================================Initializing...------------ Kernel report ------------ 01/06/2014 17:48:57------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\System32\drivers\imofugc.sys\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\DRIVERS\MpFilter.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\system32\DRIVERS\hpdskflt.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\avgrkx64.sys\SystemRoot\system32\DRIVERS\avgloga.sys\SystemRoot\system32\DRIVERS\avgmfx64.sys\SystemRoot\system32\DRIVERS\avgidsha.sys\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\avgtdia.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\Drivers\ElbyCDIO.sys\SystemRoot\system32\DRIVERS\dvmio.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\ctxusbm.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\avgidsdrivera.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\atikmpag.sys\SystemRoot\system32\DRIVERS\atikmdag.sys\SystemRoot\system32\DRIVERS\igdpmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\DRIVERS\NETw5s64.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\System32\Drivers\AnyDVD.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\Impcd.sys\SystemRoot\system32\DRIVERS\Accelerometer.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\drivers\SndTAudio.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\HAVATV.sys\SystemRoot\system32\DRIVERS\STREAM.SYS\SystemRoot\system32\DRIVERS\HavaTV_10.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\appliand.sys\SystemRoot\system32\DRIVERS\rdpbus.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\DRIVERS\circlass.sys\SystemRoot\system32\DRIVERS\havabus.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\AtiHdmi.sys\SystemRoot\system32\DRIVERS\stwrt64.sys\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\system32\DRIVERS\WinUSB.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\drivers\hidusb.sys\SystemRoot\system32\drivers\HIDCLASS.SYS\SystemRoot\system32\drivers\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\LEqdUsb.Sys\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\LHidEqd.Sys\SystemRoot\system32\DRIVERS\LHidFilt.Sys\SystemRoot\system32\DRIVERS\LMouFilt.Sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\DRIVERS\NisDrvWFP.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\System32\drivers\rdpdr.sys\SystemRoot\system32\drivers\tdtcp.sys\SystemRoot\System32\DRIVERS\tssecsrv.sys\SystemRoot\System32\Drivers\RDPWD.SYS\??\C:\Windows\system32\drivers\mbam.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\SystemRoot\system32\drivers\spsys.sys\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8006b5c060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8006829050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8006b5c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8006b5cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8006b5c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa80069dab10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\DevicePointer: 0xfffffa8006829050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 4CB80527 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 928456704 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 928866304 Numsec = 47693824 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 976560128 Numsec = 210992 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Scan finished======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...Removal finished---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16476 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 6230491136, free: 1852313600 ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16476 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 6230491136, free: 1905111040 Downloaded database version: v2014.01.06.09Downloaded database version: v2013.12.18.01=======================================Initializing...------------ Kernel report ------------ 01/06/2014 17:07:37------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\DRIVERS\MpFilter.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\system32\DRIVERS\hpdskflt.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\avgrkx64.sys\SystemRoot\system32\DRIVERS\avgloga.sys\SystemRoot\system32\DRIVERS\avgmfx64.sys\SystemRoot\system32\DRIVERS\avgidsha.sys\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\avgtdia.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\Drivers\ElbyCDIO.sys\SystemRoot\system32\DRIVERS\dvmio.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\ctxusbm.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\avgidsdrivera.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\atikmpag.sys\SystemRoot\system32\DRIVERS\atikmdag.sys\SystemRoot\system32\DRIVERS\igdpmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\DRIVERS\NETw5s64.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\System32\Drivers\AnyDVD.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\Impcd.sys\SystemRoot\system32\DRIVERS\Accelerometer.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\drivers\SndTAudio.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\HAVATV.sys\SystemRoot\system32\DRIVERS\STREAM.SYS\SystemRoot\system32\DRIVERS\HavaTV_10.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\appliand.sys\SystemRoot\system32\DRIVERS\rdpbus.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\DRIVERS\circlass.sys\SystemRoot\system32\DRIVERS\havabus.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\AtiHdmi.sys\SystemRoot\system32\DRIVERS\stwrt64.sys\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\system32\DRIVERS\WinUSB.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\drivers\hidusb.sys\SystemRoot\system32\drivers\HIDCLASS.SYS\SystemRoot\system32\drivers\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\LEqdUsb.Sys\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\LHidEqd.Sys\SystemRoot\system32\DRIVERS\LHidFilt.Sys\SystemRoot\system32\DRIVERS\LMouFilt.Sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\DRIVERS\NisDrvWFP.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\System32\drivers\rdpdr.sys\SystemRoot\system32\drivers\tdtcp.sys\SystemRoot\System32\DRIVERS\tssecsrv.sys\SystemRoot\System32\Drivers\RDPWD.SYS\SystemRoot\system32\drivers\spsys.sys\SystemRoot\system32\DRIVERS\asyncmac.sys\SystemRoot\System32\ATMFD.DLL\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8006b5c060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8006838050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8006b5c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8006b5cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8006b5c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa80069d7b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\DevicePointer: 0xfffffa8006838050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 4CB80527 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 928456704 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 928866304 Numsec = 47693824 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 976560128 Numsec = 210992 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Infected: C:\Users\Scott\AppData\Roaming\Kouvywaf\wywookv.exe --> [Trojan.Zbot.FBD]Infected: C:\Users\Scott\AppData\Local\Temp\{DEE761F1-73E7-815C-63B7-3BC505044307}\Addons\aol_checker.exe --> [Trojan.Agent.H]Scan finishedCreating System Restore point...Cleaning up...Removal scheduling successful. System shutdown needed.System shutdown occurred======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...Removal finished---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16476 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 6230491136, free: 4290691072 =======================================---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16476 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 6230491136, free: 4269789184 =======================================Initializing...------------ Kernel report ------------ 01/06/2014 17:48:57------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\System32\drivers\imofugc.sys\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\DRIVERS\MpFilter.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\system32\DRIVERS\hpdskflt.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\avgrkx64.sys\SystemRoot\system32\DRIVERS\avgloga.sys\SystemRoot\system32\DRIVERS\avgmfx64.sys\SystemRoot\system32\DRIVERS\avgidsha.sys\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\avgtdia.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\Drivers\ElbyCDIO.sys\SystemRoot\system32\DRIVERS\dvmio.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\ctxusbm.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\avgidsdrivera.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\atikmpag.sys\SystemRoot\system32\DRIVERS\atikmdag.sys\SystemRoot\system32\DRIVERS\igdpmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\DRIVERS\NETw5s64.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\System32\Drivers\AnyDVD.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\Impcd.sys\SystemRoot\system32\DRIVERS\Accelerometer.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\drivers\SndTAudio.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\HAVATV.sys\SystemRoot\system32\DRIVERS\STREAM.SYS\SystemRoot\system32\DRIVERS\HavaTV_10.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\appliand.sys\SystemRoot\system32\DRIVERS\rdpbus.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\DRIVERS\circlass.sys\SystemRoot\system32\DRIVERS\havabus.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\AtiHdmi.sys\SystemRoot\system32\DRIVERS\stwrt64.sys\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\system32\DRIVERS\WinUSB.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\drivers\hidusb.sys\SystemRoot\system32\drivers\HIDCLASS.SYS\SystemRoot\system32\drivers\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\LEqdUsb.Sys\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\LHidEqd.Sys\SystemRoot\system32\DRIVERS\LHidFilt.Sys\SystemRoot\system32\DRIVERS\LMouFilt.Sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\DRIVERS\NisDrvWFP.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\System32\drivers\rdpdr.sys\SystemRoot\system32\drivers\tdtcp.sys\SystemRoot\System32\DRIVERS\tssecsrv.sys\SystemRoot\System32\Drivers\RDPWD.SYS\??\C:\Windows\system32\drivers\mbam.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\SystemRoot\system32\drivers\spsys.sys\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8006b5c060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8006829050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8006b5c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8006b5cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8006b5c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa80069dab10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\DevicePointer: 0xfffffa8006829050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 4CB80527 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 928456704 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 928866304 Numsec = 47693824 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 976560128 Numsec = 210992 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Scan finished======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...Removal finished
- January 7, 2014
- 26 replies
Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Man of Leisure replied to Man of Leisure's topic in Resolved Malware Removal Logs

2nd scan (please note it found nothing but malware is still there) moving on to next step from your post Malwarebytes Anti-Rootkit BETA 1.07.0.1008 www.malwarebytes.org Database version: v2014.01.06.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Scott :: RIVENDELL [administrator] 1/6/2014 5:49:05 PM mbar-log-2014-01-06 (17-49-05).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 335576 Time elapsed: 30 minute(s), 48 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end)
- January 7, 2014
- 26 replies
Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Man of Leisure replied to Man of Leisure's topic in Resolved Malware Removal Logs

Thanks for helping me with this. First scan with MBAR Malwarebytes Anti-Rootkit BETA 1.07.0.1008www.malwarebytes.org Database version: v2014.01.06.09 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476Scott :: RIVENDELL [administrator] 1/6/2014 5:07:45 PMmbar-log-2014-01-06 (17-07-45).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 335693Time elapsed: 34 minute(s), 46 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 2C:\Users\Scott\AppData\Roaming\Kouvywaf\wywookv.exe (Trojan.Zbot.FBD) -> Delete on reboot.C:\Users\Scott\AppData\Local\Temp\{DEE761F1-73E7-815C-63B7-3BC505044307}\Addons\aol_checker.exe (Trojan.Agent.H) -> Delete on reboot. Physical Sectors Detected: 0(No malicious items detected) (end)
- January 7, 2014
- 26 replies
Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Man of Leisure replied to Man of Leisure's topic in Resolved Malware Removal Logs

. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 6/8/2010 5:59:34 PM System Uptime: 1/4/2014 8:29:44 PM (0 hours ago) . Motherboard: Hewlett-Packard | | 144B Processor: Intel® Core i5 CPU M 520 @ 2.40GHz | CPU | 2400/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 443 GiB total, 309.712 GiB free. D: is FIXED (NTFS) - 23 GiB total, 3.319 GiB free. E: is FIXED (FAT32) - 0 GiB total, 0.088 GiB free. F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Description: HP Integrated Module with Bluetooth 2.1 Wireless Technology Device ID: USB\VID_03F0&PID_231D\6&2D7E1374&0&6 Manufacturer: Broadcom Name: HP Integrated Module with Bluetooth 2.1 Wireless Technology PNP Device ID: USB\VID_03F0&PID_231D\6&2D7E1374&0&6 Service: BTHUSB . Class GUID: {3f966bd9-fa04-4ec5-991c-d326973b5128} Description: Android Composite ADB Interface Device ID: ROOT\ANDROIDUSBDEVICECLASS\0000 Manufacturer: Google, Inc. Name: Android Composite ADB Interface PNP Device ID: ROOT\ANDROIDUSBDEVICECLASS\0000 Service: WinUSB . Class GUID: {feb8d079-0681-11d4-9531-0060089abc08} Description: Motorola Flash Interface Device ID: ROOT\MOTUSB\0000 Manufacturer: Motorola Inc Name: Motorola Flash Interface PNP Device ID: ROOT\MOTUSB\0000 Service: MotDev . Class GUID: {feb8d079-0681-11d4-9531-0060089abc08} Description: Motorola Flash Interface Device ID: ROOT\MOTUSB\0001 Manufacturer: Motorola Inc Name: Motorola Flash Interface PNP Device ID: ROOT\MOTUSB\0001 Service: MotDev . ==== System Restore Points =================== . RP667: 1/3/2014 8:11:10 AM - Windows Update RP668: 1/4/2014 8:12:04 PM - Removed AVG 2013 RP669: 1/4/2014 8:13:49 PM - Removed AVG 2013 . ==== Image File Execution Options ============= . . ==== Installed Programs ====================== . . ==== End Of File ===========================
- January 5, 2014
- 26 replies
Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Man of Leisure replied to Man of Leisure's topic in Resolved Malware Removal Logs

Pondus, I dounloaded DDS but it only gives me one log, not two. I get the attach log, but not the DDS log. Do you have any advice?
- January 5, 2014
- 26 replies

Sign In

Man of Leisure

Posts

Joined

Last visited

Reputation

Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information