Jump to content

Unknown nasty - IP 206.161.121.3 being blocked - scans all clear


Recommended Posts

Hi

I appear to have hit a bit of brick wall with tryiong to get rid of whatever nasty has infected the computer.

What is happening is Malwarebytes keeps blocking potentially malicious websites, Type: Outgoing The IP addresses are of the following type:

206.161.121.3

94.102.51.238

When I scan the Computer it shows as all clean regardless of the AV I use.

I've attached a copy of dds.txt and attach.txt.

Many thanks for your help in this

attach.txt

dds.txt

Link to post
Share on other sites

Hello MBAndC and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log

Link to post
Share on other sites

Thanks.

Here is the log file from MalwareBytes:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.22.11

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Stephen :: GILL [administrator]

Protection: Enabled

22/07/2012 23:55:31

mbam-log-2012-07-22 (23-55-31).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 237735

Time elapsed: 3 minute(s),

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Thanks!

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Please don't attach your log files:

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Driver::
IDFZHE

File::
c:\Documents and Settings\Stephen\Local Settings\Temp\IDFZHE.exe

Mia::
c:\windows\system32\drivers\i8042prt.sys

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Hi Maniac,

Sorry for the misunderstanding. When I saw that there was an undate for combofix I cancelled the running of the script and downloaded the updated version of Combofix from the link previously in this thread. I then ran the script which ran for 16 hours before I had to cancel it.

I can now attached the Hard Drive to another machine and turn it into a large USB key, would this help?

Link to post
Share on other sites

Tried again in Safe Mode twice. Both times the program crashed.

I then replaced the file c:\windows\system32\drivers\i8042prt.sys from a clean source.

I then altered the CFScript to the following:

KillAll::

Driver::

IDFZHE

File::

c:\Documents and Settings\Stephen\Local Settings\Temp\IDFZHE.exe

Mia::

JavaClearCache::

I ran the CFScript with Combofix again in Safe Mode and this time the program completed it's run.

Here is the Log File:

ComboFix 12-07-25.04 - Stephen 28/07/2012 10:25:49.9.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1253.30.1033.18.2013.1579 [GMT 1:00]

Running from: c:\documents and settings\Stephen\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Stephen\Desktop\CFScript.txt

AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

FILE ::

"c:\documents and settings\Stephen\Local Settings\Temp\IDFZHE.exe"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-- Previous Run --

.

-- Previous Run --

.

-- Previous Run --

.

c:\windows\system32\drivers\i8042prt.sys . . . is missing!!

.

--------

.

c:\windows\system32\drivers\i8042rpt.sys . . . is missing!!

.

c:\windows\system32\drivers\i8042prt.sys . . . is missing!!

.

--------

.

c:\windows\system32\drivers\i8042rpt.sys . . . is missing!!

.

c:\windows\system32\drivers\i8042prt.sys . . . is missing!!

.

--------

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_IDFZHE

-------\Service_IDFZHE

.

.

((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))

.

.

2012-07-28 08:57 . 2008-04-14 12:00 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys

2012-07-28 08:57 . 2008-04-14 12:00 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2012-07-21 18:16 . 2012-07-21 18:16 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\Sun

2012-07-21 07:57 . 2012-07-21 07:57 -------- d-----w- c:\program files\Common Files\Java

2012-07-21 07:56 . 2012-07-21 07:56 -------- d-----w- c:\program files\Oracle

2012-07-21 07:56 . 2012-07-21 07:56 -------- d-----w- c:\documents and settings\Stephen\Application Data\Oracle

2012-07-21 07:56 . 2012-07-05 21:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-07-20 23:31 . 2012-07-20 23:31 388096 ----a-r- c:\documents and settings\Stephen\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-20 23:31 . 2012-07-20 23:31 -------- d-----w- c:\program files\Trend Micro

2012-07-20 23:27 . 2012-07-20 23:27 -------- d-----w- c:\documents and settings\Stephen\Application Data\AVG2012

2012-07-20 23:21 . 2012-07-21 08:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2012-07-20 23:21 . 2012-07-20 23:21 -------- d-----w- C:\$AVG

2012-07-17 11:01 . 2012-07-17 11:01 -------- d-----w- c:\documents and settings\Stephen\Application Data\pdfforge

2012-07-17 11:01 . 2012-07-05 12:02 81920 ----a-w- c:\windows\system32\pdfcmon.dll

2012-07-17 11:01 . 2012-07-17 11:02 -------- d-----w- c:\program files\PDFCreator

2012-07-17 11:01 . 1998-07-06 00:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL

2012-07-17 11:00 . 2012-07-17 11:01 -------- d-----w- c:\program files\Notepad++

2012-07-17 11:00 . 2012-07-17 11:01 -------- d-----w- c:\documents and settings\Stephen\Application Data\Notepad++

2012-07-17 11:00 . 2012-07-17 11:00 -------- d-----w- c:\program files\FileZilla FTP Client

2012-07-17 11:00 . 2012-07-17 11:00 -------- d-----w- c:\program files\7-Zip

2012-07-17 11:00 . 2012-06-14 22:20 85472 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2012-07-17 10:44 . 2012-07-17 10:44 -------- d-----w- c:\documents and settings\Stephen\Application Data\Malwarebytes

2012-07-10 18:03 . 2012-07-10 18:03 -------- d-----w- c:\program files\AVG

2012-07-10 18:02 . 2012-07-10 18:02 -------- d-----w- c:\program files\FileHippo.com

2012-07-10 17:41 . 2012-07-10 17:41 3584 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe

2012-07-10 17:41 . 2012-07-10 17:41 -------- d-----w- c:\program files\Windows Installer Clean Up

2012-07-10 17:40 . 2012-07-10 17:40 -------- d-----w- c:\program files\MSECACHE

2012-07-10 14:56 . 2012-07-10 14:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2012-07-10 14:55 . 2012-07-10 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-07-10 14:55 . 2012-07-17 11:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-10 14:55 . 2012-07-03 12:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-10 14:46 . 2012-07-10 14:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2012-07-10 13:21 . 2012-07-10 00:50 61 ----a-w- c:\program files\Common Files\cc.bat

2012-07-04 13:05 . 2012-07-04 13:05 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2012-07-04 12:08 . 2012-07-04 12:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search

2012-07-04 11:47 . 2012-07-04 11:47 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2012-07-04 11:32 . 2012-07-04 11:32 -------- d-----w- c:\documents and settings\Catherine\Local Settings\Application Data\GoCommunicator

2012-07-04 11:32 . 2012-07-04 11:32 -------- d-----w- c:\documents and settings\Catherine\Application Data\GoCommunicator

2012-07-04 10:14 . 2012-07-04 11:19 -------- d-----w- c:\windows\system32\NtmsData

2012-07-04 07:50 . 2012-07-10 14:24 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\GoCommunicator

2012-07-04 07:50 . 2012-07-04 07:50 -------- d-----w- c:\documents and settings\Stephen\Application Data\GoCommunicator

2012-07-04 07:50 . 2012-07-04 07:50 -------- d-----w- c:\documents and settings\All Users\Application Data\GoCommunicator

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-05 21:07 . 2009-06-13 15:14 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-07-05 21:06 . 2010-07-04 13:55 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-13 13:29 . 2008-04-25 16:16 1875072 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50 . 2008-04-25 16:16 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2008-04-25 16:16 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2008-04-25 16:16 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 14:19 . 2008-10-16 13:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 14:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 14:19 . 2008-04-25 21:27 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 14:19 . 2008-04-25 21:27 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 14:19 . 2008-04-25 21:27 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 14:19 . 2008-10-16 13:09 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 14:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 14:19 . 2008-04-25 21:27 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 14:19 . 2008-04-25 21:27 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 14:19 . 2008-04-25 16:16 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 14:19 . 2008-10-16 13:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 14:19 . 2008-04-25 21:27 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 14:19 . 2008-04-25 21:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 14:18 . 2009-06-19 15:04 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-02 14:18 . 2009-06-19 15:04 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 14:18 . 2008-10-16 13:07 214256 ----a-w- c:\windows\system32\muweb.dll

2012-05-31 13:22 . 2008-04-25 16:16 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\system32\GPhotos.scr

2012-05-16 15:08 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 14:42 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec

2012-05-04 13:24 . 2008-04-25 16:16 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:41 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46 . 2008-04-25 21:26 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-14 22:20 . 2012-07-17 11:00 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"MplSetUp"="c:\program files\RMClient\MplSetUp.exe" [2000-11-03 40960]

"JobHisInit"="c:\program files\RMClient\JobHisInit.exe" [2004-03-17 151552]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"8169Diag"="c:\program files\Realtek\Diagnostics Utility\8169Diag.exe" [2008-02-26 909312]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"BBUpdate"=2 (0x2)

"BBSvc"=2 (0x2)

"AntiVirService"=2 (0x2)

"AntiVirSchedulerService"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Documents and Settings\\Stephen\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

.

S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys --> c:\windows\system32\DRIVERS\avgidshx.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17/01/2011 11:29 136176]

S2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [13/06/2009 16:14 8960]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys --> c:\windows\system32\DRIVERS\avgidsshimx.sys [?]

S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [13/06/2009 16:14 11264]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [17/01/2011 11:29 136176]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [14/06/2009 01:01 110080]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/07/2012 15:55 22344]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [10/07/2012 15:59 113120]

S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [13/06/2009 16:14 16640]

S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/07/2012 15:55 655944]

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-17 10:29]

.

2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-17 10:29]

.

2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2577878092-2697942953-1708410126-1005Core.job

- c:\documents and settings\Stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-05 10:54]

.

2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2577878092-2697942953-1708410126-1005UA.job

- c:\documents and settings\Stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-05 10:54]

.

.

------- Supplementary Scan -------

.

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

DPF: {F0DDF1F8-0CAD-4A90-9F15-41D22234A4EA} - hxxps://lloydslink.online.lloydstsb.com/thinlink/cabfiles/tcalnk32.cab

FF - ProfilePath - c:\documents and settings\Stephen\Application Data\Mozilla\Firefox\Profiles\pes6m7qd.default\

FF - user.js: -

FF - user.js: network.http.accept-encoding -

FF - user.js: secnetwork.http.accept-encodingurity.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-28 11:50

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2012-07-28 12:05:29 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-28 11:05

.

Pre-Run: 230,898,380,800 bytes free

Post-Run: 230,886,002,688 bytes free

.

- - End Of File - - BF2C1B8BA635F7EB36CB2D909637D01D

Link to post
Share on other sites

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *i8042prt*


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 17:11 on 30/07/2012 by Stephen

Administrator - Elevation successful

========== filefind ==========

Searching for "*i8042prt*"

C:\cmdcons\I8042PRT.SY_ --a---- 26025 bytes [22:14 03/08/2004] [22:14 03/08/2004] 819D427AB9DBE6AC2960A585087CB766

C:\I386\I8042PRT.SY_ --a---- 26045 bytes [16:11 25/04/2008] [12:00 14/04/2008] 154711EFD90752614F99C49A17B4F821

C:\Program Files\Dell\DBRM\osmedia\I386\I8042PRT.SY_ --a---- 26045 bytes [00:01 14/06/2009] [09:00 14/04/2008] 154711EFD90752614F99C49A17B4F821

C:\WINDOWS\system32\dllcache\i8042prt.sys --a--c- 52480 bytes [08:57 28/07/2012] [12:00 14/04/2008] 4A0B06AA8943C1E332520F7440C0AA30

C:\WINDOWS\system32\drivers\i8042prt.sys --a---- 52480 bytes [08:57 28/07/2012] [12:00 14/04/2008] 4A0B06AA8943C1E332520F7440C0AA30

-= EOF =-

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

FCopy::
C:\WINDOWS\system32\dllcache\i8042prt.sys | C:\WINDOWS\system32\drivers\i8042prt.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

ComboFix 12-07-25.04 - Stephen 30/07/2012 23:07:59.11.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1253.30.1033.18.2013.1684 [GMT 1:00]

Running from: c:\documents and settings\Stephen\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Stephen\Desktop\CFScript.txt

AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

--------------- FCopy ---------------

.

c:\windows\system32\dllcache\i8042prt.sys --> c:\windows\system32\drivers\i8042prt.sys

.

((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))

.

.

2012-07-28 08:57 . 2008-04-14 12:00 52480 -c----w- c:\windows\system32\dllcache\i8042prt.sys

2012-07-28 08:57 . 2008-04-14 12:00 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2012-07-21 18:16 . 2012-07-21 18:16 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\Sun

2012-07-21 07:57 . 2012-07-21 07:57 -------- d-----w- c:\program files\Common Files\Java

2012-07-21 07:56 . 2012-07-21 07:56 -------- d-----w- c:\program files\Oracle

2012-07-21 07:56 . 2012-07-21 07:56 -------- d-----w- c:\documents and settings\Stephen\Application Data\Oracle

2012-07-21 07:56 . 2012-07-05 21:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-07-20 23:31 . 2012-07-20 23:31 388096 ----a-r- c:\documents and settings\Stephen\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-20 23:31 . 2012-07-20 23:31 -------- d-----w- c:\program files\Trend Micro

2012-07-20 23:27 . 2012-07-20 23:27 -------- d-----w- c:\documents and settings\Stephen\Application Data\AVG2012

2012-07-20 23:21 . 2012-07-21 08:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2012-07-20 23:21 . 2012-07-20 23:21 -------- d-----w- C:\$AVG

2012-07-17 11:01 . 2012-07-17 11:01 -------- d-----w- c:\documents and settings\Stephen\Application Data\pdfforge

2012-07-17 11:01 . 2012-07-05 12:02 81920 ----a-w- c:\windows\system32\pdfcmon.dll

2012-07-17 11:01 . 2012-07-17 11:02 -------- d-----w- c:\program files\PDFCreator

2012-07-17 11:01 . 1998-07-06 00:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL

2012-07-17 11:00 . 2012-07-17 11:01 -------- d-----w- c:\program files\Notepad++

2012-07-17 11:00 . 2012-07-17 11:01 -------- d-----w- c:\documents and settings\Stephen\Application Data\Notepad++

2012-07-17 11:00 . 2012-07-17 11:00 -------- d-----w- c:\program files\FileZilla FTP Client

2012-07-17 11:00 . 2012-07-17 11:00 -------- d-----w- c:\program files\7-Zip

2012-07-17 11:00 . 2012-06-14 22:20 85472 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2012-07-17 10:44 . 2012-07-17 10:44 -------- d-----w- c:\documents and settings\Stephen\Application Data\Malwarebytes

2012-07-10 18:03 . 2012-07-10 18:03 -------- d-----w- c:\program files\AVG

2012-07-10 18:02 . 2012-07-10 18:02 -------- d-----w- c:\program files\FileHippo.com

2012-07-10 17:41 . 2012-07-10 17:41 3584 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe

2012-07-10 17:41 . 2012-07-10 17:41 -------- d-----w- c:\program files\Windows Installer Clean Up

2012-07-10 17:40 . 2012-07-10 17:40 -------- d-----w- c:\program files\MSECACHE

2012-07-10 14:56 . 2012-07-10 14:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2012-07-10 14:55 . 2012-07-10 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-07-10 14:55 . 2012-07-17 11:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-10 14:55 . 2012-07-03 12:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-10 14:46 . 2012-07-10 14:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2012-07-10 13:21 . 2012-07-10 00:50 61 ----a-w- c:\program files\Common Files\cc.bat

2012-07-04 13:05 . 2012-07-04 13:05 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2012-07-04 12:08 . 2012-07-04 12:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search

2012-07-04 11:47 . 2012-07-04 11:47 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2012-07-04 11:32 . 2012-07-04 11:32 -------- d-----w- c:\documents and settings\Catherine\Local Settings\Application Data\GoCommunicator

2012-07-04 11:32 . 2012-07-04 11:32 -------- d-----w- c:\documents and settings\Catherine\Application Data\GoCommunicator

2012-07-04 10:14 . 2012-07-04 11:19 -------- d-----w- c:\windows\system32\NtmsData

2012-07-04 07:50 . 2012-07-10 14:24 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\GoCommunicator

2012-07-04 07:50 . 2012-07-04 07:50 -------- d-----w- c:\documents and settings\Stephen\Application Data\GoCommunicator

2012-07-04 07:50 . 2012-07-04 07:50 -------- d-----w- c:\documents and settings\All Users\Application Data\GoCommunicator

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-05 21:07 . 2009-06-13 15:14 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-07-05 21:06 . 2010-07-04 13:55 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-13 13:29 . 2008-04-25 16:16 1875072 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50 . 2008-04-25 16:16 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2008-04-25 16:16 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2008-04-25 16:16 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 14:19 . 2008-10-16 13:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 14:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 14:19 . 2008-04-25 21:27 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 14:19 . 2008-04-25 21:27 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 14:19 . 2008-04-25 21:27 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 14:19 . 2008-10-16 13:09 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 14:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 14:19 . 2008-04-25 21:27 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 14:19 . 2008-04-25 21:27 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 14:19 . 2008-04-25 16:16 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 14:19 . 2008-10-16 13:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 14:19 . 2008-04-25 21:27 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 14:19 . 2008-04-25 21:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 14:18 . 2009-06-19 15:04 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-02 14:18 . 2009-06-19 15:04 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 14:18 . 2008-10-16 13:07 214256 ----a-w- c:\windows\system32\muweb.dll

2012-05-31 13:22 . 2008-04-25 16:16 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\system32\GPhotos.scr

2012-05-16 15:08 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 14:42 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec

2012-05-04 13:24 . 2008-04-25 16:16 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:41 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46 . 2008-04-25 21:26 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-14 22:20 . 2012-07-17 11:00 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"MplSetUp"="c:\program files\RMClient\MplSetUp.exe" [2000-11-03 40960]

"JobHisInit"="c:\program files\RMClient\JobHisInit.exe" [2004-03-17 151552]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"8169Diag"="c:\program files\Realtek\Diagnostics Utility\8169Diag.exe" [2008-02-26 909312]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"BBUpdate"=2 (0x2)

"BBSvc"=2 (0x2)

"AntiVirService"=2 (0x2)

"AntiVirSchedulerService"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Documents and Settings\\Stephen\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

.

S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys --> c:\windows\system32\DRIVERS\avgidshx.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17/01/2011 11:29 136176]

S2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [13/06/2009 16:14 8960]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys --> c:\windows\system32\DRIVERS\avgidsshimx.sys [?]

S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [13/06/2009 16:14 11264]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [17/01/2011 11:29 136176]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [14/06/2009 01:01 110080]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/07/2012 15:55 22344]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [10/07/2012 15:59 113120]

S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [13/06/2009 16:14 16640]

S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/07/2012 15:55 655944]

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-17 10:29]

.

2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-17 10:29]

.

2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2577878092-2697942953-1708410126-1005Core.job

- c:\documents and settings\Stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-05 10:54]

.

2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2577878092-2697942953-1708410126-1005UA.job

- c:\documents and settings\Stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-05 10:54]

.

.

------- Supplementary Scan -------

.

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

DPF: {F0DDF1F8-0CAD-4A90-9F15-41D22234A4EA} - hxxps://lloydslink.online.lloydstsb.com/thinlink/cabfiles/tcalnk32.cab

FF - ProfilePath - c:\documents and settings\Stephen\Application Data\Mozilla\Firefox\Profiles\pes6m7qd.default\

FF - user.js: -

FF - user.js: network.http.accept-encoding -

FF - user.js: secnetwork.http.accept-encodingurity.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-30 23:53

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1740)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\jscript.dll

c:\windows\system32\Macromed\Flash\Flash10b.ocx

.

Completion time: 2012-07-31 00:08:55 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-30 23:08

ComboFix2.txt 2012-07-30 17:20

ComboFix3.txt 2012-07-28 11:05

.

Pre-Run: 230,864,224,256 bytes free

Post-Run: 230,853,541,888 bytes free

.

- - End Of File - - 02C1B2E0A8232A7EF89195D59F5C5427

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=1f8613e791480b4c92682bed087e9f9a

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-07-31 11:29:27

# local_time=2012-07-31 12:29:27 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 904840 904840 0 0

# compatibility_mode=8192 67108863 100 0 179 179 0 0

# scanned=80725

# found=3

# cleaned=3

# scan_time=2221

C:\Documents and Settings\Stephen\Application Data\Sun\Java\Deployment\cache\6.0\2\24426282-340f9ba2 Java/TrojanDownloader.Agent.NDR trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Stephen\Application Data\Sun\Java\Deployment\cache\6.0\62\ce4527e-793dcd1a multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Stephen\My Documents\Dropbox\MBC ALL\Utils\PDFCreator-1_4_2_setup.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, then click Remove JRE.
  • Run the built-in uninstallers for all copies of java listed
  • Click the Next button
  • Click the Next button again
  • Click the Java Manual Download link
  • A browser window will open with the Java download page
  • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your system's version)
  • Run the installer
  • Close JavaRa

Link to post
Share on other sites

d: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}

Found and removed: Software\Classes\JavaPlugin.160_20

Found and removed: Software\JavaSoft

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\JavaPlugin

Found and removed: SOFTWARE\Classes\JavaPlugin.160_20

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.6.0.0

Found and removed: SOFTWARE\JavaSoft

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\JAVA_SUN

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Jul 31 14:36:33 2012

Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

------------------------------------

Finished reporting.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.